2 * Collecting of Expert information.
4 * For further info, see: https://wiki.wireshark.org/Development/ExpertInfo
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include <epan/packet_info.h>
29 #include <epan/proto.h>
30 #include "value_string.h"
31 #include "ws_symbol_export.h"
35 #endif /* __cplusplus */
37 /** only for internal and display use. */
38 typedef struct expert_info_s {
42 int hf_index; /* hf_index of the expert item. Might be -1. */
43 const gchar *protocol;
48 /* Expert Info and Display hf data */
49 typedef struct expert_field
57 #define EI_INIT {EI_INIT_EI, EI_INIT_HF}
59 typedef struct expert_field_info {
60 /* ---------- set by dissector --------- */
66 /* ------- set by register routines (prefilled by EXPFILL macro, see below) ------ */
68 const gchar *protocol;
69 int orig_severity; /* Matches severity when registered, used to restore original severity
70 * if UAT severity entry is removed */
71 hf_register_info hf_info;
75 #define EXPFILL 0, NULL, 0, \
76 {0, {NULL, NULL, FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL}}
78 typedef struct ei_register_info {
79 expert_field *ids; /**< written to by register() function */
80 expert_field_info eiinfo; /**< the field info to be registered */
83 typedef struct expert_module expert_module_t;
85 #define PRE_ALLOC_EXPERT_FIELDS_MEM 5000
87 /* "proto_expert" is exported from libwireshark.dll.
88 * Thus we need a special declaration.
90 WS_DLL_PUBLIC int proto_expert;
96 expert_packet_init(void);
102 expert_packet_cleanup(void);
105 expert_get_highest_severity(void);
108 expert_update_comment_count(guint64 count);
110 /** Add an expert info.
111 Add an expert info tree to a protocol item using registered expert info item
112 @param pinfo Packet info of the currently processed packet. May be NULL if
114 @param pi Current protocol item (or NULL)
115 @param eiindex The registered expert info item
118 expert_add_info(packet_info *pinfo, proto_item *pi, expert_field *eiindex);
120 /** Add an expert info.
121 Add an expert info tree to a protocol item using registered expert info item,
122 but with a formatted message.
123 @param pinfo Packet info of the currently processed packet. May be NULL if
125 @param pi Current protocol item (or NULL)
126 @param eiindex The registered expert info item
127 @param format Printf-style format string for additional arguments
130 expert_add_info_format(packet_info *pinfo, proto_item *pi, expert_field *eiindex,
131 const char *format, ...) G_GNUC_PRINTF(4, 5);
133 /** Add an expert info associated with some byte data
134 Add an expert info tree to a protocol item using registered expert info item.
135 This function is intended to replace places where a "text only" proto_tree_add_xxx
136 API + expert_add_info would be used.
137 @param tree Current protocol tree (or NULL)
138 @param pinfo Packet info of the currently processed packet. May be NULL if tree is supplied
139 @param eiindex The registered expert info item
140 @param tvb the tv buffer of the current data
141 @param start start of data in tvb
142 @param length length of data in tvb
143 @return the newly created item above expert info tree
145 WS_DLL_PUBLIC proto_item *
146 proto_tree_add_expert(proto_tree *tree, packet_info *pinfo, expert_field *eiindex,
147 tvbuff_t *tvb, gint start, gint length);
149 /** Add an expert info associated with some byte data
150 Add an expert info tree to a protocol item, using registered expert info item,
151 but with a formatted message.
152 Add an expert info tree to a protocol item using registered expert info item.
153 This function is intended to replace places where a "text only" proto_tree_add_xxx
154 API + expert_add_info_format
156 @param tree Current protocol tree (or NULL)
157 @param pinfo Packet info of the currently processed packet. May be NULL if tree is supplied
158 @param eiindex The registered expert info item
159 @param tvb the tv buffer of the current data
160 @param start start of data in tvb
161 @param length length of data in tvb
162 @param format Printf-style format string for additional arguments
163 @return the newly created item above expert info tree
165 WS_DLL_PUBLIC proto_item *
166 proto_tree_add_expert_format(proto_tree *tree, packet_info *pinfo, expert_field *eiindex,
167 tvbuff_t *tvb, gint start, gint length, const char *format, ...) G_GNUC_PRINTF(7, 8);
170 * Register that a protocol has expert info.
172 WS_DLL_PUBLIC expert_module_t *expert_register_protocol(int id);
175 * Deregister a expert info.
177 void expert_deregister_expertinfo (const char *abbrev);
180 * Deregister expert info from a protocol.
182 void expert_deregister_protocol (expert_module_t *module);
185 * Free deregistered expert infos.
187 void expert_free_deregistered_expertinfos (void);
190 * Get summary text of an expert_info field.
191 * This is intended for use in expert_add_info_format or proto_tree_add_expert_format
192 * to get the "base" string to then append additional information
194 WS_DLL_PUBLIC const gchar* expert_get_summary(expert_field *eiindex);
196 /** Register a expert field array.
197 @param module the protocol handle from expert_register_protocol()
198 @param ei the ei_register_info array
199 @param num_records the number of records in exp */
201 expert_register_field_array(expert_module_t *module, ei_register_info *ei, const int num_records);
203 #define EXPERT_CHECKSUM_DISABLED -2
204 #define EXPERT_CHECKSUM_UNKNOWN -1
205 #define EXPERT_CHECKSUM_GOOD 0
206 #define EXPERT_CHECKSUM_BAD 1
208 WS_DLL_PUBLIC const value_string expert_group_vals[];
210 WS_DLL_PUBLIC const value_string expert_severity_vals[];
212 WS_DLL_PUBLIC const value_string expert_checksum_vals[];
216 #endif /* __cplusplus */
218 #endif /* __EXPERT_H__ */
221 * Editor modelines - https://www.wireshark.org/tools/modelines.html
226 * indent-tabs-mode: t
229 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
230 * :indentSize=8:tabSize=8:noTabs=false: