/** @defgroup prototree The Protocol Tree
*
* Dissectors use proto_tree_add_* to add items to the protocol tree. In
- * most cases you'll want to use proto_tree_add_item(). In general
- * proto_tree_add_text() should be avoided unless you explicitly don't
- * want to allow filtering.
+ * most cases you'll want to use proto_tree_add_item().
*
* @{
*/
/** Make a const val64_string[] look like a _val64_string pointer, used to set header_field_info.strings */
#define VALS64(x) (const struct _val64_string*)(x)
+/** Something to satisfy checkAPIs when you have a pointer to a value_string_ext (e.g., one built with value_string_ext_new()) */
+#define VALS_EXT_PTR(x) (x)
+
/** Make a const true_false_string[] look like a _true_false_string pointer, used to set header_field_info.strings */
#define TFS(x) (const struct true_false_string*)(x)
* conditions that shouldn't happen). It should NOT be used for showing
* that a packet is malformed. For that, use expert_infos instead.
*
- * @param expression expression to test in the assertion
+ * @param s expression to test in the assertion
*/
#define __DISSECTOR_ASSERT_STRINGIFY(s) # s
* @param a The first integer.
* @param op Any binary operator.
* @param b The second integer.
+ * @param type the type operator
+ * @param fmt the fmt operator
*/
#define __DISSECTOR_ASSERT_CMPINT(a, op, b, type, fmt) \
(REPORT_DISSECTOR_BUG( \
wmem_strdup_printf(wmem_packet_scope(), \
- "%s:%u: failed assertion "#a" "#op" "#b" ("fmt" "#op" "fmt")", \
+ "%s:%u: failed assertion " #a " " #op " " #b " (" fmt " " #op " " fmt ")", \
__FILE__, __LINE__, (type)a, (type)b)))
#define DISSECTOR_ASSERT_CMPINT(a, op, b) \
((void) ((a op b) ? (void)0 : \
- __DISSECTOR_ASSERT_CMPINT (a, op, b, gint64, "%"G_GINT64_MODIFIER"d"))) \
+ __DISSECTOR_ASSERT_CMPINT (a, op, b, gint64, "%" G_GINT64_MODIFIER "d"))) \
__DISSECTOR_ASSERT_STATIC_ANALYSIS_HINT(a op b)
/** Like DISSECTOR_ASSERT_CMPINT() except the arguments are treated as
*/
#define DISSECTOR_ASSERT_CMPUINT(a, op, b) \
((void) ((a op b) ? (void)0 : \
- __DISSECTOR_ASSERT_CMPINT (a, op, b, guint64, "%"G_GINT64_MODIFIER"u"))) \
+ __DISSECTOR_ASSERT_CMPINT (a, op, b, guint64, "%" G_GINT64_MODIFIER "u"))) \
__DISSECTOR_ASSERT_STATIC_ANALYSIS_HINT(a op b)
/** Like DISSECTOR_ASSERT_CMPUINT() except the values are displayed in
*/
#define DISSECTOR_ASSERT_CMPUINTHEX(a, op, b) \
((void) ((a op b) ? (void)0 : \
- __DISSECTOR_ASSERT_CMPINT (a, op, b, guint64, "0x%"G_GINT64_MODIFIER"X"))) \
+ __DISSECTOR_ASSERT_CMPINT (a, op, b, guint64, "0x%" G_GINT64_MODIFIER "X"))) \
__DISSECTOR_ASSERT_STATIC_ANALYSIS_HINT(a op b)
/*
* For backwards compatibility, we interpret an encoding of 1 as meaning
* "little-endian timespec", so that passing TRUE is interpreted as that.
*/
-#define ENC_TIME_TIMESPEC 0x00000000 /* "struct timespec" */
-#define ENC_TIME_NTP 0x00000002 /* NTP times */
-#define ENC_TIME_TOD 0x00000004 /* System/3xx and z/Architecture time-of-day clock */
-
+#define ENC_TIME_TIMESPEC 0x00000000 /* "struct timespec" */
+#define ENC_TIME_NTP 0x00000002 /* NTP times */
+#define ENC_TIME_TOD 0x00000004 /* System/3xx and z/Architecture time-of-day clock */
+#define ENC_TIME_NTP_BASE_ZERO 0x00000008 /* NTP times with different BASETIME */
/*
* Historically, the only place the representation mattered for strings
* was with FT_UINT_STRINGs, where we had FALSE for the string length
/* For integral types, the display format is a BASE_* field_display_e value
* possibly ORed with BASE_*_STRING */
-/** FIELD_DISPLAY_E_MASK selects the field_display_e value. Its current
- * value means that we may have at most 16 field_display_e values. */
-#define FIELD_DISPLAY_E_MASK 0x0F
+/** FIELD_DISPLAY_E_MASK selects the field_display_e value. */
+#define FIELD_DISPLAY_E_MASK 0xFF
typedef enum {
/* Integral types */
/* String types */
STR_ASCII = BASE_NONE, /**< shows non-printable ASCII characters as C-style escapes */
/* XXX, support for format_text_wsp() ? */
- STR_UNICODE = 7, /**< shows non-printable UNICODE characters as \\uXXXX (XXX for now non-printable characters display depends on UI) */
+ STR_UNICODE = 7, /**< shows non-printable UNICODE characters as \\uXXXX (XXX for now non-printable characters display depends on UI) */
/* Byte types */
- SEP_DOT = 8, /**< hexadecimal bytes with a period (.) between each byte */
- SEP_DASH = 9, /**< hexadecimal bytes with a dash (-) between each byte */
- SEP_COLON = 10, /**< hexadecimal bytes with a colon (:) between each byte */
- SEP_SPACE = 11 /**< hexadecimal bytes with a space between each byte */
+ SEP_DOT = 8, /**< hexadecimal bytes with a period (.) between each byte */
+ SEP_DASH = 9, /**< hexadecimal bytes with a dash (-) between each byte */
+ SEP_COLON = 10, /**< hexadecimal bytes with a colon (:) between each byte */
+ SEP_SPACE = 11, /**< hexadecimal bytes with a space between each byte */
+
+/* Address types */
+ BASE_NETMASK = 12, /**< Used for IPv4 address that shouldn't be resolved (like for netmasks) */
+
+/* Port types */
+ BASE_PT_UDP = 13, /**< UDP port */
+ BASE_PT_TCP = 14, /**< TCP port */
+ BASE_PT_DCCP = 15, /**< DCCP port */
+ BASE_PT_SCTP = 16 /**< SCTP port */
} field_display_e;
+#define FIELD_DISPLAY(d) ((d) & FIELD_DISPLAY_E_MASK)
+
/* Following constants have to be ORed with a field_display_e when dissector
* want to use specials value-string MACROs for a header_field_info */
-#define BASE_RANGE_STRING 0x10
-#define BASE_EXT_STRING 0x20
-#define BASE_VAL64_STRING 0x40
+#define BASE_RANGE_STRING 0x100
+#define BASE_EXT_STRING 0x200
+#define BASE_VAL64_STRING 0x400
/** BASE_ values that cause the field value to be displayed twice */
#define IS_BASE_DUAL(b) ((b)==BASE_DEC_HEX||(b)==BASE_HEX_DEC)
+/** BASE_PT_ values display decimal and transport port service name */
+#define IS_BASE_PORT(b) (((b)==BASE_PT_UDP||(b)==BASE_PT_TCP||(b)==BASE_PT_DCCP||(b)==BASE_PT_SCTP))
+
/* For FT_ABSOLUTE_TIME, the display format is an absolute_time_display_e
* as per time_fmt.h. */
const char *name; /**< [FIELDNAME] full name of this field */
const char *abbrev; /**< [FIELDABBREV] abbreviated name of this field */
enum ftenum type; /**< [FIELDTYPE] field type, one of FT_ (from ftypes.h) */
- int display; /**< [FIELDDISPLAY] one of BASE_, or field bit-width if FT_BOOLEAN and non-zero bitmask */
+ int display; /**< [FIELDDISPLAY] one of BASE_, or field bit-width if FT_BOOLEAN and non-zero bitmask */
const void *strings; /**< [FIELDCONVERT] value_string, val64_string, range_string or true_false_string,
typically converted by VALS(), RVALS() or TFS().
If this is an FT_PROTOCOL then it points to the
#define PI_SECURITY 0x0a000000
/** The protocol field indicates a packet comment */
#define PI_COMMENTS_GROUP 0x0b000000
+/** The protocol field indicates a decryption problem */
+#define PI_DECRYPTION 0x0c000000
/* add more, see https://wiki.wireshark.org/Development/ExpertInfo */
proto_tree_add_item(proto_tree *tree, int hfindex, tvbuff_t *tvb,
const gint start, gint length, const guint encoding);
-/** (DEPRECATED) Add a text-only node to a proto_tree.
+/** Add an item to a proto_tree, using the text label registered to that item.
+The item is extracted from the tvbuff handed to it, and the retrieved
+value is also set to *retval so the caller gets it back for other uses.
+
+This function retrieves the value even if the passed-in tree param is NULL,
+so that it can be used by dissectors at all times to both get the value
+and set the tree item to it.
+
+Like other proto_tree_add functions, if there is a tree and the value cannot
+be decoded from the tvbuff, then an expert info error is reported.
+
+This function accepts ENC_LITTLE_ENDIAN and ENC_BIG_ENDIAN for native number
+encoding in the tvbuff
+
+The length argument must
+be set to the appropriate size of the native type as in other proto_add routines.
+
+Integers of 8, 16, 24 and 32 bits can be retreived with these functions.
+
+@param tree the tree to append this item to
+@param hfindex field
+@param tvb the tv buffer of the current data
+@param start start of data in tvb (cannot be negative)
+@param length length of data in tvb (for strings can be -1 for remaining)
+@param encoding data encoding (e.g, ENC_LITTLE_ENDIAN, ENC_BIG_ENDIAN, ENC_ASCII|ENC_STRING, etc.)
+@param[out] retval points to a gint/guint 8/16/32/64 or gfloat/gdouble which will be set
+@return the newly created item, and value is set to the decoded value
+*/
+WS_DLL_PUBLIC proto_item *
+proto_tree_add_item_ret_int(proto_tree *tree, int hfindex, tvbuff_t *tvb,
+const gint start, gint length, const guint encoding, gint32 *retval);
+
+WS_DLL_PUBLIC proto_item *
+proto_tree_add_item_ret_uint(proto_tree *tree, int hfindex, tvbuff_t *tvb,
+const gint start, gint length, const guint encoding, guint32 *retval);
+
+/** (INTERNAL USE ONLY) Add a text-only node to a proto_tree.
@param tree the tree to append this item to
@param tvb the tv buffer of the current data
@param start start of data in tvb
@param format printf like format string
@param ... printf like parameters
@return the newly created item */
-WS_DLL_PUBLIC proto_item *
-proto_tree_add_text(proto_tree *tree, tvbuff_t *tvb, gint start, gint length, const char *format,
+proto_item *
+proto_tree_add_text_internal(proto_tree *tree, tvbuff_t *tvb, gint start, gint length, const char *format,
...) G_GNUC_PRINTF(5,6);
-/** (DEPRECATED) Add a text-only node to a proto_tree using a variable argument list.
+/** (INTERNAL USE ONLY) Add a text-only node to a proto_tree using a variable argument list.
@param tree the tree to append this item to
@param tvb the tv buffer of the current data
@param start start of data in tvb
@param ap variable argument list
@return the newly created item */
proto_item *
-proto_tree_add_text_valist(proto_tree *tree, tvbuff_t *tvb, gint start,
+proto_tree_add_text_valist_internal(proto_tree *tree, tvbuff_t *tvb, gint start,
gint length, const char *format, va_list ap)
G_GNUC_PRINTF(5, 0);
/** Add a text-only node that creates a subtree underneath.
- proto_tree_add_text + proto_item_add_subtree
@param tree the tree to append this item to
@param tvb the tv buffer of the current data
@param start start of data in tvb
proto_tree_add_subtree(proto_tree *tree, tvbuff_t *tvb, gint start, gint length, gint idx, proto_item **tree_item, const char *text);
/** Add a text-only node that creates a subtree underneath.
- proto_tree_add_text + proto_item_add_subtree
@param tree the tree to append this item to
@param tvb the tv buffer of the current data
@param start start of data in tvb
@return the newly created item */
WS_DLL_PUBLIC proto_item *
proto_tree_add_ipv6(proto_tree *tree, int hfindex, tvbuff_t *tvb, gint start,
- gint length, const guint8* value_ptr);
+ gint length, const struct e_in6_addr *value_ptr);
/** Add a formatted FT_IPv6 to a proto_tree, with the format generating
the string for the value and with the field name being included
@return the newly created item */
WS_DLL_PUBLIC proto_item *
proto_tree_add_ipv6_format_value(proto_tree *tree, int hfindex, tvbuff_t *tvb,
- gint start, gint length, const guint8* value_ptr, const char *format,
+ gint start, gint length, const struct e_in6_addr *value_ptr, const char *format,
...) G_GNUC_PRINTF(7,8);
/** Add a formatted FT_IPv6 to a proto_tree, with the format generating
@return the newly created item */
WS_DLL_PUBLIC proto_item *
proto_tree_add_ipv6_format(proto_tree *tree, int hfindex, tvbuff_t *tvb, gint start,
- gint length, const guint8* value_ptr, const char *format, ...) G_GNUC_PRINTF(7,8);
+ gint length, const struct e_in6_addr *value_ptr, const char *format, ...) G_GNUC_PRINTF(7,8);
/** Add a FT_ETHER to a proto_tree.
@param tree the tree to append this item to
WS_DLL_PUBLIC int
proto_register_protocol(const char *name, const char *short_name, const char *filter_name);
-/** Mark protocol as private
- @param proto_id the handle of the protocol */
-WS_DLL_PUBLIC
-void
-proto_mark_private(const int proto_id);
-
-/** Return if protocol is private
- @param proto_id the handle of the protocol
- @return TRUE if it is a private protocol, FALSE is not. */
+/** Deregister a protocol.
+ @param short_name abbreviated name of the protocol
+ @return TRUE if protocol is removed */
WS_DLL_PUBLIC gboolean
-proto_is_private(const int proto_id);
+proto_deregister_protocol(const char *short_name);
/** This type of function can be registered to get called whenever
a given field was not found but a its prefix is matched;
WS_DLL_PUBLIC void
proto_register_field_array(const int parent, hf_register_info *hf, const int num_records);
-/** Unregister an already registered field.
+/** Deregister an already registered field.
@param parent the protocol handle from proto_register_protocol()
@param hf_id the field to deregister */
WS_DLL_PUBLIC void
-proto_unregister_field (const int parent, gint hf_id);
+proto_deregister_field (const int parent, gint hf_id);
/** Add data to be freed when deregistered fields are freed.
@param data a pointer to data to free */
WS_DLL_PUBLIC void
proto_add_deregistered_data (void *data);
-/** Free fields deregistered in proto_unregister_field(). */
+/** Free fields deregistered in proto_deregister_field(). */
WS_DLL_PUBLIC void
proto_free_deregistered_fields (void);
/** Get name of registered header_field number n.
@param n item # n (0-indexed)
@return the name of this registered item */
-extern const char* proto_registrar_get_name(const int n);
+WS_DLL_PUBLIC const char* proto_registrar_get_name(const int n);
/** Get abbreviation of registered header_field number n.
@param n item # n (0-indexed)
@return its filter name. */
WS_DLL_PUBLIC const char *proto_get_protocol_filter_name(const int proto_id);
+/** Associate a heuristic dissector with a protocol
+ * INTERNAL USE ONLY!!!
+ * @param protocol to associate the heuristic with
+ * @param short_name heuristic dissector's short name
+ */
+extern void proto_add_heuristic_dissector(protocol_t *protocol, const char *short_name);
+
+/** Apply func to all heuristic dissectors of a protocol
+ * @param protocol to iterate over heuristics
+ * @param func function to execute on heuristics
+ * @param user_data user-specific data for function
+ */
+WS_DLL_PUBLIC void proto_heuristic_dissector_foreach(const protocol_t *protocol, GFunc func, gpointer user_data);
+
+
/** Find commonly-used protocols in a layer list.
* @param layers Protocol layer list
* @param is_ip Set to TRUE if the layer list contains IPv4 or IPv6, otherwise
* unchanged. May be NULL.
* @param is_ssl Set to TRUE if the layer list contains SSL/TLS, otherwise
* unchanged. May be NULL.
+ * @param is_rtp Set to TRUE if the layer list contains RTP, otherwise
+ * unchanged. May be NULL.
+ * @param is_lte_rlc Set to TRUE if the layer list contains LTE RLC, otherwise
+ * unchanged. May be NULL.
*/
WS_DLL_PUBLIC void proto_get_frame_protocols(const wmem_list_t *layers,
- gboolean *is_ip, gboolean *is_tcp, gboolean *is_udp, gboolean *is_sctp, gboolean *is_ssl);
+ gboolean *is_ip, gboolean *is_tcp, gboolean *is_udp, gboolean *is_sctp,
+ gboolean *is_ssl, gboolean *is_rtp, gboolean *is_lte_rlc);
/** Find a protocol by name in a layer list.
* @param layers Protocol layer list
/** Dumps a glossary of the field value strings or true/false strings to STDOUT */
WS_DLL_PUBLIC void proto_registrar_dump_values(void);
+/** Dumps the number of protocol and field registrations to STDOUT.
+ @return FALSE if we pre-allocated enough fields, TRUE otherwise. */
+WS_DLL_PUBLIC gboolean proto_registrar_dump_fieldcount(void);
+
/** Dumps a glossary of the protocol and field registrations to STDOUT. */
WS_DLL_PUBLIC void proto_registrar_dump_fields(void);
proto_tree_add_bitmask_with_flags(proto_tree *tree, tvbuff_t *tvb, const guint offset,
const int hf_hdr, const gint ett, const int **fields, const guint encoding, const int flags);
+/** This function will dissect a value that describe a bitmask. Similar to proto_tree_add_bitmask(),
+ but with a passed in value (presumably because it can't be retrieved directly from tvb)
+ @param tree the tree to append this item to
+ @param tvb the tv buffer of the current data
+ @param offset start of data in tvb
+ @param hf_hdr an 8/16/24/32/64 bit integer that describes the bitmask to be dissected.
+ This field will form an expansion under which the individual fields of the
+ bitmask is dissected and displayed.
+ This field must be of the type FT_[U]INT{8|16|24|32|64}.
+ @param ett subtree index
+ @param fields an array of pointers to int that lists all the fields of the
+ bitmask. These fields can be either of the type FT_BOOLEAN for flags
+ or another integer of the same type/size as hf_hdr with a mask specified.
+ This array is terminated by a NULL entry.
+ FT_BOOLEAN bits that are set to 1 will have the name added to the expansion.
+ FT_integer fields that have a value_string attached will have the
+ matched string displayed on the expansion line.
+ @param value bitmask value
+ @return the newly created item */
+WS_DLL_PUBLIC proto_item *
+proto_tree_add_bitmask_value(proto_tree *tree, tvbuff_t *tvb, const guint offset,
+ const int hf_hdr, const gint ett, const int **fields, const guint64 value);
+
+/** This function will dissect a value that describe a bitmask. Similar to proto_tree_add_bitmask(),
+ but with a passed in value (presumably because it can't be retrieved directly from tvb)
+ This has "filterable" bitmask header functionality of proto_tree_add_bitmask_value
+ with the ability to control what data is appended to the header like
+ proto_tree_add_bitmask_text
+ @param tree the tree to append this item to
+ @param tvb the tv buffer of the current data
+ @param offset start of data in tvb
+ @param hf_hdr an 8/16/24/32/64 bit integer that describes the bitmask to be dissected.
+ This field will form an expansion under which the individual fields of the
+ bitmask is dissected and displayed.
+ This field must be of the type FT_[U]INT{8|16|24|32|64}.
+ @param ett subtree index
+ @param fields an array of pointers to int that lists all the fields of the
+ bitmask. These fields can be either of the type FT_BOOLEAN for flags
+ or another integer of the same type/size as hf_hdr with a mask specified.
+ This array is terminated by a NULL entry.
+ FT_BOOLEAN bits that are set to 1 will have the name added to the expansion.
+ FT_integer fields that have a value_string attached will have the
+ matched string displayed on the expansion line.
+ @param value bitmask value
+ @param flags bitmask field using BMT_NO_* flags to determine behavior
+ @return the newly created item */
+WS_DLL_PUBLIC proto_item *
+proto_tree_add_bitmask_value_with_flags(proto_tree *tree, tvbuff_t *tvb, const guint offset,
+ const int hf_hdr, const gint ett, const int **fields, const guint64 value, const int flags);
+
+/** This function will dissect a sequence of bytes that describe a bitmask. Similar
+ to proto_tree_add_bitmask(), but with no "header" item to group all of the fields
+ @param tree the tree to append this item to
+ @param tvb the tv buffer of the current data
+ @param offset start of data in tvb
+ @param len number of bytes of data
+ @param fields an array of pointers to int that lists all the fields of the
+ bitmask. These fields can be either of the type FT_BOOLEAN for flags
+ or another integer of the same type/size as hf_hdr with a mask specified.
+ This array is terminated by a NULL entry.
+ FT_BOOLEAN bits that are set to 1 will have the name added to the expansion.
+ FT_integer fields that have a value_string attached will have the
+ matched string displayed on the expansion line.
+ @param encoding big or little endian byte representation (ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN/ENC_HOST_ENDIAN)
+ */
+WS_DLL_PUBLIC void
+proto_tree_add_bitmask_list(proto_tree *tree, tvbuff_t *tvb, const guint offset,
+ const int len, const int **fields, const guint encoding);
+
+
+
/** This function will dissect a sequence of bytes that describe a bitmask.
@param tree the tree to append this item to
@param tvb the tv buffer of the current data
git.samba.org / metze / wireshark / wip.git / blobdiff