* throws a DissectorError exception, with the assertion failure
* message as a parameter, so that it can show up in the protocol tree.
*
+ * NOTE: this should only be used to detect bugs in the dissector (e.g., logic
+ * conditions that shouldn't happen). It should NOT be used for showing
+ * that a packet is malformed. For that, use expert_infos instead.
+ *
* @param expression expression to test in the assertion
*/
#define DISSECTOR_ASSERT(expression) \
/** Same as DISSECTOR_ASSERT(), but will throw DissectorError exception
* unconditionally, much like GLIB's g_assert_not_reached works.
+ *
+ * NOTE: this should only be used to detect bugs in the dissector (e.g., logic
+ * conditions that shouldn't happen). It should NOT be used for showing
+ * that a packet is malformed. For that, use expert_infos instead.
+ *
*/
#define DISSECTOR_ASSERT_NOT_REACHED() \
(REPORT_DISSECTOR_BUG( \
ep_strdup_printf("%s:%u: failed assertion \"%s\"", \
file, lineno, __DISSECTOR_ASSERT_STRINGIFY(expression))))
+/*
+ * The encoding of a field of a particular type may involve more
+ * than just whether it's big-endian or little-endian and its size.
+ *
+ * For integral values, that's it, as 99.9999999999999% of the machines
+ * out there are 2's complement binary machines with 8-bit bytes,
+ * so the protocols out there expect that and, for example, any Unisys
+ * 2200 series machines out there just have to translate between 2's
+ * complement and 1's complement (and nobody's put any IBM 709x's on
+ * any networks lately :-)).
+ *
+ * However:
+ *
+ * for floating-point numbers, in addition to IEEE decimal
+ * floating-point, there's also IBM System/3x0 and PDP-11/VAX
+ * floating-point - most protocols use IEEE binary, but DCE RPC
+ * can use other formats if that's what the sending host uses;
+ *
+ * for character strings, there are various character encodings
+ * (various ISO 646 sets, ISO 8859/x, various other national
+ * standards, various DOS and Windows encodings, various Mac
+ * encodings, UTF-8, UTF-16, other extensions to ASCII, EBCDIC,
+ * etc.);
+ *
+ * for absolute times, there's UNIX time_t, UNIX time_t followed
+ * by 32-bit microseconds, UNIX time_t followed by 32-bit
+ * nanoseconds, DOS date/time, Windows FILETIME, NTP time, etc..
+ *
+ * We might also, in the future, want to allow a field specifier to
+ * indicate the encoding of the field, or at least its default
+ * encoding, as most fields in most protocols always use the
+ * same encoding (although that's not true of all fields, so we
+ * still need to be able to specify that at run time).
+ *
+ * So, for now, we define ENC_BIG_ENDIAN and ENC_LITTLE_ENDIAN as
+ * bit flags, to be combined, in the future, with other information
+ * to specify the encoding in the last argument to
+ * proto_tree_add_item(), and possibly to specify in a field
+ * definition (e.g., ORed in with the type value).
+ *
+ * Currently, proto_tree_add_item() treats its last argument as a
+ * Boolean - if it's zero, the field is big-endian, and if it's non-zero,
+ * the field is little-endian - and other code in epan/proto.c does
+ * the same. We therefore define ENC_BIG_ENDIAN as 0x00000000 and
+ * ENC_LITTLE_ENDIAN as 0x80000000 - we're using the high-order bit
+ * so that we could put a field type and/or a value such as a character
+ * encoding in the lower bits.
+ *
+ * For protocols (FT_PROTOCOL), aggregate items with subtrees (FT_NONE),
+ * opaque byte-array fields (FT_BYTES), and other fields where there
+ * is no choice of encoding (either because it's "just a bucket
+ * of bytes" or because the encoding is completely fixed), we
+ * have ENC_NA (for "Not Applicable").
+ */
+#define ENC_BIG_ENDIAN 0x00000000
+#define ENC_LITTLE_ENDIAN 0x80000000
+
+#define ENC_NA 0x00000000
+
/* Values for header_field_info.display */
/* For integral types, the display format is a base_display_e value
* possibly ORed with BASE_RANGE_STRING. */
-/* BASE_DISPLAY_E_MASK selects the base_display_e value. Its current
+/** BASE_DISPLAY_E_MASK selects the base_display_e value. Its current
* value means that we may have at most 16 base_display_e values. */
#define BASE_DISPLAY_E_MASK 0x0F
* want to use specials MACROs (for the moment, only RVALS) for a
* header_field_info */
#define BASE_RANGE_STRING 0x10
+#define BASE_EXT_STRING 0x20
-/* BASE_ values that cause the field value to be displayed twice */
+/** BASE_ values that cause the field value to be displayed twice */
#define IS_BASE_DUAL(b) ((b)==BASE_DEC_HEX||(b)==BASE_HEX_DEC)
/* For FT_ABSOLUTE_TIME, the display format is an absolute_time_display_e
const char *name; /**< full name of this field */
const char *abbrev; /**< abbreviated name of this field */
enum ftenum type; /**< field type, one of FT_ (from ftypes.h) */
- int display; /**< one of BASE_, or number of field bits for FT_BOOLEAN */
+ int display; /**< one of BASE_, or field bit-width if FT_BOOLEAN and non-zero bitmask */
const void *strings; /**< value_string, range_string or true_false_string,
typically converted by VALS(), RVALS() or TFS().
If this is an FT_PROTOCOL then it points to the
const char *blurb; /**< Brief description of field */
/* ------- set by proto routines (prefilled by HFILL macro, see below) ------ */
- int id; /**< Field ID */
- int parent; /**< parent protocol tree */
- hf_ref_type ref_type; /**< is this field referenced by a filter */
- int bitshift; /**< bits to shift */
+ int id; /**< Field ID */
+ int parent; /**< parent protocol tree */
+ hf_ref_type ref_type; /**< is this field referenced by a filter */
+ int bitshift; /**< bits to shift */
header_field_info *same_name_next; /**< Link to next hfinfo with same abbrev */
header_field_info *same_name_prev; /**< Link to previous hfinfo with same abbrev */
};
/** Used when registering many fields at once, using proto_register_field_array() */
typedef struct hf_register_info {
- int *p_id; /**< written to by register() function */
- header_field_info hfinfo; /**< the field info to be registered */
+ int *p_id; /**< written to by register() function */
+ header_field_info hfinfo; /**< the field info to be registered */
} hf_register_info;
/** Contains the field information for the proto_item. */
typedef struct field_info {
header_field_info *hfinfo; /**< pointer to registered field information */
- gint start; /**< current start of data in field_info.ds_tvb */
- gint length; /**< current data length of item in field_info.ds_tvb */
- gint appendix_start; /**< start of appendix data */
- gint appendix_length; /**< length of appendix data */
- gint tree_type; /**< one of ETT_ or -1 */
+ gint start; /**< current start of data in field_info.ds_tvb */
+ gint length; /**< current data length of item in field_info.ds_tvb */
+ gint appendix_start; /**< start of appendix data */
+ gint appendix_length; /**< length of appendix data */
+ gint tree_type; /**< one of ETT_ or -1 */
item_label_t *rep; /**< string for GUI tree */
- guint32 flags; /**< bitfield like FI_GENERATED, ... */
- tvbuff_t *ds_tvb; /**< data source tvbuff */
- fvalue_t value;
+ guint32 flags; /**< bitfield like FI_GENERATED, ... */
+ tvbuff_t *ds_tvb; /**< data source tvbuff */
+ fvalue_t value;
} field_info;
/** The protocol field should not be shown in the tree (it's used for filtering only),
* used in field_info.flags. */
-/* HIDING PROTOCOL FIELDS IS DEPRECATED, IT'S CONSIDERED TO BE BAD GUI DESIGN!
+/** HIDING PROTOCOL FIELDS IS DEPRECATED, IT'S CONSIDERED TO BE BAD GUI DESIGN!
A user cannot tell by looking at the packet detail that the field exists
and that they can filter on its value. */
#define FI_HIDDEN 0x00000001
/** The protocol field is actually a URL */
#define FI_URL 0x00000004
+/** The protocol field value is in little endian */
+#define FI_LITTLE_ENDIAN 0x00000008
+/** The protocol field value is in big endian */
+#define FI_BIG_ENDIAN 0x00000010
+/** Field value start from nth bit (values from 0x20 - 0x100) */
+#define FI_BITS_OFFSET(n) ((n & 7) << 5)
+/** Field value takes n bits (values from 0x100 - 0x4000) */
+/* if 0, it means that field takes fi->length * 8 */
+#define FI_BITS_SIZE(n) ((n & 63) << 8)
+
/** convenience macro to get field_info.flags */
#define FI_GET_FLAG(fi, flag) ((fi) ? (fi->flags & flag) : 0)
/** convenience macro to set field_info.flags */
(fi)->flags = (fi)->flags | (flag); \
} while(0)
+#define FI_GET_BITS_OFFSET(fi) (FI_GET_FLAG(fi, FI_BITS_OFFSET(7)) >> 5)
+#define FI_GET_BITS_SIZE(fi) (FI_GET_FLAG(fi, FI_BITS_SIZE(63)) >> 8)
+
/** One of these exists for the entire protocol tree. Each proto_node
* in the protocol tree points to the same copy. */
typedef struct {
*/
/* expert severities */
-#define PI_SEVERITY_MASK 0x00000E00 /* mask usually for internal use only! */
+#define PI_SEVERITY_MASK 0x00F00000 /**< mask usually for internal use only! */
/** Usual workflow, e.g. TCP connection establishing */
-#define PI_CHAT 0x00000200
+#define PI_CHAT 0x00200000
/** Notable messages, e.g. an application returned an "usual" error code like HTTP 404 */
-#define PI_NOTE 0x00000400
+#define PI_NOTE 0x00400000
/** Warning, e.g. application returned an "unusual" error code */
-#define PI_WARN 0x00000600
+#define PI_WARN 0x00600000
/** Serious problems, e.g. [Malformed Packet] */
-#define PI_ERROR 0x00000800
+#define PI_ERROR 0x00800000
/* expert "event groups" */
-#define PI_GROUP_MASK 0xFFFFF000 /* mask usually for internal use only! */
+#define PI_GROUP_MASK 0xFF000000 /**< mask usually for internal use only! */
/** The protocol field has a bad checksum, usually PI_WARN */
-#define PI_CHECKSUM 0x00001000
+
+#define PI_CHECKSUM 0x01000000
/** The protocol field indicates a sequence problem (e.g. TCP window is zero) */
-#define PI_SEQUENCE 0x00002000
+#define PI_SEQUENCE 0x02000000
/** The protocol field indicates a bad application response code (e.g. HTTP 404), usually PI_NOTE */
-#define PI_RESPONSE_CODE 0x00004000
+#define PI_RESPONSE_CODE 0x03000000
/** The protocol field indicates an application request (e.g. File Handle == xxxx), usually PI_CHAT */
-#define PI_REQUEST_CODE 0x00005000
+#define PI_REQUEST_CODE 0x04000000
/** The data is undecoded, the protocol dissection is incomplete here, usually PI_WARN */
-#define PI_UNDECODED 0x00008000
+#define PI_UNDECODED 0x05000000
/** The protocol field indicates a reassemble (e.g. DCE/RPC defragmentation), usually PI_CHAT (or PI_ERROR) */
-#define PI_REASSEMBLE 0x00010000
+#define PI_REASSEMBLE 0x06000000
/** The packet data is malformed, the dissector has "given up", usually PI_ERROR */
-#define PI_MALFORMED 0x00020000
+#define PI_MALFORMED 0x07000000
/** A generic debugging message (shouldn't remain in production code!), usually PI_ERROR */
-#define PI_DEBUG 0x00040000
+#define PI_DEBUG 0x08000000
/** The protocol field violates a protocol specification, usually PI_WARN */
-#define PI_PROTOCOL 0x00080000
+#define PI_PROTOCOL 0x09000000
/* The protocol field indicates a security probem (e.g. unsecure implementation) */
-#define PI_SECURITY 0x00100000
+#define PI_SECURITY 0x0a000000
/* add more, see http://wiki.wireshark.org/Development/ExpertInfo */
extern gboolean proto_tree_traverse_post_order(proto_tree *tree,
proto_tree_traverse_func func, gpointer data);
+
extern void proto_tree_children_foreach(proto_tree *tree,
proto_tree_foreach_func func, gpointer data);
extern void proto_item_append_text(proto_item *ti, const char *format, ...)
G_GNUC_PRINTF(2,3);
+/** Prepend to text of item after it has already been created.
+ @param ti the item to prepend the text to
+ @param format printf like format string
+ @param ... printf like parameters */
+extern void proto_item_prepend_text(proto_item *ti, const char *format, ...)
+ G_GNUC_PRINTF(2,3);
+
/** Set proto_item's length inside tvb, after it has already been created.
@param ti the item to set the length
@param length the new length ot the item */
@param tvb the tv buffer of the current data
@param start start of data in tvb
@param length length of data in tvb
- @param little_endian big or little endian byte representation
+ @param encoding data encoding
@return the newly created item */
extern proto_item *
proto_tree_add_item(proto_tree *tree, const int hfindex, tvbuff_t *tvb,
- const gint start, gint length, const gboolean little_endian);
+ const gint start, gint length, const guint encoding);
/** Add a text-only node to a proto_tree.
@param tree the tree to append this item to
tree. Works with any tree, primed or unprimed, and is slower than
proto_get_finfo_ptr_array because it has to search through the tree.
@param tree tree of interest
- @param hfidex index of field info of interest
+ @param hfindex index of field info of interest
@return GPtrArry pointer */
extern GPtrArray* proto_find_finfo(proto_tree *tree, const int hfindex);
@param tree the tree to append this item to
@param tvb the tv buffer of the current data
@param offset start of data in tvb
+ @param len length of the field name
@param name field name (NULL if bitfield contents should be used)
@param fallback field name if none of bitfields were usable
@param ett subtree index
@param fields NULL-terminated array of bitfield indexes
@param little_endian big or little endian byte representation
+ @param little_endian big or little endian byte representation
+ @param flags
@return the newly created item */
extern proto_item *
proto_tree_add_bitmask_text(proto_tree *tree, tvbuff_t *tvb, const guint offset, const guint len,
/** Add bits to a proto_tree, using the text label registered to that item.
The item is extracted from the tvbuff handed to it.
@param tree the tree to append this item to
- @param hfindex field index. Fields for use with this function should have bitmask==0.
+ @param hf_index field index. Fields for use with this function should have bitmask==0.
@param tvb the tv buffer of the current data
@param bit_offset start of data in tvb expressed in bits
@param no_of_bits length of data in tvb expressed in bits
/** Add bits to a proto_tree, using the text label registered to that item.
The item is extracted from the tvbuff handed to it.
@param tree the tree to append this item to
- @param hfindex field index. Fields for use with this function should have bitmask==0.
+ @param hf_index field index. Fields for use with this function should have bitmask==0.
@param tvb the tv buffer of the current data
@param bit_offset start of data in tvb expressed in bits
@param no_of_bits length of data in tvb expressed in bits
header field to a proto_tree, with the format generating the
string for the value and with the field name being included automatically.
@param tree the tree to append this item to
- @param hfindex field index
+ @param hf_index field index
@param tvb the tv buffer of the current data
@param bit_offset start of data in tvb expressed in bits
@param no_of_bits length of data in tvb expressed in bit
@param value data to display
@param format printf like format string
- @param ... printf like parameters
@return the newly created item */
extern proto_item *
proto_tree_add_uint_bits_format_value(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const gint bit_offset, const gint no_of_bits,
the format generating the string for the value and with the field
name being included automatically.
@param tree the tree to append this item to
- @param hfindex field index
+ @param hf_index field index
@param tvb the tv buffer of the current data
@param bit_offset start of data in tvb expressed in bits
@param no_of_bits length of data in tvb expressed in bit
header field to a proto_tree, with the format generating the
string for the value and with the field name being included automatically.
@param tree the tree to append this item to
- @param hfindex field index
+ @param hf_index field index
@param tvb the tv buffer of the current data
@param bit_offset start of data in tvb expressed in bits
@param no_of_bits length of data in tvb expressed in bit
the format generating the string for the value and with the field
name being included automatically.
@param tree the tree to append this item to
- @param hfindex field index
+ @param hf_index field index
@param tvb the tv buffer of the current data
@param bit_offset start of data in tvb expressed in bits
@param no_of_bits length of data in tvb expressed in bit
/** Check if given string is a valid field name
+ @param tree the tree to append this item to
@param field_id the field id used for custom column
+ @param occurrence the occurrence of the field used for custom column
@param result the buffer to fill with the field string
@param expr the filter expression
- @param aize the size of the string buffer */
+ @param size the size of the string buffer */
const gchar *
proto_custom_set(proto_tree* tree, const int field_id,
+ gint occurrence,
gchar *result,
gchar *expr, const int size );
git.samba.org / obnox / wireshark / wip.git / blobdiff