2 * Routines for printing packet analysis trees.
6 * Gilbert Ramirez <gram@alumni.rice.edu>
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34 #include <epan/epan.h>
35 #include <epan/epan_dissect.h>
36 #include <epan/tvbuff.h>
37 #include <epan/packet.h>
38 #include <epan/emem.h>
39 #include <epan/expert.h>
41 #include "packet-range.h"
45 #include "version_info.h"
46 #include <wsutil/file_util.h>
47 #include <epan/charsets.h>
48 #include <epan/dissectors/packet-data.h>
49 #include <epan/dissectors/packet-frame.h>
50 #include <epan/filesystem.h>
52 #define PDML_VERSION "0"
53 #define PSML_VERSION "0"
57 print_stream_t *stream;
60 print_dissections_e print_dissections;
61 gboolean print_hex_for_data;
62 packet_char_enc encoding;
74 output_fields_t *fields;
78 struct _output_fields {
79 gboolean print_header;
84 GHashTable *field_indicies;
85 GPtrArray **field_values;
87 gboolean includes_col_fields;
90 GHashTable *output_only_tables = NULL;
92 static gboolean write_headers = FALSE;
94 static const gchar *get_field_hex_value(GSList *src_list, field_info *fi);
95 static void proto_tree_print_node(proto_node *node, gpointer data);
96 static void proto_tree_write_node_pdml(proto_node *node, gpointer data);
97 static const guint8 *get_field_data(GSList *src_list, field_info *fi);
98 static void write_pdml_field_hex_value(write_pdml_data *pdata, field_info *fi);
99 static gboolean print_hex_data_buffer(print_stream_t *stream, const guchar *cp,
100 guint length, packet_char_enc encoding);
101 static void ps_clean_string(char *out, const char *in,
103 static void print_escaped_xml(FILE *fh, const char *unescaped_string);
105 static void print_pdml_geninfo(proto_tree *tree, FILE *fh);
107 static void proto_tree_get_node_field_values(proto_node *node, gpointer data);
110 open_print_dest(gboolean to_file, const char *dest)
114 /* Open the file or command for output */
116 fh = ws_fopen(dest, "w");
118 fh = popen(dest, "w");
124 close_print_dest(gboolean to_file, FILE *fh)
126 /* Close the file or command */
128 return (fclose(fh) == 0);
130 return (pclose(fh) == 0);
133 #define MAX_PS_LINE_LENGTH 256
136 proto_tree_print(print_args_t *print_args, epan_dissect_t *edt,
137 print_stream_t *stream)
141 /* Create the output */
143 data.stream = stream;
145 data.src_list = edt->pi.data_src;
146 data.encoding = (packet_char_enc)edt->pi.fd->flags.encoding;
147 data.print_dissections = print_args->print_dissections;
148 /* If we're printing the entire packet in hex, don't
149 print uninterpreted data fields in hex as well. */
150 data.print_hex_for_data = !print_args->print_hex;
153 proto_tree_children_foreach(edt->tree, proto_tree_print_node, &data);
157 #define MAX_INDENT 160
159 /* Print a tree's data, and any child nodes. */
161 void proto_tree_print_node(proto_node *node, gpointer data)
163 field_info *fi = PNODE_FINFO(node);
164 print_data *pdata = (print_data*) data;
166 gchar label_str[ITEM_LABEL_LENGTH];
169 /* dissection with an invisible proto tree? */
172 /* Don't print invisible entries. */
173 if (PROTO_ITEM_IS_HIDDEN(node))
176 /* Give up if we've already gotten an error. */
180 /* was a free format label produced? */
182 label_ptr = fi->rep->representation;
184 else { /* no, make a generic label */
185 label_ptr = label_str;
186 proto_item_fill_label(fi, label_str);
189 if (PROTO_ITEM_IS_GENERATED(node)) {
190 label_ptr = g_strdup_printf("[%s]", label_ptr);
193 if (!print_line(pdata->stream, pdata->level, label_ptr)) {
194 pdata->success = FALSE;
199 * If -O is specified, only display the protocols which are in the
200 * lookup table. Only check on the first level: once we start printing
201 * a tree, print the rest of the subtree. Otherwise we won't print
202 * subitems whose abbreviation doesn't match the protocol--for example
203 * text items (whose abbreviation is simply "text").
205 if ((output_only_tables != NULL) && (pdata->level == 0)
206 && (g_hash_table_lookup(output_only_tables, fi->hfinfo->abbrev) == NULL)) {
207 pdata->success = TRUE;
211 if (PROTO_ITEM_IS_GENERATED(node)) {
215 /* If it's uninterpreted data, dump it (unless our caller will
216 be printing the entire packet in hex). */
217 if ((fi->hfinfo->id == proto_data) && (pdata->print_hex_for_data)) {
219 * Find the data for this field.
221 pd = get_field_data(pdata->src_list, fi);
223 if (!print_line(pdata->stream, 0, "")) {
224 pdata->success = FALSE;
227 if (!print_hex_data_buffer(pdata->stream, pd,
228 fi->length, pdata->encoding)) {
229 pdata->success = FALSE;
235 /* If we're printing all levels, or if this node is one with a
236 subtree and its subtree is expanded, recurse into the subtree,
238 g_assert((fi->tree_type >= -1) && (fi->tree_type < num_tree_types));
239 if ((pdata->print_dissections == print_dissections_expanded) ||
240 ((pdata->print_dissections == print_dissections_as_displayed) &&
241 (fi->tree_type >= 0) && tree_is_expanded[fi->tree_type])) {
242 if (node->first_child != NULL) {
244 proto_tree_children_foreach(node,
245 proto_tree_print_node, pdata);
253 #define PDML2HTML_XSL "pdml2html.xsl"
255 write_pdml_preamble(FILE *fh, const gchar *filename)
257 time_t t = time(NULL);
258 char *ts = asctime(localtime(&t));
260 ts[strlen(ts)-1] = 0; /* overwrite \n */
262 fputs("<?xml version=\"1.0\"?>\n", fh);
263 fputs("<?xml-stylesheet type=\"text/xsl\" href=\"" PDML2HTML_XSL "\"?>\n", fh);
264 fprintf(fh, "<!-- You can find " PDML2HTML_XSL " in %s or at http://anonsvn.wireshark.org/trunk/wireshark/" PDML2HTML_XSL ". -->\n", get_datafile_dir());
265 fputs("<pdml version=\"" PDML_VERSION "\" ", fh);
266 fprintf(fh, "creator=\"%s/%s\" time=\"%s\" capture_file=\"%s\">\n", PACKAGE, VERSION, ts, filename ? filename : "");
270 proto_tree_write_pdml(epan_dissect_t *edt, FILE *fh)
272 write_pdml_data data;
274 /* Create the output */
277 data.src_list = edt->pi.data_src;
280 fprintf(fh, "<packet>\n");
282 /* Print a "geninfo" protocol as required by PDML */
283 print_pdml_geninfo(edt->tree, fh);
285 proto_tree_children_foreach(edt->tree, proto_tree_write_node_pdml,
288 fprintf(fh, "</packet>\n\n");
291 /* Write out a tree's data, and any child nodes, as PDML */
293 proto_tree_write_node_pdml(proto_node *node, gpointer data)
295 field_info *fi = PNODE_FINFO(node);
296 write_pdml_data *pdata = (write_pdml_data*) data;
297 const gchar *label_ptr;
298 gchar label_str[ITEM_LABEL_LENGTH];
299 char *dfilter_string;
302 gboolean wrap_in_fake_protocol;
304 /* dissection with an invisible proto tree? */
307 /* Will wrap up top-level field items inside a fake protocol wrapper to
308 preserve the PDML schema */
309 wrap_in_fake_protocol =
310 (((fi->hfinfo->type != FT_PROTOCOL) ||
311 (fi->hfinfo->id == proto_data)) &&
312 (pdata->level == 0));
314 /* Indent to the correct level */
315 for (i = -1; i < pdata->level; i++) {
316 fputs(" ", pdata->fh);
319 if (wrap_in_fake_protocol) {
320 /* Open fake protocol wrapper */
321 fputs("<proto name=\"fake-field-wrapper\">\n", pdata->fh);
323 /* Indent to increased level before writing out field */
325 for (i = -1; i < pdata->level; i++) {
326 fputs(" ", pdata->fh);
330 /* Text label. It's printed as a field with no name. */
331 if (fi->hfinfo->id == hf_text_only) {
334 label_ptr = fi->rep->representation;
340 /* Show empty name since it is a required field */
341 fputs("<field name=\"", pdata->fh);
342 fputs("\" show=\"", pdata->fh);
343 print_escaped_xml(pdata->fh, label_ptr);
345 fprintf(pdata->fh, "\" size=\"%d", fi->length);
346 if (node->parent && node->parent->finfo && (fi->start < node->parent->finfo->start)) {
347 fprintf(pdata->fh, "\" pos=\"%d", node->parent->finfo->start + fi->start);
349 fprintf(pdata->fh, "\" pos=\"%d", fi->start);
352 fputs("\" value=\"", pdata->fh);
353 write_pdml_field_hex_value(pdata, fi);
355 if (node->first_child != NULL) {
356 fputs("\">\n", pdata->fh);
359 fputs("\"/>\n", pdata->fh);
363 /* Uninterpreted data, i.e., the "Data" protocol, is
364 * printed as a field instead of a protocol. */
365 else if (fi->hfinfo->id == proto_data) {
367 /* Write out field with data */
368 fputs("<field name=\"data\" value=\"", pdata->fh);
369 write_pdml_field_hex_value(pdata, fi);
370 fputs("\">\n", pdata->fh);
372 /* Normal protocols and fields */
374 if ((fi->hfinfo->type == FT_PROTOCOL) && (fi->hfinfo->id != proto_expert)) {
375 fputs("<proto name=\"", pdata->fh);
378 fputs("<field name=\"", pdata->fh);
380 print_escaped_xml(pdata->fh, fi->hfinfo->abbrev);
384 * http://www.nbee.org/doku.php?id=netpdl:pdml_specification
386 * the show fields contains things in 'human readable' format
387 * showname: contains only the name of the field
388 * show: contains only the data of the field
389 * showdtl: contains additional details of the field data
390 * showmap: contains mappings of the field data (e.g. the hostname to an IP address)
392 * XXX - the showname shouldn't contain the field data itself
393 * (like it's contained in the fi->rep->representation).
394 * Unfortunately, we don't have the field data representation for
395 * all fields, so this isn't currently possible */
396 fputs("\" showname=\"", pdata->fh);
397 print_escaped_xml(pdata->fh, fi->hfinfo->name);
401 fputs("\" showname=\"", pdata->fh);
402 print_escaped_xml(pdata->fh, fi->rep->representation);
405 label_ptr = label_str;
406 proto_item_fill_label(fi, label_str);
407 fputs("\" showname=\"", pdata->fh);
408 print_escaped_xml(pdata->fh, label_ptr);
411 if (PROTO_ITEM_IS_HIDDEN(node))
412 fprintf(pdata->fh, "\" hide=\"yes");
414 fprintf(pdata->fh, "\" size=\"%d", fi->length);
415 if (node->parent && node->parent->finfo && (fi->start < node->parent->finfo->start)) {
416 fprintf(pdata->fh, "\" pos=\"%d", node->parent->finfo->start + fi->start);
418 fprintf(pdata->fh, "\" pos=\"%d", fi->start);
420 /* fprintf(pdata->fh, "\" id=\"%d", fi->hfinfo->id);*/
422 /* show, value, and unmaskedvalue attributes */
423 switch (fi->hfinfo->type)
428 fputs("\" show=\"\" value=\"", pdata->fh);
431 /* XXX - this is a hack until we can just call
432 * fvalue_to_string_repr() for *all* FT_* types. */
433 dfilter_string = proto_construct_match_selected_string(fi,
435 if (dfilter_string != NULL) {
436 chop_len = strlen(fi->hfinfo->abbrev) + 4; /* for " == " */
438 /* XXX - Remove double-quotes. Again, once we
439 * can call fvalue_to_string_repr(), we can
440 * ask it not to produce the version for
441 * display-filters, and thus, no
443 if (dfilter_string[strlen(dfilter_string)-1] == '"') {
444 dfilter_string[strlen(dfilter_string)-1] = '\0';
448 fputs("\" show=\"", pdata->fh);
449 print_escaped_xml(pdata->fh, &dfilter_string[chop_len]);
453 * XXX - should we omit "value" for any fields?
454 * What should we do for fields whose length is 0?
455 * They might come from a pseudo-header or from
456 * the capture header (e.g., time stamps), or
457 * they might be generated fields.
459 if (fi->length > 0) {
460 fputs("\" value=\"", pdata->fh);
462 if (fi->hfinfo->bitmask!=0) {
463 fprintf(pdata->fh, "%X", fvalue_get_uinteger(&fi->value));
464 fputs("\" unmaskedvalue=\"", pdata->fh);
465 write_pdml_field_hex_value(pdata, fi);
468 write_pdml_field_hex_value(pdata, fi);
473 if (node->first_child != NULL) {
474 fputs("\">\n", pdata->fh);
476 else if (fi->hfinfo->id == proto_data) {
477 fputs("\">\n", pdata->fh);
480 fputs("\"/>\n", pdata->fh);
484 /* We always print all levels for PDML. Recurse here. */
485 if (node->first_child != NULL) {
487 proto_tree_children_foreach(node,
488 proto_tree_write_node_pdml, pdata);
492 /* Take back the extra level we added for fake wrapper protocol */
493 if (wrap_in_fake_protocol) {
497 if (node->first_child != NULL) {
498 /* Indent to correct level */
499 for (i = -1; i < pdata->level; i++) {
500 fputs(" ", pdata->fh);
502 /* Close off current element */
503 /* Data and expert "protocols" use simple tags */
504 if ((fi->hfinfo->id != proto_data) && (fi->hfinfo->id != proto_expert)) {
505 if (fi->hfinfo->type == FT_PROTOCOL) {
506 fputs("</proto>\n", pdata->fh);
509 fputs("</field>\n", pdata->fh);
512 fputs("</field>\n", pdata->fh);
516 /* Close off fake wrapper protocol */
517 if (wrap_in_fake_protocol) {
518 fputs("</proto>\n", pdata->fh);
522 /* Print info for a 'geninfo' pseudo-protocol. This is required by
523 * the PDML spec. The information is contained in Wireshark's 'frame' protocol,
524 * but we produce a 'geninfo' protocol in the PDML to conform to spec.
525 * The 'frame' protocol follows the 'geninfo' protocol in the PDML. */
527 print_pdml_geninfo(proto_tree *tree, FILE *fh)
529 guint32 num, len, caplen;
531 GPtrArray *finfo_array;
532 field_info *frame_finfo;
534 /* Get frame protocol's finfo. */
535 finfo_array = proto_find_finfo(tree, proto_frame);
536 if (g_ptr_array_len(finfo_array) < 1) {
539 frame_finfo = (field_info *)finfo_array->pdata[0];
540 g_ptr_array_free(finfo_array, TRUE);
542 /* frame.number --> geninfo.num */
543 finfo_array = proto_find_finfo(tree, hf_frame_number);
544 if (g_ptr_array_len(finfo_array) < 1) {
547 num = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
548 g_ptr_array_free(finfo_array, TRUE);
550 /* frame.frame_len --> geninfo.len */
551 finfo_array = proto_find_finfo(tree, hf_frame_len);
552 if (g_ptr_array_len(finfo_array) < 1) {
555 len = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
556 g_ptr_array_free(finfo_array, TRUE);
558 /* frame.cap_len --> geninfo.caplen */
559 finfo_array = proto_find_finfo(tree, hf_frame_capture_len);
560 if (g_ptr_array_len(finfo_array) < 1) {
563 caplen = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
564 g_ptr_array_free(finfo_array, TRUE);
566 /* frame.time --> geninfo.timestamp */
567 finfo_array = proto_find_finfo(tree, hf_frame_arrival_time);
568 if (g_ptr_array_len(finfo_array) < 1) {
571 timestamp = (nstime_t *)fvalue_get(&((field_info*)finfo_array->pdata[0])->value);
572 g_ptr_array_free(finfo_array, TRUE);
574 /* Print geninfo start */
576 " <proto name=\"geninfo\" pos=\"0\" showname=\"General information\" size=\"%u\">\n",
577 frame_finfo->length);
579 /* Print geninfo.num */
581 " <field name=\"num\" pos=\"0\" show=\"%u\" showname=\"Number\" value=\"%x\" size=\"%u\"/>\n",
582 num, num, frame_finfo->length);
584 /* Print geninfo.len */
586 " <field name=\"len\" pos=\"0\" show=\"%u\" showname=\"Frame Length\" value=\"%x\" size=\"%u\"/>\n",
587 len, len, frame_finfo->length);
589 /* Print geninfo.caplen */
591 " <field name=\"caplen\" pos=\"0\" show=\"%u\" showname=\"Captured Length\" value=\"%x\" size=\"%u\"/>\n",
592 caplen, caplen, frame_finfo->length);
594 /* Print geninfo.timestamp */
596 " <field name=\"timestamp\" pos=\"0\" show=\"%s\" showname=\"Captured Time\" value=\"%d.%09d\" size=\"%u\"/>\n",
597 abs_time_to_str(timestamp, ABSOLUTE_TIME_LOCAL, TRUE), (int) timestamp->secs, timestamp->nsecs, frame_finfo->length);
599 /* Print geninfo end */
605 write_pdml_finale(FILE *fh)
607 fputs("</pdml>\n", fh);
611 write_psml_preamble(FILE *fh)
613 fputs("<?xml version=\"1.0\"?>\n", fh);
614 fputs("<psml version=\"" PSML_VERSION "\" ", fh);
615 fprintf(fh, "creator=\"%s/%s\">\n", PACKAGE, VERSION);
616 write_headers = TRUE;
620 proto_tree_write_psml(epan_dissect_t *edt, FILE *fh)
624 /* if this is the first packet, we have to create the PSML structure output */
626 fprintf(fh, "<structure>\n");
628 for (i = 0; i < edt->pi.cinfo->num_cols; i++) {
629 fprintf(fh, "<section>");
630 print_escaped_xml(fh, edt->pi.cinfo->col_title[i]);
631 fprintf(fh, "</section>\n");
634 fprintf(fh, "</structure>\n\n");
636 write_headers = FALSE;
639 fprintf(fh, "<packet>\n");
641 for (i = 0; i < edt->pi.cinfo->num_cols; i++) {
642 fprintf(fh, "<section>");
643 print_escaped_xml(fh, edt->pi.cinfo->col_data[i]);
644 fprintf(fh, "</section>\n");
647 fprintf(fh, "</packet>\n\n");
651 write_psml_finale(FILE *fh)
653 fputs("</psml>\n", fh);
657 write_csv_preamble(FILE *fh _U_)
659 write_headers = TRUE;
662 static gchar *csv_massage_str(const gchar *source, const gchar *exceptions)
667 csv_str = g_strescape(source, exceptions);
669 while ( (tmp_str = strstr(tmp_str, "\\\"")) != NULL )
674 static void csv_write_str(const char *str, char sep, FILE *fh)
678 csv_str = csv_massage_str(str, NULL);
679 fprintf(fh, "\"%s\"%c", csv_str, sep);
684 proto_tree_write_csv(epan_dissect_t *edt, FILE *fh)
688 /* if this is the first packet, we have to write the CSV header */
690 for (i = 0; i < edt->pi.cinfo->num_cols - 1; i++)
691 csv_write_str(edt->pi.cinfo->col_title[i], ',', fh);
692 csv_write_str(edt->pi.cinfo->col_title[i], '\n', fh);
693 write_headers = FALSE;
696 for (i = 0; i < edt->pi.cinfo->num_cols - 1; i++)
697 csv_write_str(edt->pi.cinfo->col_data[i], ',', fh);
698 csv_write_str(edt->pi.cinfo->col_data[i], '\n', fh);
702 write_csv_finale(FILE *fh _U_)
708 write_carrays_preamble(FILE *fh _U_)
714 proto_tree_write_carrays(guint32 num, FILE *fh, epan_dissect_t *edt)
716 guint32 i = 0, src_num = 0;
723 struct data_source *src;
725 for (src_le = edt->pi.data_src; src_le != NULL; src_le = src_le->next) {
726 memset(ascii, 0, sizeof(ascii));
727 src = (struct data_source *)src_le->data;
728 tvb = get_data_source_tvb(src);
729 length = tvb_length(tvb);
733 cp = tvb_get_ptr(tvb, 0, length);
735 name = get_data_source_name(src);
737 fprintf(fh, "/* %s */\n", name);
739 fprintf(fh, "static const unsigned char pkt%u_%u[%u] = {\n",
740 num, src_num, length);
742 fprintf(fh, "static const unsigned char pkt%u[%u] = {\n",
747 for (i = 0; i < length; i++) {
748 fprintf(fh, "0x%02x", *(cp + i));
749 ascii[i % 8] = isprint(*(cp + i)) ? *(cp + i) : '.';
751 if (i == (length - 1)) {
756 for ( j = 0; j < 8 - rem; j++ )
759 fprintf(fh, " /* %s */\n};\n\n", ascii);
763 if (!((i + 1) % 8)) {
764 fprintf(fh, ", /* %s */\n", ascii);
765 memset(ascii, 0, sizeof(ascii));
775 write_carrays_finale(FILE *fh _U_)
781 * Find the data source for a specified field, and return a pointer
782 * to the data in it. Returns NULL if the data is out of bounds.
784 /* XXX: What am I missing ?
785 * Why bother searching for fi->ds_tvb for the matching tvb
786 * in the data_source list ?
787 * IOW: Why not just use fi->ds_tvb for the arg to tvb_get_ptr() ?
790 static const guint8 *
791 get_field_data(GSList *src_list, field_info *fi)
795 gint length, tvbuff_length;
796 struct data_source *src;
798 for (src_le = src_list; src_le != NULL; src_le = src_le->next) {
799 src = (struct data_source *)src_le->data;
800 src_tvb = get_data_source_tvb(src);
801 if (fi->ds_tvb == src_tvb) {
805 * XXX - a field can have a length that runs past
806 * the end of the tvbuff. Ideally, that should
807 * be fixed when adding an item to the protocol
808 * tree, but checking the length when doing
809 * that could be expensive. Until we fix that,
810 * we'll do the check here.
812 tvbuff_length = tvb_length_remaining(src_tvb,
814 if (tvbuff_length < 0) {
818 if (length > tvbuff_length)
819 length = tvbuff_length;
820 return tvb_get_ptr(src_tvb, fi->start, length);
823 g_assert_not_reached();
824 return NULL; /* not found */
827 /* Print a string, escaping out certain characters that need to
828 * escaped out for XML. */
830 print_escaped_xml(FILE *fh, const char *unescaped_string)
835 for (p = unescaped_string; *p != '\0'; p++) {
853 if (g_ascii_isprint(*p))
856 g_snprintf(temp_str, sizeof(temp_str), "\\x%x", (guint8)*p);
864 write_pdml_field_hex_value(write_pdml_data *pdata, field_info *fi)
872 if (fi->length > tvb_length_remaining(fi->ds_tvb, fi->start)) {
873 fprintf(pdata->fh, "field length invalid!");
877 /* Find the data for this field. */
878 pd = get_field_data(pdata->src_list, fi);
881 /* Print a simple hex dump */
882 for (i = 0 ; i < fi->length; i++) {
883 fprintf(pdata->fh, "%02x", pd[i]);
889 print_hex_data(print_stream_t *stream, epan_dissect_t *edt)
891 gboolean multiple_sources;
898 struct data_source *src;
901 * Set "multiple_sources" iff this frame has more than one
902 * data source; if it does, we need to print the name of
903 * the data source before printing the data from the
906 multiple_sources = (edt->pi.data_src->next != NULL);
908 for (src_le = edt->pi.data_src; src_le != NULL;
909 src_le = src_le->next) {
910 src = (struct data_source *)src_le->data;
911 tvb = get_data_source_tvb(src);
912 if (multiple_sources) {
913 name = get_data_source_name(src);
914 line = g_strdup_printf("%s:", name);
915 print_line(stream, 0, line);
918 length = tvb_length(tvb);
921 cp = tvb_get_ptr(tvb, 0, length);
922 if (!print_hex_data_buffer(stream, cp, length,
923 (packet_char_enc)edt->pi.fd->flags.encoding))
930 * This routine is based on a routine created by Dan Lasley
931 * <DLASLEY@PROMUS.com>.
933 * It was modified for Wireshark by Gilbert Ramirez and others.
936 #define MAX_OFFSET_LEN 8 /* max length of hex offset of bytes */
937 #define BYTES_PER_LINE 16 /* max byte values printed on a line */
938 #define HEX_DUMP_LEN (BYTES_PER_LINE*3)
939 /* max number of characters hex dump takes -
940 2 digits plus trailing blank */
941 #define DATA_DUMP_LEN (HEX_DUMP_LEN + 2 + BYTES_PER_LINE)
942 /* number of characters those bytes take;
943 3 characters per byte of hex dump,
944 2 blanks separating hex from ASCII,
945 1 character per byte of ASCII dump */
946 #define MAX_LINE_LEN (MAX_OFFSET_LEN + 2 + DATA_DUMP_LEN)
947 /* number of characters per line;
948 offset, 2 blanks separating offset
949 from data dump, data dump */
952 print_hex_data_buffer(print_stream_t *stream, const guchar *cp,
953 guint length, packet_char_enc encoding)
955 register unsigned int ad, i, j, k, l;
957 gchar line[MAX_LINE_LEN + 1];
958 unsigned int use_digits;
960 static gchar binhex[16] = {
961 '0', '1', '2', '3', '4', '5', '6', '7',
962 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
965 * How many of the leading digits of the offset will we supply?
966 * We always supply at least 4 digits, but if the maximum offset
967 * won't fit in 4 digits, we use as many digits as will be needed.
969 if (((length - 1) & 0xF0000000) != 0)
970 use_digits = 8; /* need all 8 digits */
971 else if (((length - 1) & 0x0F000000) != 0)
972 use_digits = 7; /* need 7 digits */
973 else if (((length - 1) & 0x00F00000) != 0)
974 use_digits = 6; /* need 6 digits */
975 else if (((length - 1) & 0x000F0000) != 0)
976 use_digits = 5; /* need 5 digits */
978 use_digits = 4; /* we'll supply 4 digits */
987 * Start of a new line.
993 c = (ad >> (l*4)) & 0xF;
994 line[j++] = binhex[c];
998 memset(line+j, ' ', DATA_DUMP_LEN);
1001 * Offset in line of ASCII dump.
1003 k = j + HEX_DUMP_LEN + 2;
1006 line[j++] = binhex[c>>4];
1007 line[j++] = binhex[c&0xf];
1009 if (encoding == PACKET_CHAR_ENC_CHAR_EBCDIC) {
1010 c = EBCDIC_to_ASCII1(c);
1012 line[k++] = ((c >= ' ') && (c < 0x7f)) ? c : '.';
1014 if (((i & 15) == 0) || (i == length)) {
1016 * We'll be starting a new line, or
1017 * we're finished printing this buffer;
1018 * dump out the line we've constructed,
1019 * and advance the offset.
1022 if (!print_line(stream, 0, line))
1031 void ps_clean_string(char *out, const char *in, int outbuf_size)
1041 for (rd = 0, wr = 0 ; wr < outbuf_size; rd++, wr++ ) {
1062 /* Some formats need stuff at the beginning of the output */
1064 print_preamble(print_stream_t *self, gchar *filename)
1066 return self->ops->print_preamble ? (self->ops->print_preamble)(self, filename) : TRUE;
1070 print_line(print_stream_t *self, int indent, const char *line)
1072 return (self->ops->print_line)(self, indent, line);
1075 /* Insert bookmark */
1077 print_bookmark(print_stream_t *self, const gchar *name, const gchar *title)
1079 return self->ops->print_bookmark ? (self->ops->print_bookmark)(self, name, title) : TRUE;
1083 new_page(print_stream_t *self)
1085 return self->ops->new_page ? (self->ops->new_page)(self) : TRUE;
1088 /* Some formats need stuff at the end of the output */
1090 print_finale(print_stream_t *self)
1092 return self->ops->print_finale ? (self->ops->print_finale)(self) : TRUE;
1096 destroy_print_stream(print_stream_t *self)
1098 return self->ops->destroy ? (self->ops->destroy)(self) : TRUE;
1107 print_line_text(print_stream_t *self, int indent, const char *line)
1109 output_text *output = (output_text *)self->data;
1110 char space[MAX_INDENT+1];
1114 /* Prepare the tabs for printing, depending on tree level */
1115 num_spaces = indent * 4;
1116 if (num_spaces > MAX_INDENT) {
1117 num_spaces = MAX_INDENT;
1119 for (i = 0; i < num_spaces; i++) {
1122 /* The string is NUL-terminated */
1123 space[num_spaces] = '\0';
1125 fputs(space, output->fh);
1126 fputs(line, output->fh);
1127 putc('\n', output->fh);
1128 return !ferror(output->fh);
1132 new_page_text(print_stream_t *self)
1134 output_text *output = (output_text *)self->data;
1136 fputs("\f", output->fh);
1137 return !ferror(output->fh);
1141 destroy_text(print_stream_t *self)
1143 output_text *output = (output_text *)self->data;
1146 ret = close_print_dest(output->to_file, output->fh);
1152 static const print_stream_ops_t print_text_ops = {
1153 NULL, /* preamble */
1155 NULL, /* bookmark */
1161 static print_stream_t *
1162 print_stream_text_alloc(gboolean to_file, FILE *fh)
1164 print_stream_t *stream;
1165 output_text *output;
1167 output = (output_text *)g_malloc(sizeof *output);
1168 output->to_file = to_file;
1170 stream = (print_stream_t *)g_malloc(sizeof (print_stream_t));
1171 stream->ops = &print_text_ops;
1172 stream->data = output;
1178 print_stream_text_new(gboolean to_file, const char *dest)
1182 fh = open_print_dest(to_file, dest);
1186 return print_stream_text_alloc(to_file, fh);
1190 print_stream_text_stdio_new(FILE *fh)
1192 return print_stream_text_alloc(TRUE, fh);
1201 print_preamble_ps(print_stream_t *self, gchar *filename)
1203 output_ps *output = (output_ps *)self->data;
1204 char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
1206 print_ps_preamble(output->fh);
1208 fputs("%% the page title\n", output->fh);
1209 ps_clean_string(psbuffer, filename, MAX_PS_LINE_LENGTH);
1210 fprintf(output->fh, "/ws_pagetitle (%s - Wireshark " VERSION "%s) def\n", psbuffer, wireshark_svnversion);
1211 fputs("\n", output->fh);
1212 return !ferror(output->fh);
1216 print_line_ps(print_stream_t *self, int indent, const char *line)
1218 output_ps *output = (output_ps *)self->data;
1219 char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
1221 ps_clean_string(psbuffer, line, MAX_PS_LINE_LENGTH);
1222 fprintf(output->fh, "%d (%s) putline\n", indent, psbuffer);
1223 return !ferror(output->fh);
1227 print_bookmark_ps(print_stream_t *self, const gchar *name, const gchar *title)
1229 output_ps *output = (output_ps *)self->data;
1230 char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
1233 * See the Adobe "pdfmark reference":
1235 * http://partners.adobe.com/asn/acrobat/docs/pdfmark.pdf
1237 * The pdfmark stuff tells code that turns PostScript into PDF
1238 * things that it should do.
1240 * The /OUT stuff creates a bookmark that goes to the
1241 * destination with "name" as the name and "title" as the title.
1243 * The "/DEST" creates the destination.
1245 ps_clean_string(psbuffer, title, MAX_PS_LINE_LENGTH);
1246 fprintf(output->fh, "[/Dest /%s /Title (%s) /OUT pdfmark\n", name,
1248 fputs("[/View [/XYZ -4 currentpoint matrix currentmatrix matrix defaultmatrix\n",
1250 fputs("matrix invertmatrix matrix concatmatrix transform exch pop 20 add null]\n",
1252 fprintf(output->fh, "/Dest /%s /DEST pdfmark\n", name);
1253 return !ferror(output->fh);
1257 new_page_ps(print_stream_t *self)
1259 output_ps *output = (output_ps *)self->data;
1261 fputs("formfeed\n", output->fh);
1262 return !ferror(output->fh);
1266 print_finale_ps(print_stream_t *self)
1268 output_ps *output = (output_ps *)self->data;
1270 print_ps_finale(output->fh);
1271 return !ferror(output->fh);
1275 destroy_ps(print_stream_t *self)
1277 output_ps *output = (output_ps *)self->data;
1280 ret = close_print_dest(output->to_file, output->fh);
1286 static const print_stream_ops_t print_ps_ops = {
1295 static print_stream_t *
1296 print_stream_ps_alloc(gboolean to_file, FILE *fh)
1298 print_stream_t *stream;
1301 output = (output_ps *)g_malloc(sizeof *output);
1302 output->to_file = to_file;
1304 stream = (print_stream_t *)g_malloc(sizeof (print_stream_t));
1305 stream->ops = &print_ps_ops;
1306 stream->data = output;
1312 print_stream_ps_new(gboolean to_file, const char *dest)
1316 fh = open_print_dest(to_file, dest);
1320 return print_stream_ps_alloc(to_file, fh);
1324 print_stream_ps_stdio_new(FILE *fh)
1326 return print_stream_ps_alloc(TRUE, fh);
1329 output_fields_t* output_fields_new(void)
1331 output_fields_t* fields = g_new(output_fields_t, 1);
1332 fields->print_header = FALSE;
1333 fields->separator = '\t';
1334 fields->occurrence = 'a';
1335 fields->aggregator = ',';
1336 fields->fields = NULL; /*Do lazy initialisation */
1337 fields->field_indicies = NULL;
1338 fields->field_values = NULL;
1339 fields->quote ='\0';
1340 fields->includes_col_fields = FALSE;
1344 gsize output_fields_num_fields(output_fields_t* fields)
1348 if (NULL == fields->fields) {
1351 return fields->fields->len;
1355 void output_fields_free(output_fields_t* fields)
1359 if (NULL != fields->fields) {
1362 if (NULL != fields->field_indicies) {
1363 /* Keys are stored in fields->fields, values are
1366 g_hash_table_destroy(fields->field_indicies);
1369 if (NULL != fields->field_values) {
1370 g_free(fields->field_values);
1373 for(i = 0; i < fields->fields->len; ++i) {
1374 gchar* field = (gchar *)g_ptr_array_index(fields->fields,i);
1377 g_ptr_array_free(fields->fields, TRUE);
1383 #define COLUMN_FIELD_FILTER "col."
1385 void output_fields_add(output_fields_t *fields, const gchar *field)
1393 if (NULL == fields->fields) {
1394 fields->fields = g_ptr_array_new();
1397 field_copy = g_strdup(field);
1399 g_ptr_array_add(fields->fields, field_copy);
1401 /* See if we have a column as a field entry */
1402 if (!strncmp(field, COLUMN_FIELD_FILTER, strlen(COLUMN_FIELD_FILTER)))
1403 fields->includes_col_fields = TRUE;
1407 gboolean output_fields_set_option(output_fields_t *info, gchar *option)
1409 const gchar *option_name;
1410 const gchar *option_value;
1415 if ('\0' == *option) {
1416 return FALSE; /* Is this guarded against by option parsing? */
1418 option_name = strtok(option, "=");
1422 option_value = option + strlen(option_name) + 1;
1423 if (0 == strcmp(option_name, "header")) {
1424 switch (NULL == option_value ? '\0' : *option_value) {
1426 info->print_header = FALSE;
1429 info->print_header = TRUE;
1437 if (0 == strcmp(option_name, "separator")) {
1438 switch (NULL == option_value ? '\0' : *option_value) {
1442 switch (*++option_value) {
1444 info->separator = '\t';
1447 info->separator = ' ';
1450 info->separator = '\\';
1454 info->separator = *option_value;
1460 if (0 == strcmp(option_name, "occurrence")) {
1461 switch (NULL == option_value ? '\0' : *option_value) {
1465 info->occurrence = *option_value;
1473 if (0 == strcmp(option_name, "aggregator")) {
1474 switch (NULL == option_value ? '\0' : *option_value) {
1478 switch (*++option_value) {
1480 info->aggregator = ' ';
1483 info->aggregator = '\\';
1487 info->aggregator = *option_value;
1493 if (0 == strcmp(option_name, "quote")) {
1494 switch (NULL == option_value ? '\0' : *option_value) {
1495 default: /* Fall through */
1515 void output_fields_list_options(FILE *fh)
1517 fprintf(fh, "TShark: The available options for field output \"E\" are:\n");
1518 fputs("header=y|n Print field abbreviations as first line of output (def: N: no)\n", fh);
1519 fputs("separator=/t|/s|<character> Set the separator to use;\n \"/t\" = tab, \"/s\" = space (def: /t: tab)\n", fh);
1520 fputs("occurrence=f|l|a Select the occurrence of a field to use;\n \"f\" = first, \"l\" = last, \"a\" = all (def: a: all)\n", fh);
1521 fputs("aggregator=,|/s|<character> Set the aggregator to use;\n \",\" = comma, \"/s\" = space (def: ,: comma)\n", fh);
1522 fputs("quote=d|s|n Print either d: double-quotes, s: single quotes or \n n: no quotes around field values (def: n: none)\n", fh);
1525 gboolean output_fields_has_cols(output_fields_t* fields)
1528 return fields->includes_col_fields;
1531 void write_fields_preamble(output_fields_t* fields, FILE *fh)
1537 g_assert(fields->fields);
1539 if (!fields->print_header) {
1543 for(i = 0; i < fields->fields->len; ++i) {
1544 const gchar* field = (const gchar *)g_ptr_array_index(fields->fields,i);
1546 fputc(fields->separator, fh);
1553 static void format_field_values(output_fields_t* fields, gpointer field_index, const gchar* value)
1558 if ((NULL == value) || ('\0' == *value))
1561 /* Unwrap change made to disambiguiate zero / null */
1562 indx = GPOINTER_TO_UINT(field_index) - 1;
1564 if (fields->field_values[indx] == NULL) {
1565 fields->field_values[indx] = g_ptr_array_new();
1568 /* Essentially: fieldvalues[indx] is a 'GPtrArray *' with each array entry */
1569 /* pointing to a string which is (part of) the final output string. */
1571 fv_p = fields->field_values[indx];
1573 switch (fields->occurrence) {
1575 /* print the value of only the first occurrence of the field */
1576 if (g_ptr_array_len(fv_p) != 0)
1580 /* print the value of only the last occurrence of the field */
1581 g_ptr_array_set_size(fv_p, 0);
1584 /* print the value of all accurrences of the field */
1585 /* If not the first, add the 'aggregator' */
1586 if (g_ptr_array_len(fv_p) > 0) {
1587 g_ptr_array_add(fv_p, (gpointer)ep_strdup_printf("%c", fields->aggregator));
1591 g_assert_not_reached();
1595 g_ptr_array_add(fv_p, (gpointer)value);
1598 static void proto_tree_get_node_field_values(proto_node *node, gpointer data)
1600 write_field_data_t *call_data;
1602 gpointer field_index;
1604 call_data = (write_field_data_t *)data;
1605 fi = PNODE_FINFO(node);
1607 /* dissection with an invisible proto tree? */
1610 field_index = g_hash_table_lookup(call_data->fields->field_indicies, fi->hfinfo->abbrev);
1611 if (NULL != field_index) {
1612 format_field_values(call_data->fields, field_index,
1613 get_node_field_value(fi, call_data->edt) /* static or ep_alloc'd string */
1618 if (node->first_child != NULL) {
1619 proto_tree_children_foreach(node, proto_tree_get_node_field_values,
1624 void proto_tree_write_fields(output_fields_t *fields, epan_dissect_t *edt, column_info *cinfo, FILE *fh)
1629 gpointer field_index;
1631 write_field_data_t data;
1634 g_assert(fields->fields);
1638 data.fields = fields;
1641 if (NULL == fields->field_indicies) {
1642 /* Prepare a lookup table from string abbreviation for field to its index. */
1643 fields->field_indicies = g_hash_table_new(g_str_hash, g_str_equal);
1646 while (i < fields->fields->len) {
1647 gchar *field = (gchar *)g_ptr_array_index(fields->fields, i);
1648 /* Store field indicies +1 so that zero is not a valid value,
1649 * and can be distinguished from NULL as a pointer.
1652 g_hash_table_insert(fields->field_indicies, field, GUINT_TO_POINTER(i));
1656 /* Array buffer to store values for this packet */
1657 /* Allocate an array for the 'GPtrarray *' the first time */
1658 /* ths function is invoked for a file; */
1659 /* Any and all 'GPtrArray *' are freed (after use) each */
1660 /* time (each packet) this function is invoked for a flle. */
1661 /* XXX: ToDo: use packet-scope'd memory & (if/when implemented) wmem ptr_array */
1662 if (NULL == fields->field_values)
1663 fields->field_values = g_new0(GPtrArray*, fields->fields->len); /* free'd in output_fields_free() */
1665 proto_tree_children_foreach(edt->tree, proto_tree_get_node_field_values,
1668 if (fields->includes_col_fields) {
1669 for (col = 0; col < cinfo->num_cols; col++) {
1670 /* Prepend COLUMN_FIELD_FILTER as the field name */
1671 col_name = ep_strdup_printf("%s%s", COLUMN_FIELD_FILTER, cinfo->col_title[col]);
1672 field_index = g_hash_table_lookup(fields->field_indicies, col_name);
1674 if (NULL != field_index) {
1675 format_field_values(fields, field_index, cinfo->col_data[col]);
1680 for(i = 0; i < fields->fields->len; ++i) {
1682 fputc(fields->separator, fh);
1684 if (NULL != fields->field_values[i]) {
1687 fv_p = fields->field_values[i];
1688 if (fields->quote != '\0') {
1689 fputc(fields->quote, fh);
1692 /* Output the array of (partial) field values */
1693 for (j = 0; j < g_ptr_array_len(fv_p); j++ ) {
1694 fputs((gchar *)g_ptr_array_index(fv_p, j), fh);
1696 if (fields->quote != '\0') {
1697 fputc(fields->quote, fh);
1699 g_ptr_array_free(fv_p, TRUE); /* get ready for the next packet */
1700 fields->field_values[i] = NULL;
1705 void write_fields_finale(output_fields_t* fields _U_ , FILE *fh _U_)
1710 /* Returns an ep_alloced string or a static constant*/
1711 const gchar* get_node_field_value(field_info* fi, epan_dissect_t* edt)
1713 if (fi->hfinfo->id == hf_text_only) {
1717 return fi->rep->representation;
1720 return get_field_hex_value(edt->pi.data_src, fi);
1723 else if (fi->hfinfo->id == proto_data) {
1724 /* Uninterpreted data, i.e., the "Data" protocol, is
1725 * printed as a field instead of a protocol. */
1726 return get_field_hex_value(edt->pi.data_src, fi);
1729 /* Normal protocols and fields */
1730 gchar *dfilter_string;
1733 switch (fi->hfinfo->type)
1736 /* Print out the full details for the protocol. */
1738 return fi->rep->representation;
1740 /* Just print out the protocol abbreviation */
1741 return fi->hfinfo->abbrev;
1744 /* Return "1" so that the presence of a field of type
1745 * FT_NONE can be checked when using -T fields */
1748 /* XXX - this is a hack until we can just call
1749 * fvalue_to_string_repr() for *all* FT_* types. */
1750 dfilter_string = proto_construct_match_selected_string(fi,
1752 if (dfilter_string != NULL) {
1753 chop_len = strlen(fi->hfinfo->abbrev) + 4; /* for " == " */
1755 /* XXX - Remove double-quotes. Again, once we
1756 * can call fvalue_to_string_repr(), we can
1757 * ask it not to produce the version for
1758 * display-filters, and thus, no
1760 if (dfilter_string[strlen(dfilter_string)-1] == '"') {
1761 dfilter_string[strlen(dfilter_string)-1] = '\0';
1765 return &(dfilter_string[chop_len]);
1767 return get_field_hex_value(edt->pi.data_src, fi);
1774 get_field_hex_value(GSList *src_list, field_info *fi)
1781 if (fi->length > tvb_length_remaining(fi->ds_tvb, fi->start)) {
1782 return "field length invalid!";
1785 /* Find the data for this field. */
1786 pd = get_field_data(src_list, fi);
1793 const int chars_per_byte = 2;
1795 len = chars_per_byte * fi->length;
1796 buffer = ep_alloc_array(gchar, len + 1);
1797 buffer[len] = '\0'; /* Ensure NULL termination in bad cases */
1799 /* Print a simple hex dump */
1800 for (i = 0 ; i < fi->length; i++) {
1801 g_snprintf(p, chars_per_byte+1, "%02x", pd[i]);
1802 p += chars_per_byte;
git.samba.org / metze / wireshark / wip.git / blob