2 * Collecting Expert information.
4 * Implemented as a tap named "expert".
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
38 static int expert_tap = -1;
39 static int highest_severity = 0;
42 const value_string expert_group_vals[] = {
43 { PI_CHECKSUM, "Checksum" },
44 { PI_SEQUENCE, "Sequence" },
45 { PI_RESPONSE_CODE, "Response" },
46 { PI_REQUEST_CODE, "Request" },
47 { PI_UNDECODED, "Undecoded" },
48 { PI_MALFORMED, "Malformed" },
49 { PI_REASSEMBLE, "Reassemble" },
50 /* { PI_SECURITY, "Security" },*/
54 const value_string expert_severity_vals[] = {
55 { PI_ERROR, "Error" },
68 if(expert_tap == -1) {
69 expert_tap = register_tap("expert");
79 /* memory cleanup will be done by se_... */
84 expert_get_highest_severity(void)
86 return highest_severity;
90 /* set's the PI_ flags to a protocol item
91 * (and it's parent items till the toplevel) */
93 expert_set_item_flags(proto_item *pi, int group, int severity)
96 if(proto_item_set_expert_flags(pi, group, severity)) {
97 /* propagate till toplevel item */
98 pi = proto_item_get_parent(pi);
99 expert_set_item_flags(pi, group, severity);
105 expert_set_info_vformat(
106 packet_info *pinfo, proto_item *pi, int group, int severity, const char *format, va_list ap)
108 int ret; /*tmp return value */
113 /* if this packet isn't loaded because of a read filter, don't output anything */
114 if(pinfo == NULL || pinfo->fd->num == 0) {
118 if(severity > highest_severity) {
119 highest_severity = severity;
122 /* XXX - use currently nonexistant se_vsnprintf instead */
123 ret = g_vsnprintf(formatted, sizeof(formatted), format, ap);
124 if ((ret == -1) || (ret >= sizeof(formatted)))
125 formatted[sizeof(formatted) - 1] = '\0';
127 ei = ep_alloc(sizeof(expert_info_t));
128 ei->packet_num = pinfo->fd->num;
130 ei->severity = severity;
131 ei->protocol = ep_strdup(pinfo->current_proto);
132 ei->summary = ep_strdup(formatted);
135 /* if we have a proto_item (not a faked item), set expert attributes to it */
136 if(pi != NULL && pi->finfo != NULL) {
138 expert_set_item_flags(pi, group, severity);
141 tap_queue_packet(expert_tap, pinfo, ei);
146 expert_add_info_format(
147 packet_info *pinfo, proto_item *pi, int group, int severity, const char *format, ...)
152 va_start(ap, format);
153 expert_set_info_vformat(pinfo, pi, group, severity, format, ap);