/* print.c
* Routines for printing packet analysis trees.
*
- * $Id$
- *
* Gilbert Ramirez <gram@alumni.rice.edu>
*
* Wireshark - Network traffic analyzer
#include <stdio.h>
#include <string.h>
-#include <glib.h>
-#include <glib/gprintf.h>
-
+#include <epan/packet.h>
#include <epan/epan.h>
#include <epan/epan_dissect.h>
#include <epan/to_str.h>
-#include <epan/tvbuff.h>
-#include <epan/packet.h>
-#include <ftypes/ftypes-int.h>
-#include <epan/emem.h>
#include <epan/expert.h>
-
-#include <epan/packet-range.h>
-#include "print.h"
-#include "ps.h"
-#include "version_info.h"
-#include <wsutil/file_util.h>
+#include <epan/column-info.h>
+#include <epan/color_filters.h>
+#include <epan/prefs.h>
+#include <epan/print.h>
#include <epan/charsets.h>
-#include <epan/dissectors/packet-data.h>
-#include <epan/dissectors/packet-frame.h>
#include <wsutil/filesystem.h>
+#include <ws_version_info.h>
+#include <wsutil/utf8_entities.h>
+#include <ftypes/ftypes-int.h>
#define PDML_VERSION "0"
#define PSML_VERSION "0"
print_dissections_e print_dissections;
gboolean print_hex_for_data;
packet_char_enc encoding;
- epan_dissect_t *edt;
+ GHashTable *output_only_tables; /* output only these protocols */
} print_data;
typedef struct {
int level;
FILE *fh;
GSList *src_list;
- epan_dissect_t *edt;
+ gchar **filter;
+ pf_flags filter_flags;
} write_pdml_data;
+typedef struct {
+ int level;
+ FILE *fh;
+ GSList *src_list;
+ gchar **filter;
+ pf_flags filter_flags;
+ gboolean print_hex;
+ gboolean print_text;
+ proto_node_children_grouper_func node_children_grouper;
+} write_json_data;
+
typedef struct {
output_fields_t *fields;
epan_dissect_t *edt;
} write_field_data_t;
struct _output_fields {
- gboolean print_header;
- gchar separator;
- gchar occurrence;
- gchar aggregator;
- GPtrArray *fields;
- GHashTable *field_indicies;
- GPtrArray **field_values;
- gchar quote;
- gboolean includes_col_fields;
+ gboolean print_bom;
+ gboolean print_header;
+ gchar separator;
+ gchar occurrence;
+ gchar aggregator;
+ GPtrArray *fields;
+ GHashTable *field_indicies;
+ GPtrArray **field_values;
+ gchar quote;
+ gboolean includes_col_fields;
};
-GHashTable *output_only_tables = NULL;
-
-static gboolean write_headers = FALSE;
-
-static const gchar *get_field_hex_value(GSList *src_list, field_info *fi);
+static gchar *get_field_hex_value(GSList *src_list, field_info *fi);
static void proto_tree_print_node(proto_node *node, gpointer data);
static void proto_tree_write_node_pdml(proto_node *node, gpointer data);
+static void proto_tree_write_node_ek(proto_node *node, gpointer data);
static const guint8 *get_field_data(GSList *src_list, field_info *fi);
-static void write_pdml_field_hex_value(write_pdml_data *pdata, field_info *fi);
+static void pdml_write_field_hex_value(write_pdml_data *pdata, field_info *fi);
+static void json_write_field_hex_value(write_json_data *pdata, field_info *fi);
static gboolean print_hex_data_buffer(print_stream_t *stream, const guchar *cp,
guint length, packet_char_enc encoding);
-static void ps_clean_string(char *out, const char *in,
- int outbuf_size);
+static void write_specified_fields(fields_format format,
+ output_fields_t *fields,
+ epan_dissect_t *edt, column_info *cinfo,
+ FILE *fh);
static void print_escaped_xml(FILE *fh, const char *unescaped_string);
-
-static void print_pdml_geninfo(proto_tree *tree, FILE *fh);
+static void print_escaped_json(FILE *fh, const char *unescaped_string);
+static void print_escaped_ek(FILE *fh, const char *unescaped_string);
+
+typedef void (*proto_node_value_writer)(proto_node *, write_json_data *);
+static void write_json_proto_node_list(GSList *proto_node_list_head, write_json_data *data);
+static void write_json_proto_node(GSList *node_values_head,
+ const char *suffix,
+ proto_node_value_writer value_writer,
+ write_json_data *data);
+static void write_json_proto_node_value_list(GSList *node_values_head,
+ proto_node_value_writer value_writer,
+ write_json_data *data);
+static void write_json_proto_node_filtered(proto_node *node, write_json_data *data);
+static void write_json_proto_node_hex_dump(proto_node *node, write_json_data *data);
+static void write_json_proto_node_children(proto_node *node, write_json_data *data);
+static void write_json_proto_node_value(proto_node *node, write_json_data *data);
+static void write_json_proto_node_no_value(proto_node *node, write_json_data *data);
+static const char *proto_node_to_json_key(proto_node *node);
+
+static void print_pdml_geninfo(epan_dissect_t *edt, FILE *fh);
static void proto_tree_get_node_field_values(proto_node *node, gpointer data);
-static FILE *
-open_print_dest(gboolean to_file, const char *dest)
-{
- FILE *fh;
-
- /* Open the file or command for output */
- if (to_file)
- fh = ws_fopen(dest, "w");
- else
- fh = popen(dest, "w");
+static gboolean json_is_first;
- return fh;
-}
+/* Cache the protocols and field handles that the print functionality needs
+ This helps break explicit dependency on the dissectors. */
+static int proto_data = -1;
+static int proto_frame = -1;
-static gboolean
-close_print_dest(gboolean to_file, FILE *fh)
+void print_cache_field_handles(void)
{
- /* Close the file or command */
- if (to_file)
- return (fclose(fh) == 0);
- else
- return (pclose(fh) == 0);
+ proto_data = proto_get_id_by_short_name("Data");
+ proto_frame = proto_get_id_by_short_name("Frame");
}
-#define MAX_PS_LINE_LENGTH 256
-
gboolean
-proto_tree_print(print_args_t *print_args, epan_dissect_t *edt,
+proto_tree_print(print_dissections_e print_dissections, gboolean print_hex,
+ epan_dissect_t *edt, GHashTable *output_only_tables,
print_stream_t *stream)
{
print_data data;
data.success = TRUE;
data.src_list = edt->pi.data_src;
data.encoding = (packet_char_enc)edt->pi.fd->flags.encoding;
- data.print_dissections = print_args->print_dissections;
+ data.print_dissections = print_dissections;
/* If we're printing the entire packet in hex, don't
print uninterpreted data fields in hex as well. */
- data.print_hex_for_data = !print_args->print_hex;
- data.edt = edt;
+ data.print_hex_for_data = !print_hex;
+ data.output_only_tables = output_only_tables;
proto_tree_children_foreach(edt->tree, proto_tree_print_node, &data);
return data.success;
}
-#define MAX_INDENT 160
-
/* Print a tree's data, and any child nodes. */
static void
proto_tree_print_node(proto_node *node, gpointer data)
g_assert(fi);
/* Don't print invisible entries. */
- if (PROTO_ITEM_IS_HIDDEN(node))
+ if (PROTO_ITEM_IS_HIDDEN(node) && (prefs.display_hidden_proto_items == FALSE))
return;
/* Give up if we've already gotten an error. */
* subitems whose abbreviation doesn't match the protocol--for example
* text items (whose abbreviation is simply "text").
*/
- if ((output_only_tables != NULL) && (pdata->level == 0)
- && (g_hash_table_lookup(output_only_tables, fi->hfinfo->abbrev) == NULL)) {
+ if ((pdata->output_only_tables != NULL) && (pdata->level == 0)
+ && (g_hash_table_lookup(pdata->output_only_tables, fi->hfinfo->abbrev) == NULL)) {
return;
}
write_pdml_preamble(FILE *fh, const gchar *filename)
{
time_t t = time(NULL);
- char *ts = asctime(localtime(&t));
+ struct tm * timeinfo;
+ char *fmt_ts;
+ const char *ts;
- ts[strlen(ts)-1] = 0; /* overwrite \n */
+ /* Create the output */
+ timeinfo = localtime(&t);
+ if (timeinfo != NULL) {
+ fmt_ts = asctime(timeinfo);
+ fmt_ts[strlen(fmt_ts)-1] = 0; /* overwrite \n */
+ ts = fmt_ts;
+ } else
+ ts = "Not representable";
+
+ fprintf(fh, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n");
+ fprintf(fh, "<?xml-stylesheet type=\"text/xsl\" href=\"" PDML2HTML_XSL "\"?>\n");
+ fprintf(fh, "<!-- You can find " PDML2HTML_XSL " in %s or at https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=" PDML2HTML_XSL ". -->\n", get_datafile_dir());
+ fprintf(fh, "<pdml version=\"" PDML_VERSION "\" creator=\"%s/%s\" time=\"%s\" capture_file=\"", PACKAGE, VERSION, ts);
+ if (filename) {
+ /* \todo filename should be converted to UTF-8. */
+ print_escaped_xml(fh, filename);
+ }
+ fprintf(fh, "\">\n");
+}
- fputs("<?xml version=\"1.0\"?>\n", fh);
- fputs("<?xml-stylesheet type=\"text/xsl\" href=\"" PDML2HTML_XSL "\"?>\n", fh);
- fprintf(fh, "<!-- You can find " PDML2HTML_XSL " in %s or at http://anonsvn.wireshark.org/trunk/wireshark/" PDML2HTML_XSL ". -->\n", get_datafile_dir());
- fputs("<pdml version=\"" PDML_VERSION "\" ", fh);
- fprintf(fh, "creator=\"%s/%s\" time=\"%s\" capture_file=\"%s\">\n", PACKAGE, VERSION, ts, filename ? filename : "");
+/* Check if the str match the protocolfilter. json_filter is space
+ delimited string and str need to exact-match to one of the value. */
+static gboolean check_protocolfilter(gchar **protocolfilter, const char *str)
+{
+ gboolean res = FALSE;
+ gchar **ptr;
+
+ if (str == NULL || protocolfilter == NULL) {
+ return FALSE;
+ }
+
+ for (ptr = protocolfilter; *ptr; ptr++) {
+ if (strcmp(*ptr, str) == 0) {
+ res = TRUE;
+ break;
+ }
+ }
+
+ return res;
}
void
-proto_tree_write_pdml(epan_dissect_t *edt, FILE *fh)
+write_pdml_proto_tree(output_fields_t* fields, gchar **protocolfilter, pf_flags protocolfilter_flags, epan_dissect_t *edt, FILE *fh, gboolean use_color)
{
write_pdml_data data;
+ const color_filter_t *cfp = edt->pi.fd->color_filter;
- /* Create the output */
- data.level = 0;
- data.fh = fh;
- data.src_list = edt->pi.data_src;
- data.edt = edt;
+ g_assert(edt);
+ g_assert(fh);
- fprintf(fh, "<packet>\n");
+ /* Create the output */
+ if (use_color && (cfp != NULL)) {
+ fprintf(fh, "<packet foreground='#%02x%02x%02x' background='#%02x%02x%02x'>\n",
+ cfp->fg_color.red, cfp->fg_color.green, cfp->fg_color.blue,
+ cfp->bg_color.red, cfp->bg_color.green, cfp->bg_color.blue);
+ }
+ else {
+ fprintf(fh, "<packet>\n");
+ }
/* Print a "geninfo" protocol as required by PDML */
- print_pdml_geninfo(edt->tree, fh);
-
- proto_tree_children_foreach(edt->tree, proto_tree_write_node_pdml,
- &data);
+ print_pdml_geninfo(edt, fh);
+
+ if (fields == NULL || fields->fields == NULL) {
+ /* Write out all fields */
+ data.level = 0;
+ data.fh = fh;
+ data.src_list = edt->pi.data_src;
+ data.filter = protocolfilter;
+ data.filter_flags = protocolfilter_flags;
+
+ proto_tree_children_foreach(edt->tree, proto_tree_write_node_pdml,
+ &data);
+ } else {
+ /* Write out specified fields */
+ write_specified_fields(FORMAT_XML, fields, edt, NULL, fh);
+ }
fprintf(fh, "</packet>\n\n");
}
+void
+write_ek_proto_tree(output_fields_t* fields,
+ gboolean print_hex, gchar **protocolfilter,
+ pf_flags protocolfilter_flags, epan_dissect_t *edt,
+ FILE *fh)
+{
+ write_json_data data;
+ char ts[30];
+ time_t t = time(NULL);
+ struct tm *timeinfo;
+
+ g_assert(edt);
+ g_assert(fh);
+
+ /* Create the output */
+ timeinfo = localtime(&t);
+ if (timeinfo != NULL)
+ strftime(ts, sizeof ts, "%Y-%m-%d", timeinfo);
+ else
+ g_strlcpy(ts, "XXXX-XX-XX", sizeof ts); /* XXX - better way of saying "Not representable"? */
+
+ fprintf(fh, "{\"index\" : {\"_index\": \"packets-%s\", \"_type\": \"pcap_file\", \"_score\": null}}\n", ts);
+ /* Timestamp added for time indexing in Elasticsearch */
+ fprintf(fh, "{\"timestamp\" : \"%" G_GUINT64_FORMAT "%03d\", \"layers\" : {", (guint64)edt->pi.abs_ts.secs, edt->pi.abs_ts.nsecs/1000000);
+
+ if (fields == NULL || fields->fields == NULL) {
+ /* Write out all fields */
+ data.level = 0;
+ data.fh = fh;
+ data.src_list = edt->pi.data_src;
+ data.filter = protocolfilter;
+ data.filter_flags = protocolfilter_flags;
+ data.print_hex = print_hex;
+
+ proto_tree_children_foreach(edt->tree, proto_tree_write_node_ek,
+ &data);
+ } else {
+ /* Write out specified fields */
+ write_specified_fields(FORMAT_EK, fields, edt, NULL, fh);
+ }
+
+ fputs("}}\n", fh);
+}
+
+void
+write_fields_proto_tree(output_fields_t* fields, epan_dissect_t *edt, column_info *cinfo, FILE *fh)
+{
+ g_assert(edt);
+ g_assert(fh);
+
+ /* Create the output */
+ write_specified_fields(FORMAT_CSV, fields, edt, cinfo, fh);
+}
+
+/* Indent to the correct level */
+static void print_indent(int level, FILE *fh)
+{
+ int i;
+ if (fh == NULL) {
+ return;
+ }
+ for (i = 0; i < level; i++) {
+ fputs(" ", fh);
+ }
+}
+
/* Write out a tree's data, and any child nodes, as PDML */
static void
proto_tree_write_node_pdml(proto_node *node, gpointer data)
const gchar *label_ptr;
gchar label_str[ITEM_LABEL_LENGTH];
char *dfilter_string;
- size_t chop_len;
- int i;
gboolean wrap_in_fake_protocol;
/* dissection with an invisible proto tree? */
(fi->hfinfo->id == proto_data)) &&
(pdata->level == 0));
- /* Indent to the correct level */
- for (i = -1; i < pdata->level; i++) {
- fputs(" ", pdata->fh);
- }
+ print_indent(pdata->level + 1, pdata->fh);
if (wrap_in_fake_protocol) {
/* Open fake protocol wrapper */
fputs("<proto name=\"fake-field-wrapper\">\n", pdata->fh);
- /* Indent to increased level before writing out field */
- pdata->level++;
- for (i = -1; i < pdata->level; i++) {
- fputs(" ", pdata->fh);
- }
+ print_indent(pdata->level + 1, pdata->fh);
}
/* Text label. It's printed as a field with no name. */
fprintf(pdata->fh, "\" pos=\"%d", fi->start);
}
- fputs("\" value=\"", pdata->fh);
- write_pdml_field_hex_value(pdata, fi);
+ if (fi->length > 0) {
+ fputs("\" value=\"", pdata->fh);
+ pdml_write_field_hex_value(pdata, fi);
+ }
if (node->first_child != NULL) {
fputs("\">\n", pdata->fh);
/* Uninterpreted data, i.e., the "Data" protocol, is
* printed as a field instead of a protocol. */
else if (fi->hfinfo->id == proto_data) {
-
/* Write out field with data */
fputs("<field name=\"data\" value=\"", pdata->fh);
- write_pdml_field_hex_value(pdata, fi);
+ pdml_write_field_hex_value(pdata, fi);
fputs("\">\n", pdata->fh);
}
/* Normal protocols and fields */
print_escaped_xml(pdata->fh, label_ptr);
}
- if (PROTO_ITEM_IS_HIDDEN(node))
+ if (PROTO_ITEM_IS_HIDDEN(node) && (prefs.display_hidden_proto_items == FALSE))
fprintf(pdata->fh, "\" hide=\"yes");
fprintf(pdata->fh, "\" size=\"%d", fi->length);
fputs("\" show=\"\" value=\"", pdata->fh);
break;
default:
- /* XXX - this is a hack until we can just call
- * fvalue_to_string_repr() for *all* FT_* types. */
- dfilter_string = proto_construct_match_selected_string(fi,
- pdata->edt);
+ dfilter_string = fvalue_to_string_repr(NULL, &fi->value, FTREPR_DISPLAY, fi->hfinfo->display);
if (dfilter_string != NULL) {
- chop_len = strlen(fi->hfinfo->abbrev) + 4; /* for " == " */
-
- /* XXX - Remove double-quotes. Again, once we
- * can call fvalue_to_string_repr(), we can
- * ask it not to produce the version for
- * display-filters, and thus, no
- * double-quotes. */
- if (dfilter_string[strlen(dfilter_string)-1] == '"') {
- dfilter_string[strlen(dfilter_string)-1] = '\0';
- chop_len++;
- }
fputs("\" show=\"", pdata->fh);
- print_escaped_xml(pdata->fh, &dfilter_string[chop_len]);
+ print_escaped_xml(pdata->fh, dfilter_string);
}
+ wmem_free(NULL, dfilter_string);
/*
* XXX - should we omit "value" for any fields?
case FT_UINT16:
case FT_UINT24:
case FT_UINT32:
- case FT_BOOLEAN:
fprintf(pdata->fh, "%X", fvalue_get_uinteger(&fi->value));
break;
+ case FT_INT40:
+ case FT_INT48:
+ case FT_INT56:
case FT_INT64:
+ fprintf(pdata->fh, "%" G_GINT64_MODIFIER "X", fvalue_get_sinteger64(&fi->value));
+ break;
+ case FT_UINT40:
+ case FT_UINT48:
+ case FT_UINT56:
case FT_UINT64:
- g_fprintf(pdata->fh, "%" G_GINT64_MODIFIER "X",
- fvalue_get_integer64(&fi->value));
+ case FT_BOOLEAN:
+ fprintf(pdata->fh, "%" G_GINT64_MODIFIER "X", fvalue_get_uinteger64(&fi->value));
break;
default:
g_assert_not_reached();
}
fputs("\" unmaskedvalue=\"", pdata->fh);
- write_pdml_field_hex_value(pdata, fi);
+ pdml_write_field_hex_value(pdata, fi);
}
else {
- write_pdml_field_hex_value(pdata, fi);
+ pdml_write_field_hex_value(pdata, fi);
}
}
}
}
}
- /* We always print all levels for PDML. Recurse here. */
+ /* We print some levels for PDML. Recurse here. */
if (node->first_child != NULL) {
- pdata->level++;
- proto_tree_children_foreach(node,
- proto_tree_write_node_pdml, pdata);
- pdata->level--;
+ if (pdata->filter == NULL || check_protocolfilter(pdata->filter, fi->hfinfo->abbrev)) {
+ gchar **_filter = NULL;
+ /* Remove protocol filter for children, if children should be included */
+ if ((pdata->filter_flags&PF_INCLUDE_CHILDREN) == PF_INCLUDE_CHILDREN) {
+ _filter = pdata->filter;
+ pdata->filter = NULL;
+ }
+
+ pdata->level++;
+ proto_tree_children_foreach(node,
+ proto_tree_write_node_pdml, pdata);
+ pdata->level--;
+
+ /* Put protocol filter back */
+ if ((pdata->filter_flags&PF_INCLUDE_CHILDREN) == PF_INCLUDE_CHILDREN) {
+ pdata->filter = _filter;
+ }
+ } else {
+ print_indent(pdata->level + 2, pdata->fh);
+
+ /* print dummy field */
+ fputs("<field name=\"filtered\" value=\"", pdata->fh);
+ print_escaped_xml(pdata->fh, fi->hfinfo->abbrev);
+ fputs("\" />\n", pdata->fh);
+ }
}
/* Take back the extra level we added for fake wrapper protocol */
}
if (node->first_child != NULL) {
- /* Indent to correct level */
- for (i = -1; i < pdata->level; i++) {
- fputs(" ", pdata->fh);
- }
+ print_indent(pdata->level + 1, pdata->fh);
+
/* Close off current element */
/* Data and expert "protocols" use simple tags */
if ((fi->hfinfo->id != proto_data) && (fi->hfinfo->id != proto_expert)) {
}
}
+void
+write_json_preamble(FILE *fh)
+{
+ fputs("[\n", fh);
+ json_is_first = TRUE;
+}
+
+void
+write_json_finale(FILE *fh)
+{
+ fputs("\n\n]\n", fh);
+}
+
+void
+write_json_proto_tree(output_fields_t* fields,
+ print_dissections_e print_dissections,
+ gboolean print_hex, gchar **protocolfilter,
+ pf_flags protocolfilter_flags, epan_dissect_t *edt,
+ proto_node_children_grouper_func node_children_grouper,
+ FILE *fh)
+{
+ char ts[30];
+ time_t t = time(NULL);
+ struct tm * timeinfo;
+ write_json_data data;
+
+ if (!json_is_first) {
+ fputs("\n\n ,\n", fh);
+ } else {
+ json_is_first = FALSE;
+ }
+
+ timeinfo = localtime(&t);
+ if (timeinfo != NULL) {
+ strftime(ts, sizeof ts, "%Y-%m-%d", timeinfo);
+ } else {
+ g_strlcpy(ts, "XXXX-XX-XX", sizeof ts); /* XXX - better way of saying "Not representable"? */
+ }
+
+ fputs(" {\n", fh);
+ fprintf(fh, " \"_index\": \"packets-%s\",\n", ts);
+ fputs(" \"_type\": \"pcap_file\",\n", fh);
+ fputs(" \"_score\": null,\n", fh);
+ fputs(" \"_source\": {\n", fh);
+ fputs(" \"layers\": ", fh);
+
+ if (fields == NULL || fields->fields == NULL) {
+ /* Write out all fields */
+ data.level = 3;
+ data.fh = fh;
+ data.src_list = edt->pi.data_src;
+ data.filter = protocolfilter;
+ data.filter_flags = protocolfilter_flags;
+ data.print_hex = print_hex;
+ data.print_text = TRUE;
+ if (print_dissections == print_dissections_none) {
+ data.print_text = FALSE;
+ }
+ data.node_children_grouper = node_children_grouper;
+
+ write_json_proto_node_children(edt->tree, &data);
+ } else {
+ write_specified_fields(FORMAT_JSON, fields, edt, NULL, fh);
+ }
+
+ fputs("\n", fh);
+ fputs(" }\n", fh);
+ fputs(" }", fh);
+}
+
+/**
+ * Write a json object containing a list of key:value pairs where each key:value pair corresponds to a different json
+ * key and its associated nodes in the proto_tree.
+ * @param proto_node_list_head A 2-dimensional list containing a list of values for each different node json key. The
+ * elements themselves are a linked list of values associated with the same json key.
+ * @param data json writing metadata
+ */
+static void
+write_json_proto_node_list(GSList *proto_node_list_head, write_json_data *data)
+{
+ GSList *current_node = proto_node_list_head;
+
+ fputs("{\n", data->fh);
+ data->level++;
+
+ /*
+ * In most of the following if statements we cannot be sure if its the first or last if statement to be
+ * executed. Thus we need a way of knowing whether a key:value pair has already been printed in order to know
+ * if a comma should be printed before the next key:value pair. We use the delimiter_needed variable to store
+ * whether a comma needs to be written before a new key:value pair is written. Note that instead of checking
+ * before writing a new key:value pair if a comma is needed we could also check after writing a key:value pair
+ * whether a comma is needed but this would be considerably more complex since after each if statement a
+ * different condition would have to be checked. After the first value is written a delimiter is always needed so
+ * this value is never set back to FALSE after it has been set to TRUE.
+ */
+ gboolean delimiter_needed = FALSE;
+
+ // Loop over each list of nodes (differentiated by json key) and write the associated json key:value pair in the
+ // output.
+ while (current_node != NULL) {
+ // Get the list of values for the current json key.
+ GSList *node_values_list = (GSList *) current_node->data;
+
+ // Retrieve the json key from the first value.
+ proto_node *first_value = (proto_node *) node_values_list->data;
+ const char *json_key = proto_node_to_json_key(first_value);
+ // Check if the current json key is filtered from the output with the "-j" cli option.
+ gboolean is_filtered = data->filter != NULL && !check_protocolfilter(data->filter, json_key);
+
+ field_info *fi = first_value->finfo;
+ char *value_string_repr = fvalue_to_string_repr(NULL, &fi->value, FTREPR_DISPLAY, fi->hfinfo->display);
+
+ // We assume all values of a json key have roughly the same layout. Thus we can use the first value to derive
+ // attributes of all the values.
+ gboolean has_value = value_string_repr != NULL;
+ gboolean has_children = first_value->first_child != NULL;
+ gboolean is_pseudo_text_field = fi->hfinfo->id == 0;
+
+ wmem_free(NULL, value_string_repr); // fvalue_to_string_repr returns allocated buffer
+
+ // "-x" command line option. A "_raw" suffix is added to the json key so the textual value can be printed
+ // with the original json key. If both hex and text writing are enabled the raw information of fields whose
+ // length is equal to 0 is not written to the output. If the field is a special text pseudo field no raw
+ // information is written either.
+ if (data->print_hex && (!data->print_text || fi->length > 0) && !is_pseudo_text_field) {
+ if (delimiter_needed) fputs(",\n", data->fh);
+ write_json_proto_node(node_values_list, "_raw", write_json_proto_node_hex_dump, data);
+ delimiter_needed = TRUE;
+ }
+
+ if (data->print_text && has_value) {
+ if (delimiter_needed) fputs(",\n", data->fh);
+ write_json_proto_node(node_values_list, "", write_json_proto_node_value, data);
+ delimiter_needed = TRUE;
+ }
+
+ if (has_children) {
+ if (delimiter_needed) fputs(",\n", data->fh);
+
+ // If a node has both a value and a set of children we print the value and the children in separate
+ // key:value pairs. These can't have the same key so whenever a value is already printed with the node
+ // json key we print the children with the same key with a "_tree" suffix added.
+ char *suffix = has_value ? "_tree": "";
+
+ if (is_filtered) {
+ write_json_proto_node(node_values_list, suffix, write_json_proto_node_filtered, data);
+ } else {
+ // Remove protocol filter for children, if children should be included. This functionality is enabled
+ // with the "-J" command line option. We save the filter so it can be reenabled when we are done with
+ // the current key:value pair.
+ gchar **_filter = NULL;
+ if ((data->filter_flags&PF_INCLUDE_CHILDREN) == PF_INCLUDE_CHILDREN) {
+ _filter = data->filter;
+ data->filter = NULL;
+ }
+
+ write_json_proto_node(node_values_list, suffix, write_json_proto_node_children, data);
+
+ // Put protocol filter back
+ if ((data->filter_flags&PF_INCLUDE_CHILDREN) == PF_INCLUDE_CHILDREN) {
+ data->filter = _filter;
+ }
+ }
+
+ delimiter_needed = TRUE;
+ }
+
+ if (!has_value && !has_children && (data->print_text || (data->print_hex && is_pseudo_text_field))) {
+ if (delimiter_needed) fputs(",\n", data->fh);
+ write_json_proto_node(node_values_list, "", write_json_proto_node_no_value, data);
+ delimiter_needed = TRUE;
+ }
+
+ current_node = current_node->next;
+ }
+
+ data->level--;
+ fputs("\n", data->fh);
+ print_indent(data->level, data->fh);
+ fputs("}", data->fh);
+}
+
+/**
+ * Writes a single node as a key:value pair. The value_writer param can be used to specify how the node's value should
+ * be written.
+ * @param node_values_head Linked list containing all nodes associated with the same json key in this object.
+ * @param suffix Suffix that should be added to the json key.
+ * @param value_writer A function which writes the actual values of the node json key.
+ * @param data json writing metadata
+ */
+static void
+write_json_proto_node(GSList *node_values_head,
+ const char *suffix,
+ proto_node_value_writer value_writer,
+ write_json_data *data)
+{
+ // Retrieve json key from first value.
+ proto_node *first_value = (proto_node *) node_values_head->data;
+ const char *json_key = proto_node_to_json_key(first_value);
+
+ print_indent(data->level, data->fh);
+ fputs("\"", data->fh);
+ print_escaped_json(data->fh, json_key);
+ print_escaped_json(data->fh, suffix);
+ fputs("\": ", data->fh);
+
+ write_json_proto_node_value_list(node_values_head, value_writer, data);
+}
+
+/**
+ * Writes a list of values of a single json key. If multiple values are passed they are wrapped in a json array.
+ * @param node_values_head Linked list containing all values that should be written.
+ * @param value_writer Function which writes the separate values.
+ * @param data json writing metadata
+ */
+static void
+write_json_proto_node_value_list(GSList *node_values_head, proto_node_value_writer value_writer, write_json_data *data)
+{
+ GSList *current_value = node_values_head;
+
+ // Write directly if only a single value is passed. Wrap in json array otherwise.
+ if (current_value->next == NULL) {
+ value_writer((proto_node *) current_value->data, data);
+ } else {
+ fputs("[\n", data->fh);
+ data->level++;
+
+ while (current_value != NULL) {
+ // Do not print delimiter before first value
+ if (current_value != node_values_head) fputs(",\n", data->fh);
+
+ print_indent(data->level, data->fh);
+ value_writer((proto_node *) current_value->data, data);
+ current_value = current_value->next;
+ }
+
+ data->level--;
+ fputs("\n", data->fh);
+ print_indent(data->level, data->fh);
+ fputs("]", data->fh);
+ }
+}
+
+/**
+ * Writes the value for a node that's filtered from the output.
+ */
+static void
+write_json_proto_node_filtered(proto_node *node, write_json_data *data)
+{
+ const char *json_key = proto_node_to_json_key(node);
+
+ fputs("{\n", data->fh);
+ data->level++;
+
+ print_indent(data->level, data->fh);
+ fputs("\"filtered\": ", data->fh);
+ fputs("\"", data->fh);
+ print_escaped_json(data->fh, json_key);
+ fputs("\"\n", data->fh);
+
+ data->level--;
+ print_indent(data->level, data->fh);
+ fputs("}", data->fh);
+}
+
+/**
+ * Writes the hex dump of a node. A json array is written containing the hex dump, position, length, bitmask and type of
+ * the node.
+ */
+static void
+write_json_proto_node_hex_dump(proto_node *node, write_json_data *data)
+{
+ field_info *fi = node->finfo;
+
+ fputs("[\"", data->fh);
+
+ if (fi->hfinfo->bitmask!=0) {
+ switch (fi->value.ftype->ftype) {
+ case FT_INT8:
+ case FT_INT16:
+ case FT_INT24:
+ case FT_INT32:
+ fprintf(data->fh, "%X", (guint) fvalue_get_sinteger(&fi->value));
+ break;
+ case FT_UINT8:
+ case FT_UINT16:
+ case FT_UINT24:
+ case FT_UINT32:
+ fprintf(data->fh, "%X", fvalue_get_uinteger(&fi->value));
+ break;
+ case FT_INT40:
+ case FT_INT48:
+ case FT_INT56:
+ case FT_INT64:
+ fprintf(data->fh, "%" G_GINT64_MODIFIER "X", fvalue_get_sinteger64(&fi->value));
+ break;
+ case FT_UINT40:
+ case FT_UINT48:
+ case FT_UINT56:
+ case FT_UINT64:
+ case FT_BOOLEAN:
+ fprintf(data->fh, "%" G_GINT64_MODIFIER "X", fvalue_get_uinteger64(&fi->value));
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ } else {
+ json_write_field_hex_value(data, fi);
+ }
+
+ /* Dump raw hex-encoded dissected information including position, length, bitmask, type */
+ fprintf(data->fh, "\", %" G_GINT32_MODIFIER "d", fi->start);
+ fprintf(data->fh, ", %" G_GINT32_MODIFIER "d", fi->length);
+ fprintf(data->fh, ", %" G_GUINT64_FORMAT, fi->hfinfo->bitmask);
+ fprintf(data->fh, ", %" G_GINT32_MODIFIER "d", (gint32)fi->value.ftype->ftype);
+
+ fputs("]", data->fh);
+}
+
+/**
+ * Writes the children of a node. Calls write_json_proto_node_list internally which recursively writes children of nodes
+ * to the output.
+ */
+static void
+write_json_proto_node_children(proto_node *node, write_json_data *data)
+{
+ GSList *grouped_children_list = data->node_children_grouper(node);
+ write_json_proto_node_list(grouped_children_list, data);
+ g_slist_free_full(grouped_children_list, (GDestroyNotify) g_slist_free);
+}
+
+/**
+ * Writes the value of a node to the output.
+ */
+static void
+write_json_proto_node_value(proto_node *node, write_json_data *data)
+{
+ field_info *fi = node->finfo;
+ // Get the actual value of the node as a string.
+ char *value_string_repr = fvalue_to_string_repr(NULL, &fi->value, FTREPR_DISPLAY, fi->hfinfo->display);
+
+ fputs("\"", data->fh);
+ print_escaped_json(data->fh, value_string_repr);
+ fputs("\"", data->fh);
+
+ wmem_free(NULL, value_string_repr);
+}
+
+/**
+ * Write the value for a node that has no value and no children. This is the empty string for all nodes except those of
+ * type FT_PROTOCOL for which the full name is written instead.
+ */
+static void
+write_json_proto_node_no_value(proto_node *node, write_json_data *data)
+{
+ field_info *fi = node->finfo;
+
+ fputs("\"", data->fh);
+
+ if (fi->hfinfo->type == FT_PROTOCOL) {
+ if (fi->rep) {
+ print_escaped_json(data->fh, fi->rep->representation);
+ } else {
+ gchar label_str[ITEM_LABEL_LENGTH];
+ proto_item_fill_label(fi, label_str);
+ print_escaped_json(data->fh, label_str);
+ }
+ }
+
+ fputs("\"", data->fh);
+}
+
+/**
+ * Groups each child of the node separately.
+ * @return Linked list where each element is another linked list containing a single node.
+ */
+GSList *
+proto_node_group_children_by_unique(proto_node *node) {
+ GSList *unique_nodes_list = NULL;
+ proto_node *current_child = node->first_child;
+
+ while (current_child != NULL) {
+ GSList *unique_node = g_slist_prepend(NULL, current_child);
+ unique_nodes_list = g_slist_prepend(unique_nodes_list, unique_node);
+ current_child = current_child->next;
+ }
+
+ return g_slist_reverse(unique_nodes_list);
+}
+
+/**
+ * Groups the children of a node by their json key. Children are put in the same group if they have the same json key.
+ * @return Linked list where each element is another linked list of nodes associated with the same json key.
+ */
+GSList *
+proto_node_group_children_by_json_key(proto_node *node)
+{
+ /**
+ * For each different json key we store a linked list of values corresponding to that json key. These lists are kept
+ * in both a linked list and a hashmap. The hashmap is used to quickly retrieve the values of a json key. The linked
+ * list is used to preserve the ordering of keys as they are encountered which is not guaranteed when only using a
+ * hashmap.
+ */
+ GSList *same_key_nodes_list = NULL;
+ GHashTable *lookup_by_json_key = g_hash_table_new(g_str_hash, g_str_equal);
+ proto_node *current_child = node->first_child;
+
+ /**
+ * For each child of the node get the key and get the list of values already associated with that key from the
+ * hashmap. If no list exist yet for that key create a new one and add it to both the linked list and hashmap. If a
+ * list already exists add the node to that list.
+ */
+ while (current_child != NULL) {
+ char *json_key = (char *) proto_node_to_json_key(current_child);
+ GSList *json_key_nodes = (GSList *) g_hash_table_lookup(lookup_by_json_key, json_key);
+
+ if (json_key_nodes == NULL) {
+ json_key_nodes = g_slist_append(json_key_nodes, current_child);
+ // Prepending in single linked list is O(1), appending is O(n). Better to prepend here and reverse at the
+ // end than potentially looping to the end of the linked list for each child.
+ same_key_nodes_list = g_slist_prepend(same_key_nodes_list, json_key_nodes);
+ g_hash_table_insert(lookup_by_json_key, json_key, json_key_nodes);
+ } else {
+ // Store and insert value again to circumvent unused_variable warning.
+ // Append in this case since most value lists will only have a single value.
+ json_key_nodes = g_slist_append(json_key_nodes, current_child);
+ g_hash_table_insert(lookup_by_json_key, json_key, json_key_nodes);
+ }
+
+ current_child = current_child->next;
+ }
+
+ // Hash table is not needed anymore since the linked list with the correct ordering is returned.
+ g_hash_table_destroy(lookup_by_json_key);
+
+ return g_slist_reverse(same_key_nodes_list);
+}
+
+/**
+ * Returns the json key of a node. Tries to use the node's abbreviated name. If the abbreviated name is not available
+ * the representation is used instead.
+ */
+static const char *
+proto_node_to_json_key(proto_node *node)
+{
+ const char *json_key;
+ // Check if node has abbreviated name.
+ if (node->finfo->hfinfo->id != hf_text_only) {
+ json_key = node->finfo->hfinfo->abbrev;
+ } else if (node->finfo->rep != NULL) {
+ json_key = node->finfo->rep->representation;
+ } else {
+ json_key = "";
+ }
+
+ return json_key;
+}
+
+/* Write out a tree's data, and any child nodes, as JSON for EK */
+static void
+proto_tree_write_node_ek(proto_node *node, gpointer data)
+{
+ field_info *fi = PNODE_FINFO(node);
+ field_info *fi_parent = PNODE_FINFO(node->parent);
+ write_json_data *pdata = (write_json_data*) data;
+ const gchar *label_ptr;
+ gchar label_str[ITEM_LABEL_LENGTH];
+ char *dfilter_string;
+ int i;
+ gchar *abbrev_escaped = NULL;
+
+ /* dissection with an invisible proto tree? */
+ g_assert(fi);
+
+ /* Text label. It's printed as a field with no name. */
+ if (fi->hfinfo->id == hf_text_only) {
+ /* Get the text */
+ if (fi->rep) {
+ label_ptr = fi->rep->representation;
+ }
+ else {
+ label_ptr = "";
+ }
+
+ /* Show empty name since it is a required field */
+ fputs("\"", pdata->fh);
+ if (fi_parent != NULL) {
+ print_escaped_ek(pdata->fh, fi_parent->hfinfo->abbrev);
+ fputs("_", pdata->fh);
+ }
+ print_escaped_ek(pdata->fh, fi->hfinfo->abbrev);
+
+ if (node->first_child != NULL) {
+ fputs("\": \"", pdata->fh);
+ print_escaped_json(pdata->fh, label_ptr);
+ fputs("\",", pdata->fh);
+
+ }
+ else {
+ if (node->next == NULL) {
+ fputs("\": \"", pdata->fh);
+ print_escaped_json(pdata->fh, label_ptr);
+ fputs("\"", pdata->fh);
+ } else {
+ fputs("\": \"", pdata->fh);
+ print_escaped_json(pdata->fh, label_ptr);
+ fputs("\",", pdata->fh);
+ }
+ }
+ }
+
+ /* Normal protocols and fields */
+ else {
+ /*
+ * Hex dump -x
+ */
+ if (pdata->print_hex && fi->length > 0) {
+ fputs("\"", pdata->fh);
+ if (fi_parent != NULL) {
+ print_escaped_ek(pdata->fh, fi_parent->hfinfo->abbrev);
+ fputs("_", pdata->fh);
+ }
+ print_escaped_ek(pdata->fh, fi->hfinfo->abbrev);
+ fputs("_raw", pdata->fh);
+ fputs("\": \"", pdata->fh);
+
+ if (fi->hfinfo->bitmask!=0) {
+ switch (fi->value.ftype->ftype) {
+ case FT_INT8:
+ case FT_INT16:
+ case FT_INT24:
+ case FT_INT32:
+ fprintf(pdata->fh, "%X", (guint) fvalue_get_sinteger(&fi->value));
+ break;
+ case FT_UINT8:
+ case FT_UINT16:
+ case FT_UINT24:
+ case FT_UINT32:
+ fprintf(pdata->fh, "%X", fvalue_get_uinteger(&fi->value));
+ break;
+ case FT_INT40:
+ case FT_INT48:
+ case FT_INT56:
+ case FT_INT64:
+ fprintf(pdata->fh, "%" G_GINT64_MODIFIER "X", fvalue_get_sinteger64(&fi->value));
+ break;
+ case FT_UINT40:
+ case FT_UINT48:
+ case FT_UINT56:
+ case FT_UINT64:
+ case FT_BOOLEAN:
+ fprintf(pdata->fh, "%" G_GINT64_MODIFIER "X", fvalue_get_uinteger64(&fi->value));
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ fputs("\",", pdata->fh);
+ }
+ else {
+ json_write_field_hex_value(pdata, fi);
+ fputs("\",", pdata->fh);
+ }
+ }
+
+
+
+ fputs("\"", pdata->fh);
+
+ if (fi_parent != NULL) {
+ print_escaped_ek(pdata->fh, fi_parent->hfinfo->abbrev);
+ fputs("_", pdata->fh);
+ }
+ print_escaped_ek(pdata->fh, fi->hfinfo->abbrev);
+
+ /* show, value, and unmaskedvalue attributes */
+ switch (fi->hfinfo->type)
+ {
+ case FT_PROTOCOL:
+ if (node->first_child != NULL) {
+ fputs("\": {", pdata->fh);
+ } else {
+ fputs("\": \"", pdata->fh);
+ if (fi->rep) {
+ print_escaped_json(pdata->fh, fi->rep->representation);
+ }
+ else {
+ label_ptr = label_str;
+ proto_item_fill_label(fi, label_str);
+ print_escaped_json(pdata->fh, label_ptr);
+ }
+ if (node->next == NULL) {
+ fputs("\"", pdata->fh);
+ } else {
+ fputs("\",", pdata->fh);
+ }
+ }
+ break;
+ case FT_NONE:
+ if (node->first_child != NULL) {
+ fputs("\": \"\",", pdata->fh);
+ } else {
+ if (node->next == NULL) {
+ fputs("\": \"\"", pdata->fh);
+ } else {
+ fputs("\": \"\",", pdata->fh);
+ }
+ }
+ break;
+ default:
+ dfilter_string = fvalue_to_string_repr(NULL, &fi->value, FTREPR_DISPLAY, fi->hfinfo->display);
+ if (dfilter_string != NULL) {
+ fputs("\": \"", pdata->fh);
+ print_escaped_json(pdata->fh, dfilter_string);
+ }
+ wmem_free(NULL, dfilter_string);
+
+ if (node->next == NULL && node->first_child == NULL) {
+ fputs("\"", pdata->fh);
+ } else {
+ fputs("\",", pdata->fh);
+ }
+ }
+
+ }
+
+ /* We print some levels for JSON. Recurse here. */
+ if (node->first_child != NULL) {
+
+ if (pdata->filter != NULL) {
+
+ /* to to thread the '.' and '_' equally. The '.' is replace by print_escaped_ek for '_' */
+ if (fi->hfinfo->abbrev != NULL) {
+ if (strlen(fi->hfinfo->abbrev) > 0) {
+ abbrev_escaped = g_strdup(fi->hfinfo->abbrev);
+
+ i = 0;
+ while(abbrev_escaped[i]!='\0') {
+ if(abbrev_escaped[i]=='.') {
+ abbrev_escaped[i]='_';
+ }
+ i++;
+ }
+ }
+ }
+
+ if(check_protocolfilter(pdata->filter, fi->hfinfo->abbrev) || check_protocolfilter(pdata->filter, abbrev_escaped)) {
+ gchar **_filter = NULL;
+ /* Remove protocol filter for children, if children should be included */
+ if ((pdata->filter_flags&PF_INCLUDE_CHILDREN) == PF_INCLUDE_CHILDREN) {
+ _filter = pdata->filter;
+ pdata->filter = NULL;
+ }
+
+ pdata->level++;
+ proto_tree_children_foreach(node, proto_tree_write_node_ek, pdata);
+ pdata->level--;
+
+ /* Put protocol filter back */
+ if ((pdata->filter_flags&PF_INCLUDE_CHILDREN) == PF_INCLUDE_CHILDREN) {
+ pdata->filter = _filter;
+ }
+ } else {
+ /* print dummy field */
+ fputs("\"filtered\": \"", pdata->fh);
+ print_escaped_ek(pdata->fh, fi->hfinfo->abbrev);
+ fputs("\"", pdata->fh);
+ }
+
+ /* release abbrev_escaped string */
+ if (abbrev_escaped != NULL) {
+ g_free(abbrev_escaped);
+ }
+
+ } else {
+ pdata->level++;
+ proto_tree_children_foreach(node,
+ proto_tree_write_node_ek, pdata);
+ pdata->level--;
+ }
+ }
+
+ if (node->first_child != NULL) {
+ if (fi->hfinfo->type == FT_PROTOCOL) {
+ /* Close off current element */
+ if (node->next == NULL) {
+ fputs("}", pdata->fh);
+ } else {
+ fputs("},", pdata->fh);
+ }
+ } else {
+ if (node->next != NULL) {
+ fputs(",", pdata->fh);
+ }
+ }
+ }
+}
+
/* Print info for a 'geninfo' pseudo-protocol. This is required by
* the PDML spec. The information is contained in Wireshark's 'frame' protocol,
* but we produce a 'geninfo' protocol in the PDML to conform to spec.
* The 'frame' protocol follows the 'geninfo' protocol in the PDML. */
static void
-print_pdml_geninfo(proto_tree *tree, FILE *fh)
+print_pdml_geninfo(epan_dissect_t *edt, FILE *fh)
{
guint32 num, len, caplen;
- nstime_t *timestamp;
GPtrArray *finfo_array;
field_info *frame_finfo;
+ gchar *tmp;
/* Get frame protocol's finfo. */
- finfo_array = proto_find_finfo(tree, proto_frame);
+ finfo_array = proto_find_first_finfo(edt->tree, proto_frame);
if (g_ptr_array_len(finfo_array) < 1) {
return;
}
frame_finfo = (field_info *)finfo_array->pdata[0];
g_ptr_array_free(finfo_array, TRUE);
- /* frame.number --> geninfo.num */
- finfo_array = proto_find_finfo(tree, hf_frame_number);
- if (g_ptr_array_len(finfo_array) < 1) {
- return;
- }
- num = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
- g_ptr_array_free(finfo_array, TRUE);
+ /* frame.number, packet_info.num */
+ num = edt->pi.num;
- /* frame.frame_len --> geninfo.len */
- finfo_array = proto_find_finfo(tree, hf_frame_len);
- if (g_ptr_array_len(finfo_array) < 1) {
- return;
- }
- len = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
- g_ptr_array_free(finfo_array, TRUE);
+ /* frame.frame_len, packet_info.frame_data->pkt_len */
+ len = edt->pi.fd->pkt_len;
- /* frame.cap_len --> geninfo.caplen */
- finfo_array = proto_find_finfo(tree, hf_frame_capture_len);
- if (g_ptr_array_len(finfo_array) < 1) {
- return;
- }
- caplen = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
- g_ptr_array_free(finfo_array, TRUE);
-
- /* frame.time --> geninfo.timestamp */
- finfo_array = proto_find_finfo(tree, hf_frame_arrival_time);
- if (g_ptr_array_len(finfo_array) < 1) {
- return;
- }
- timestamp = (nstime_t *)fvalue_get(&((field_info*)finfo_array->pdata[0])->value);
- g_ptr_array_free(finfo_array, TRUE);
+ /* frame.cap_len --> packet_info.frame_data->cap_len */
+ caplen = edt->pi.fd->cap_len;
/* Print geninfo start */
fprintf(fh,
- " <proto name=\"geninfo\" pos=\"0\" showname=\"General information\" size=\"%u\">\n",
+ " <proto name=\"geninfo\" pos=\"0\" showname=\"General information\" size=\"%d\">\n",
frame_finfo->length);
/* Print geninfo.num */
fprintf(fh,
- " <field name=\"num\" pos=\"0\" show=\"%u\" showname=\"Number\" value=\"%x\" size=\"%u\"/>\n",
+ " <field name=\"num\" pos=\"0\" show=\"%u\" showname=\"Number\" value=\"%x\" size=\"%d\"/>\n",
num, num, frame_finfo->length);
/* Print geninfo.len */
fprintf(fh,
- " <field name=\"len\" pos=\"0\" show=\"%u\" showname=\"Frame Length\" value=\"%x\" size=\"%u\"/>\n",
+ " <field name=\"len\" pos=\"0\" show=\"%u\" showname=\"Frame Length\" value=\"%x\" size=\"%d\"/>\n",
len, len, frame_finfo->length);
/* Print geninfo.caplen */
fprintf(fh,
- " <field name=\"caplen\" pos=\"0\" show=\"%u\" showname=\"Captured Length\" value=\"%x\" size=\"%u\"/>\n",
+ " <field name=\"caplen\" pos=\"0\" show=\"%u\" showname=\"Captured Length\" value=\"%x\" size=\"%d\"/>\n",
caplen, caplen, frame_finfo->length);
+ tmp = abs_time_to_str(NULL, &edt->pi.abs_ts, ABSOLUTE_TIME_LOCAL, TRUE);
+
/* Print geninfo.timestamp */
fprintf(fh,
- " <field name=\"timestamp\" pos=\"0\" show=\"%s\" showname=\"Captured Time\" value=\"%d.%09d\" size=\"%u\"/>\n",
- abs_time_to_ep_str(timestamp, ABSOLUTE_TIME_LOCAL, TRUE), (int) timestamp->secs, timestamp->nsecs, frame_finfo->length);
+ " <field name=\"timestamp\" pos=\"0\" show=\"%s\" showname=\"Captured Time\" value=\"%d.%09d\" size=\"%d\"/>\n",
+ tmp, (int)edt->pi.abs_ts.secs, edt->pi.abs_ts.nsecs, frame_finfo->length);
+
+ wmem_free(NULL, tmp);
/* Print geninfo end */
fprintf(fh,
fputs("</pdml>\n", fh);
}
-void
-write_psml_preamble(FILE *fh)
-{
- fputs("<?xml version=\"1.0\"?>\n", fh);
- fputs("<psml version=\"" PSML_VERSION "\" ", fh);
- fprintf(fh, "creator=\"%s/%s\">\n", PACKAGE, VERSION);
- write_headers = TRUE;
-}
+
void
-proto_tree_write_psml(epan_dissect_t *edt, FILE *fh)
+write_psml_preamble(column_info *cinfo, FILE *fh)
{
gint i;
- /* if this is the first packet, we have to create the PSML structure output */
- if (write_headers) {
- fprintf(fh, "<structure>\n");
+ fprintf(fh, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n");
+ fprintf(fh, "<psml version=\"" PSML_VERSION "\" creator=\"%s/%s\">\n", PACKAGE, VERSION);
+ fprintf(fh, "<structure>\n");
- for (i = 0; i < edt->pi.cinfo->num_cols; i++) {
- fprintf(fh, "<section>");
- print_escaped_xml(fh, edt->pi.cinfo->col_title[i]);
- fprintf(fh, "</section>\n");
- }
+ for (i = 0; i < cinfo->num_cols; i++) {
+ fprintf(fh, "<section>");
+ print_escaped_xml(fh, cinfo->columns[i].col_title);
+ fprintf(fh, "</section>\n");
+ }
- fprintf(fh, "</structure>\n\n");
+ fprintf(fh, "</structure>\n\n");
+}
- write_headers = FALSE;
- }
+void
+write_psml_columns(epan_dissect_t *edt, FILE *fh, gboolean use_color)
+{
+ gint i;
+ const color_filter_t *cfp = edt->pi.fd->color_filter;
- fprintf(fh, "<packet>\n");
+ if (use_color && (cfp != NULL)) {
+ fprintf(fh, "<packet foreground='#%02x%02x%02x' background='#%02x%02x%02x'>\n",
+ cfp->fg_color.red, cfp->fg_color.green, cfp->fg_color.blue,
+ cfp->bg_color.red, cfp->bg_color.green, cfp->bg_color.blue);
+ }
+ else {
+ fprintf(fh, "<packet>\n");
+ }
for (i = 0; i < edt->pi.cinfo->num_cols; i++) {
fprintf(fh, "<section>");
- print_escaped_xml(fh, edt->pi.cinfo->col_data[i]);
+ print_escaped_xml(fh, edt->pi.cinfo->columns[i].col_data);
fprintf(fh, "</section>\n");
}
fputs("</psml>\n", fh);
}
-void
-write_csv_preamble(FILE *fh _U_)
-{
- write_headers = TRUE;
-}
-
static gchar *csv_massage_str(const gchar *source, const gchar *exceptions)
{
gchar *csv_str;
gchar *tmp_str;
- /* In general, our output for any field can contain unicode characters,
+ /* In general, our output for any field can contain Unicode characters,
so g_strescape (which escapes any non-ASCII) is the wrong thing to do.
Unfortunately glib doesn't appear to provide g_unicode_strescape()... */
csv_str = g_strescape(source, exceptions);
tmp_str = csv_str;
- /* Locate the UTF-8 righ arrow character and replace it by an ASCII equivalent */
- while ( (tmp_str = strstr(tmp_str, "\xe2\x86\x92")) != NULL ) {
+ /* Locate the UTF-8 right arrow character and replace it by an ASCII equivalent */
+ while ( (tmp_str = strstr(tmp_str, UTF8_RIGHTWARDS_ARROW)) != NULL ) {
tmp_str[0] = ' ';
tmp_str[1] = '>';
tmp_str[2] = ' ';
}
+ tmp_str = csv_str;
while ( (tmp_str = strstr(tmp_str, "\\\"")) != NULL )
*tmp_str = '\"';
return csv_str;
{
gchar *csv_str;
- /* Do not escape the UTF-8 righ arrow character */
- csv_str = csv_massage_str(str, "\xe2\x86\x92");
+ /* Do not escape the UTF-8 right arrow character */
+ csv_str = csv_massage_str(str, UTF8_RIGHTWARDS_ARROW);
fprintf(fh, "\"%s\"%c", csv_str, sep);
g_free(csv_str);
}
void
-proto_tree_write_csv(epan_dissect_t *edt, FILE *fh)
+write_csv_column_titles(column_info *cinfo, FILE *fh)
{
gint i;
- /* if this is the first packet, we have to write the CSV header */
- if (write_headers) {
- for (i = 0; i < edt->pi.cinfo->num_cols - 1; i++)
- csv_write_str(edt->pi.cinfo->col_title[i], ',', fh);
- csv_write_str(edt->pi.cinfo->col_title[i], '\n', fh);
- write_headers = FALSE;
- }
-
- for (i = 0; i < edt->pi.cinfo->num_cols - 1; i++)
- csv_write_str(edt->pi.cinfo->col_data[i], ',', fh);
- csv_write_str(edt->pi.cinfo->col_data[i], '\n', fh);
-}
-
-void
-write_csv_finale(FILE *fh _U_)
-{
-
+ for (i = 0; i < cinfo->num_cols - 1; i++)
+ csv_write_str(cinfo->columns[i].col_title, ',', fh);
+ csv_write_str(cinfo->columns[i].col_title, '\n', fh);
}
void
-write_carrays_preamble(FILE *fh _U_)
+write_csv_columns(epan_dissect_t *edt, FILE *fh)
{
+ gint i;
+ for (i = 0; i < edt->pi.cinfo->num_cols - 1; i++)
+ csv_write_str(edt->pi.cinfo->columns[i].col_data, ',', fh);
+ csv_write_str(edt->pi.cinfo->columns[i].col_data, '\n', fh);
}
void
-proto_tree_write_carrays(guint32 num, FILE *fh, epan_dissect_t *edt)
+write_carrays_hex_data(guint32 num, FILE *fh, epan_dissect_t *edt)
{
guint32 i = 0, src_num = 0;
GSList *src_le;
tvbuff_t *tvb;
- const char *name;
+ char *name;
const guchar *cp;
guint length;
char ascii[9];
memset(ascii, 0, sizeof(ascii));
src = (struct data_source *)src_le->data;
tvb = get_data_source_tvb(src);
- length = tvb_length(tvb);
+ length = tvb_captured_length(tvb);
if (length == 0)
continue;
cp = tvb_get_ptr(tvb, 0, length);
name = get_data_source_name(src);
- if (name)
+ if (name) {
fprintf(fh, "/* %s */\n", name);
+ wmem_free(NULL, name);
+ }
if (src_num) {
fprintf(fh, "static const unsigned char pkt%u_%u[%u] = {\n",
num, src_num, length);
}
}
-void
-write_carrays_finale(FILE *fh _U_)
-{
-
-}
-
/*
* Find the data source for a specified field, and return a pointer
* to the data in it. Returns NULL if the data is out of bounds.
* that could be expensive. Until we fix that,
* we'll do the check here.
*/
- tvbuff_length = tvb_length_remaining(src_tvb,
+ tvbuff_length = tvb_captured_length_remaining(src_tvb,
fi->start);
if (tvbuff_length < 0) {
return NULL;
const char *p;
char temp_str[8];
+ if (fh == NULL || unescaped_string == NULL) {
+ return;
+ }
+
for (p = unescaped_string; *p != '\0'; p++) {
switch (*p) {
case '&':
fputs(""", fh);
break;
case '\'':
- fputs("'", fh);
+ fputs("'", fh);
break;
default:
if (g_ascii_isprint(*p))
}
static void
-write_pdml_field_hex_value(write_pdml_data *pdata, field_info *fi)
+print_escaped_bare(FILE *fh, const char *unescaped_string, gboolean change_dot)
+{
+ const char *p;
+ char temp_str[8];
+
+ if (fh == NULL || unescaped_string == NULL) {
+ return;
+ }
+
+ for (p = unescaped_string; *p != '\0'; p++) {
+ switch (*p) {
+ case '"':
+ fputs("\\\"", fh);
+ break;
+ case '\\':
+ fputs("\\\\", fh);
+ break;
+ case '/':
+ fputs("\\/", fh);
+ break;
+ case '\b':
+ fputs("\\b", fh);
+ break;
+ case '\f':
+ fputs("\\f", fh);
+ break;
+ case '\n':
+ fputs("\\n", fh);
+ break;
+ case '\r':
+ fputs("\\r", fh);
+ break;
+ case '\t':
+ fputs("\\t", fh);
+ break;
+ case '.':
+ if (change_dot)
+ fputs("_", fh);
+ else
+ fputs(".", fh);
+ break;
+ default:
+ if (g_ascii_isprint(*p))
+ fputc(*p, fh);
+ else {
+ g_snprintf(temp_str, sizeof(temp_str), "\\u00%02x", (guint8)*p);
+ fputs(temp_str, fh);
+ }
+ }
+ }
+}
+
+/* Print a string, escaping out certain characters that need to
+ * escaped out for JSON. */
+static void
+print_escaped_json(FILE *fh, const char *unescaped_string)
+{
+ print_escaped_bare(fh, unescaped_string, FALSE);
+}
+
+/* Print a string, escaping out certain characters that need to
+ * escaped out for Elasticsearch title. */
+static void
+print_escaped_ek(FILE *fh, const char *unescaped_string)
+{
+ print_escaped_bare(fh, unescaped_string, TRUE);
+}
+
+static void
+pdml_write_field_hex_value(write_pdml_data *pdata, field_info *fi)
+{
+ int i;
+ const guint8 *pd;
+
+ if (!fi->ds_tvb)
+ return;
+
+ if (fi->length > tvb_captured_length_remaining(fi->ds_tvb, fi->start)) {
+ fprintf(pdata->fh, "field length invalid!");
+ return;
+ }
+
+ /* Find the data for this field. */
+ pd = get_field_data(pdata->src_list, fi);
+
+ if (pd) {
+ /* Print a simple hex dump */
+ for (i = 0 ; i < fi->length; i++) {
+ fprintf(pdata->fh, "%02x", pd[i]);
+ }
+ }
+}
+
+static void
+json_write_field_hex_value(write_json_data *pdata, field_info *fi)
{
int i;
const guint8 *pd;
if (!fi->ds_tvb)
return;
- if (fi->length > tvb_length_remaining(fi->ds_tvb, fi->start)) {
+ if (fi->length > tvb_captured_length_remaining(fi->ds_tvb, fi->start)) {
fprintf(pdata->fh, "field length invalid!");
return;
}
gboolean multiple_sources;
GSList *src_le;
tvbuff_t *tvb;
- const char *name;
- char *line;
+ char *line, *name;
const guchar *cp;
guint length;
struct data_source *src;
if (multiple_sources) {
name = get_data_source_name(src);
line = g_strdup_printf("%s:", name);
+ wmem_free(NULL, name);
print_line(stream, 0, line);
g_free(line);
}
- length = tvb_length(tvb);
+ length = tvb_captured_length(tvb);
if (length == 0)
return TRUE;
cp = tvb_get_ptr(tvb, 0, length);
return TRUE;
}
-static
-void ps_clean_string(char *out, const char *in, int outbuf_size)
-{
- int rd, wr;
- char c;
-
- if (in == NULL) {
- out[0] = '\0';
- return;
- }
-
- for (rd = 0, wr = 0 ; wr < outbuf_size; rd++, wr++ ) {
- c = in[rd];
- switch (c) {
- case '(':
- case ')':
- case '\\':
- out[wr] = '\\';
- out[++wr] = c;
- break;
-
- default:
- out[wr] = c;
- break;
- }
-
- if (c == 0) {
- break;
- }
- }
-}
-
-/* Some formats need stuff at the beginning of the output */
-gboolean
-print_preamble(print_stream_t *self, gchar *filename, const char *version_string)
-{
- return self->ops->print_preamble ? (self->ops->print_preamble)(self, filename, version_string) : TRUE;
-}
-
-gboolean
-print_line(print_stream_t *self, int indent, const char *line)
-{
- return (self->ops->print_line)(self, indent, line);
-}
-
-/* Insert bookmark */
-gboolean
-print_bookmark(print_stream_t *self, const gchar *name, const gchar *title)
-{
- return self->ops->print_bookmark ? (self->ops->print_bookmark)(self, name, title) : TRUE;
-}
-
-gboolean
-new_page(print_stream_t *self)
-{
- return self->ops->new_page ? (self->ops->new_page)(self) : TRUE;
-}
-
-/* Some formats need stuff at the end of the output */
-gboolean
-print_finale(print_stream_t *self)
-{
- return self->ops->print_finale ? (self->ops->print_finale)(self) : TRUE;
-}
-
-gboolean
-destroy_print_stream(print_stream_t *self)
-{
- return self->ops->destroy ? (self->ops->destroy)(self) : TRUE;
-}
-
-typedef struct {
- gboolean to_file;
- FILE *fh;
-} output_text;
-
-static gboolean
-print_line_text(print_stream_t *self, int indent, const char *line)
-{
- static char spaces[MAX_INDENT];
- size_t ret;
-
- output_text *output = (output_text *)self->data;
- unsigned int num_spaces;
-
- /* should be space, if NUL -> initialize */
- if (!spaces[0]) {
- int i;
-
- for (i = 0; i < MAX_INDENT; i++)
- spaces[i] = ' ';
- }
-
- /* Prepare the tabs for printing, depending on tree level */
- num_spaces = indent * 4;
- if (num_spaces > MAX_INDENT)
- num_spaces = MAX_INDENT;
-
- ret = fwrite(spaces, 1, num_spaces, output->fh);
- if (ret == num_spaces) {
- fputs(line, output->fh);
- putc('\n', output->fh);
- }
- return !ferror(output->fh);
-}
-
-static gboolean
-new_page_text(print_stream_t *self)
-{
- output_text *output = (output_text *)self->data;
-
- fputs("\f", output->fh);
- return !ferror(output->fh);
-}
-
-static gboolean
-destroy_text(print_stream_t *self)
-{
- output_text *output = (output_text *)self->data;
- gboolean ret;
-
- ret = close_print_dest(output->to_file, output->fh);
- g_free(output);
- g_free(self);
- return ret;
-}
-
-static const print_stream_ops_t print_text_ops = {
- NULL, /* preamble */
- print_line_text,
- NULL, /* bookmark */
- new_page_text,
- NULL, /* finale */
- destroy_text
-};
-
-static print_stream_t *
-print_stream_text_alloc(gboolean to_file, FILE *fh)
-{
- print_stream_t *stream;
- output_text *output;
-
- output = (output_text *)g_malloc(sizeof *output);
- output->to_file = to_file;
- output->fh = fh;
- stream = (print_stream_t *)g_malloc(sizeof (print_stream_t));
- stream->ops = &print_text_ops;
- stream->data = output;
-
- return stream;
-}
-
-print_stream_t *
-print_stream_text_new(gboolean to_file, const char *dest)
-{
- FILE *fh;
-
- fh = open_print_dest(to_file, dest);
- if (fh == NULL)
- return NULL;
-
- return print_stream_text_alloc(to_file, fh);
-}
-
-print_stream_t *
-print_stream_text_stdio_new(FILE *fh)
-{
- return print_stream_text_alloc(TRUE, fh);
-}
-
-typedef struct {
- gboolean to_file;
- FILE *fh;
-} output_ps;
-
-static gboolean
-print_preamble_ps(print_stream_t *self, gchar *filename, const char *version_string)
-{
- output_ps *output = (output_ps *)self->data;
- char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
-
- print_ps_preamble(output->fh);
-
- fputs("%% the page title\n", output->fh);
- ps_clean_string(psbuffer, filename, MAX_PS_LINE_LENGTH);
- fprintf(output->fh, "/ws_pagetitle (%s - Wireshark " VERSION "%s) def\n", psbuffer, version_string);
- fputs("\n", output->fh);
- return !ferror(output->fh);
-}
-
-static gboolean
-print_line_ps(print_stream_t *self, int indent, const char *line)
-{
- output_ps *output = (output_ps *)self->data;
- char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
-
- ps_clean_string(psbuffer, line, MAX_PS_LINE_LENGTH);
- fprintf(output->fh, "%d (%s) putline\n", indent, psbuffer);
- return !ferror(output->fh);
-}
-
-static gboolean
-print_bookmark_ps(print_stream_t *self, const gchar *name, const gchar *title)
-{
- output_ps *output = (output_ps *)self->data;
- char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
-
- /*
- * See the Adobe "pdfmark reference":
- *
- * http://partners.adobe.com/asn/acrobat/docs/pdfmark.pdf
- *
- * The pdfmark stuff tells code that turns PostScript into PDF
- * things that it should do.
- *
- * The /OUT stuff creates a bookmark that goes to the
- * destination with "name" as the name and "title" as the title.
- *
- * The "/DEST" creates the destination.
- */
- ps_clean_string(psbuffer, title, MAX_PS_LINE_LENGTH);
- fprintf(output->fh, "[/Dest /%s /Title (%s) /OUT pdfmark\n", name,
- psbuffer);
- fputs("[/View [/XYZ -4 currentpoint matrix currentmatrix matrix defaultmatrix\n",
- output->fh);
- fputs("matrix invertmatrix matrix concatmatrix transform exch pop 20 add null]\n",
- output->fh);
- fprintf(output->fh, "/Dest /%s /DEST pdfmark\n", name);
- return !ferror(output->fh);
-}
-
-static gboolean
-new_page_ps(print_stream_t *self)
-{
- output_ps *output = (output_ps *)self->data;
-
- fputs("formfeed\n", output->fh);
- return !ferror(output->fh);
-}
-
-static gboolean
-print_finale_ps(print_stream_t *self)
-{
- output_ps *output = (output_ps *)self->data;
-
- print_ps_finale(output->fh);
- return !ferror(output->fh);
-}
-
-static gboolean
-destroy_ps(print_stream_t *self)
-{
- output_ps *output = (output_ps *)self->data;
- gboolean ret;
-
- ret = close_print_dest(output->to_file, output->fh);
- g_free(output);
- g_free(self);
- return ret;
-}
-
-static const print_stream_ops_t print_ps_ops = {
- print_preamble_ps,
- print_line_ps,
- print_bookmark_ps,
- new_page_ps,
- print_finale_ps,
- destroy_ps
-};
-
-static print_stream_t *
-print_stream_ps_alloc(gboolean to_file, FILE *fh)
-{
- print_stream_t *stream;
- output_ps *output;
-
- output = (output_ps *)g_malloc(sizeof *output);
- output->to_file = to_file;
- output->fh = fh;
- stream = (print_stream_t *)g_malloc(sizeof (print_stream_t));
- stream->ops = &print_ps_ops;
- stream->data = output;
-
- return stream;
-}
-
-print_stream_t *
-print_stream_ps_new(gboolean to_file, const char *dest)
-{
- FILE *fh;
-
- fh = open_print_dest(to_file, dest);
- if (fh == NULL)
- return NULL;
-
- return print_stream_ps_alloc(to_file, fh);
-}
-
-print_stream_t *
-print_stream_ps_stdio_new(FILE *fh)
-{
- return print_stream_ps_alloc(TRUE, fh);
-}
-
-output_fields_t* output_fields_new(void)
-{
- output_fields_t* fields = g_new(output_fields_t, 1);
- fields->print_header = FALSE;
- fields->separator = '\t';
- fields->occurrence = 'a';
- fields->aggregator = ',';
- fields->fields = NULL; /*Do lazy initialisation */
- fields->field_indicies = NULL;
- fields->field_values = NULL;
- fields->quote ='\0';
- fields->includes_col_fields = FALSE;
- return fields;
-}
-
gsize output_fields_num_fields(output_fields_t* fields)
{
g_assert(fields);
}
+static void
+output_field_check(void *data, void *user_data)
+{
+ gchar *field = (gchar *)data;
+ GSList **invalid_fields = (GSList **)user_data;
+
+ if (!strncmp(field, COLUMN_FIELD_FILTER, strlen(COLUMN_FIELD_FILTER)))
+ return;
+
+ if (!proto_registrar_get_byname(field)) {
+ *invalid_fields = g_slist_prepend(*invalid_fields, field);
+ }
+
+}
+
+GSList *
+output_fields_valid(output_fields_t *fields)
+{
+ GSList *invalid_fields = NULL;
+ if (fields->fields == NULL) {
+ return NULL;
+ }
+
+ g_ptr_array_foreach(fields->fields, output_field_check, &invalid_fields);
+
+ return invalid_fields;
+}
+
gboolean output_fields_set_option(output_fields_t *info, gchar *option)
{
const gchar *option_name;
g_assert(option);
if ('\0' == *option) {
- return FALSE; /* Is this guarded against by option parsing? */
+ return FALSE; /* this happens if we're called from tshark -E '' */
}
option_name = strtok(option, "=");
if (!option_name) {
return FALSE;
}
option_value = option + strlen(option_name) + 1;
+ if (*option_value == '\0') {
+ return FALSE;
+ }
+
if (0 == strcmp(option_name, "header")) {
- switch (NULL == option_value ? '\0' : *option_value) {
+ switch (*option_value) {
case 'n':
info->print_header = FALSE;
break;
}
return TRUE;
}
-
- if (0 == strcmp(option_name, "separator")) {
- switch (NULL == option_value ? '\0' : *option_value) {
- case '\0':
- return FALSE;
+ else if (0 == strcmp(option_name, "separator")) {
+ switch (*option_value) {
case '/':
switch (*++option_value) {
case 't':
}
return TRUE;
}
-
- if (0 == strcmp(option_name, "occurrence")) {
- switch (NULL == option_value ? '\0' : *option_value) {
+ else if (0 == strcmp(option_name, "occurrence")) {
+ switch (*option_value) {
case 'f':
case 'l':
case 'a':
}
return TRUE;
}
-
- if (0 == strcmp(option_name, "aggregator")) {
- switch (NULL == option_value ? '\0' : *option_value) {
- case '\0':
- return FALSE;
+ else if (0 == strcmp(option_name, "aggregator")) {
+ switch (*option_value) {
case '/':
switch (*++option_value) {
case 's':
}
return TRUE;
}
-
- if (0 == strcmp(option_name, "quote")) {
- switch (NULL == option_value ? '\0' : *option_value) {
- default: /* Fall through */
- case '\0':
- info->quote = '\0';
- return FALSE;
+ else if (0 == strcmp(option_name, "quote")) {
+ switch (*option_value) {
case 'd':
info->quote = '"';
break;
case 'n':
info->quote = '\0';
break;
+ default:
+ info->quote = '\0';
+ return FALSE;
+ }
+ return TRUE;
+ }
+ else if (0 == strcmp(option_name, "bom")) {
+ switch (*option_value) {
+ case 'n':
+ info->print_bom = FALSE;
+ break;
+ case 'y':
+ info->print_bom = TRUE;
+ break;
+ default:
+ return FALSE;
}
return TRUE;
}
void output_fields_list_options(FILE *fh)
{
fprintf(fh, "TShark: The available options for field output \"E\" are:\n");
+ fputs("bom=y|n Prepend output with the UTF-8 BOM (def: N: no)\n", fh);
fputs("header=y|n Print field abbreviations as first line of output (def: N: no)\n", fh);
fputs("separator=/t|/s|<character> Set the separator to use;\n \"/t\" = tab, \"/s\" = space (def: /t: tab)\n", fh);
fputs("occurrence=f|l|a Select the occurrence of a field to use;\n \"f\" = first, \"l\" = last, \"a\" = all (def: a: all)\n", fh);
g_assert(fh);
g_assert(fields->fields);
+ if (fields->print_bom) {
+ fputs(UTF8_BOM, fh);
+ }
+
+
if (!fields->print_header) {
return;
}
guint indx;
GPtrArray* fv_p;
- if ((NULL == value) || ('\0' == *value))
+ if (NULL == value)
return;
/* Unwrap change made to disambiguiate zero / null */
/* print the value of all accurrences of the field */
/* If not the first, add the 'aggregator' */
if (g_ptr_array_len(fv_p) > 0) {
- g_ptr_array_add(fv_p, (gpointer)ep_strdup_printf("%c", fields->aggregator));
+ g_ptr_array_add(fv_p, (gpointer)g_strdup_printf("%c", fields->aggregator));
}
break;
default:
field_index = g_hash_table_lookup(call_data->fields->field_indicies, fi->hfinfo->abbrev);
if (NULL != field_index) {
format_field_values(call_data->fields, field_index,
- get_node_field_value(fi, call_data->edt) /* static or ep_alloc'd string */
+ get_node_field_value(fi, call_data->edt) /* g_ alloc'd string */
);
}
}
}
-void proto_tree_write_fields(output_fields_t *fields, epan_dissect_t *edt, column_info *cinfo, FILE *fh)
+static void write_specified_fields(fields_format format, output_fields_t *fields, epan_dissect_t *edt, column_info *cinfo, FILE *fh)
{
gsize i;
+ gboolean first = TRUE;
gint col;
gchar *col_name;
gpointer field_index;
proto_tree_children_foreach(edt->tree, proto_tree_get_node_field_values,
&data);
- if (fields->includes_col_fields) {
- for (col = 0; col < cinfo->num_cols; col++) {
- /* Prepend COLUMN_FIELD_FILTER as the field name */
- col_name = ep_strdup_printf("%s%s", COLUMN_FIELD_FILTER, cinfo->col_title[col]);
- field_index = g_hash_table_lookup(fields->field_indicies, col_name);
-
- if (NULL != field_index) {
- format_field_values(fields, field_index, cinfo->col_data[col]);
+ switch (format) {
+ case FORMAT_CSV:
+ if (fields->includes_col_fields) {
+ for (col = 0; col < cinfo->num_cols; col++) {
+ /* Prepend COLUMN_FIELD_FILTER as the field name */
+ col_name = g_strdup_printf("%s%s", COLUMN_FIELD_FILTER, cinfo->columns[col].col_title);
+ field_index = g_hash_table_lookup(fields->field_indicies, col_name);
+ g_free(col_name);
+
+ if (NULL != field_index) {
+ format_field_values(fields, field_index, g_strdup(cinfo->columns[col].col_data));
+ }
}
}
- }
- for(i = 0; i < fields->fields->len; ++i) {
- if (0 != i) {
- fputc(fields->separator, fh);
+ for(i = 0; i < fields->fields->len; ++i) {
+ if (0 != i) {
+ fputc(fields->separator, fh);
+ }
+ if (NULL != fields->field_values[i]) {
+ GPtrArray *fv_p;
+ gchar * str;
+ gsize j;
+ fv_p = fields->field_values[i];
+ if (fields->quote != '\0') {
+ fputc(fields->quote, fh);
+ }
+
+ /* Output the array of (partial) field values */
+ for (j = 0; j < g_ptr_array_len(fv_p); j++ ) {
+ str = (gchar *)g_ptr_array_index(fv_p, j);
+ fputs(str, fh);
+ g_free(str);
+ }
+ if (fields->quote != '\0') {
+ fputc(fields->quote, fh);
+ }
+ g_ptr_array_free(fv_p, TRUE); /* get ready for the next packet */
+ fields->field_values[i] = NULL;
+ }
}
- if (NULL != fields->field_values[i]) {
- GPtrArray *fv_p;
- gsize j;
- fv_p = fields->field_values[i];
- if (fields->quote != '\0') {
- fputc(fields->quote, fh);
+ break;
+ case FORMAT_XML:
+ for(i = 0; i < fields->fields->len; ++i) {
+ gchar *field = (gchar *)g_ptr_array_index(fields->fields, i);
+
+ if (NULL != fields->field_values[i]) {
+ GPtrArray *fv_p;
+ gchar * str;
+ gsize j;
+ fv_p = fields->field_values[i];
+
+ /* Output the array of (partial) field values */
+ for (j = 0; j < (g_ptr_array_len(fv_p)); j+=2 ) {
+ str = (gchar *)g_ptr_array_index(fv_p, j);
+
+ fprintf(fh, " <field name=\"%s\" value=", field);
+ fputs("\"", fh);
+ print_escaped_xml(fh, str);
+ fputs("\"/>\n", fh);
+ g_free(str);
+ }
+ g_ptr_array_free(fv_p, TRUE); /* get ready for the next packet */
+ fields->field_values[i] = NULL;
}
+ }
+ break;
+ case FORMAT_JSON:
+ fputs("{\n", fh);
+ for(i = 0; i < fields->fields->len; ++i) {
+ gchar *field = (gchar *)g_ptr_array_index(fields->fields, i);
+
+ if (NULL != fields->field_values[i]) {
+ GPtrArray *fv_p;
+ gchar * str;
+ gsize j;
+ fv_p = fields->field_values[i];
+
+ /* Output the array of (partial) field values */
+ for (j = 0; j < (g_ptr_array_len(fv_p)); j += 2) {
+ str = (gchar *) g_ptr_array_index(fv_p, j);
+
+ if (j == 0) {
+ if (!first) {
+ fputs(",\n", fh);
+ }
+ fprintf(fh, " \"%s\": [", field);
+ }
+ fputs("\"", fh);
+ print_escaped_json(fh, str);
+ fputs("\"", fh);
+ g_free(str);
+
+ if (j + 2 < (g_ptr_array_len(fv_p))) {
+ fputs(",", fh);
+ } else {
+ fputs("]", fh);
+ }
+ }
- /* Output the array of (partial) field values */
- for (j = 0; j < g_ptr_array_len(fv_p); j++ ) {
- fputs((gchar *)g_ptr_array_index(fv_p, j), fh);
+ first = FALSE;
+ g_ptr_array_free(fv_p, TRUE); /* get ready for the next packet */
+ fields->field_values[i] = NULL;
}
- if (fields->quote != '\0') {
- fputc(fields->quote, fh);
+ }
+ fputc('\n',fh);
+
+ fputs(" }", fh);
+ break;
+ case FORMAT_EK:
+ for(i = 0; i < fields->fields->len; ++i) {
+ gchar *field = (gchar *)g_ptr_array_index(fields->fields, i);
+
+ if (NULL != fields->field_values[i]) {
+ GPtrArray *fv_p;
+ gchar * str;
+ gsize j;
+ fv_p = fields->field_values[i];
+
+ /* Output the array of (partial) field values */
+ for (j = 0; j < (g_ptr_array_len(fv_p)); j += 2) {
+ str = (gchar *)g_ptr_array_index(fv_p, j);
+
+ if (j == 0) {
+ if (!first) {
+ fputs(",", fh);
+ }
+ fputs("\"", fh);
+ print_escaped_ek(fh, field);
+ fputs("\": [", fh);
+ }
+ fputs("\"", fh);
+ print_escaped_json(fh, str);
+ fputs("\"", fh);
+ g_free(str);
+
+ if (j + 2 < (g_ptr_array_len(fv_p))) {
+ fputs(",", fh);
+ }
+ else {
+ fputs("]", fh);
+
+ }
+ }
+
+ first = FALSE;
+ g_ptr_array_free(fv_p, TRUE); /* get ready for the next packet */
+ fields->field_values[i] = NULL;
}
- g_ptr_array_free(fv_p, TRUE); /* get ready for the next packet */
- fields->field_values[i] = NULL;
}
+ break;
+
+ default:
+ fprintf(stderr, "Unknown fields format %d\n", format);
+ g_assert_not_reached();
+ break;
}
}
/* Nothing to do */
}
-/* Returns an ep_alloced string or a static constant*/
-const gchar* get_node_field_value(field_info* fi, epan_dissect_t* edt)
+/* Returns an g_malloced string */
+gchar* get_node_field_value(field_info* fi, epan_dissect_t* edt)
{
if (fi->hfinfo->id == hf_text_only) {
/* Text label.
* Get the text */
if (fi->rep) {
- return fi->rep->representation;
+ return g_strdup(fi->rep->representation);
}
else {
return get_field_hex_value(edt->pi.data_src, fi);
else {
/* Normal protocols and fields */
gchar *dfilter_string;
- size_t chop_len;
switch (fi->hfinfo->type)
{
case FT_PROTOCOL:
/* Print out the full details for the protocol. */
if (fi->rep) {
- return fi->rep->representation;
+ return g_strdup(fi->rep->representation);
} else {
/* Just print out the protocol abbreviation */
- return fi->hfinfo->abbrev;
+ return g_strdup(fi->hfinfo->abbrev);
}
case FT_NONE:
/* Return "1" so that the presence of a field of type
* FT_NONE can be checked when using -T fields */
- return "1";
+ return g_strdup("1");
default:
- /* XXX - this is a hack until we can just call
- * fvalue_to_string_repr() for *all* FT_* types. */
- dfilter_string = proto_construct_match_selected_string(fi,
- edt);
+ dfilter_string = fvalue_to_string_repr(NULL, &fi->value, FTREPR_DISPLAY, fi->hfinfo->display);
if (dfilter_string != NULL) {
- chop_len = strlen(fi->hfinfo->abbrev) + 4; /* for " == " */
-
- /* XXX - Remove double-quotes. Again, once we
- * can call fvalue_to_string_repr(), we can
- * ask it not to produce the version for
- * display-filters, and thus, no
- * double-quotes. */
- if (dfilter_string[strlen(dfilter_string)-1] == '"') {
- dfilter_string[strlen(dfilter_string)-1] = '\0';
- chop_len++;
- }
-
- return &(dfilter_string[chop_len]);
+ gchar* ret = g_strdup(dfilter_string);
+ wmem_free(NULL, dfilter_string);
+ return ret;
} else {
return get_field_hex_value(edt->pi.data_src, fi);
}
}
}
-static const gchar*
+static gchar*
get_field_hex_value(GSList *src_list, field_info *fi)
{
const guint8 *pd;
if (!fi->ds_tvb)
return NULL;
- if (fi->length > tvb_length_remaining(fi->ds_tvb, fi->start)) {
- return "field length invalid!";
+ if (fi->length > tvb_captured_length_remaining(fi->ds_tvb, fi->start)) {
+ return g_strdup("field length invalid!");
}
/* Find the data for this field. */
const int chars_per_byte = 2;
len = chars_per_byte * fi->length;
- buffer = ep_alloc_array(gchar, len + 1);
+ buffer = (gchar *)g_malloc(sizeof(gchar)*(len + 1));
buffer[len] = '\0'; /* Ensure NULL termination in bad cases */
p = buffer;
/* Print a simple hex dump */
}
}
+output_fields_t* output_fields_new(void)
+{
+ output_fields_t* fields = g_new(output_fields_t, 1);
+ fields->print_bom = FALSE;
+ fields->print_header = FALSE;
+ fields->separator = '\t';
+ fields->occurrence = 'a';
+ fields->aggregator = ',';
+ fields->fields = NULL; /*Do lazy initialisation */
+ fields->field_indicies = NULL;
+ fields->field_values = NULL;
+ fields->quote ='\0';
+ fields->includes_col_fields = FALSE;
+ return fields;
+}
+
+/*
+ * Editor modelines - http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * vi: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */
git.samba.org / metze / wireshark / wip.git / blobdiff