epan/expert.c

   1 /* expert.c
   2  * Collecting Expert information.
   3  *
   4  * Implemented as a tap named "expert".
   5  *
   6  * $Id$
   7  *
   8  * Wireshark - Network traffic analyzer
   9  * By Gerald Combs <gerald@wireshark.org>
  10  * Copyright 1998 Gerald Combs
  11  *
  12  * This program is free software; you can redistribute it and/or
  13  * modify it under the terms of the GNU General Public License
  14  * as published by the Free Software Foundation; either version 2
  15  * of the License, or (at your option) any later version.
  16  *
  17  * This program is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU General Public License
  23  * along with this program; if not, write to the Free Software
  24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  25  */
  26
  27 #ifdef HAVE_CONFIG_H
  28 # include "config.h"
  29 #endif
  30
  31 #include "packet.h"
  32 #include "expert.h"
  33 #include "emem.h"
  34 #include "tap.h"
  35
  36
  37
  38 static int expert_tap         = -1;
  39 static int proto_expert       = -1;
  40 static int highest_severity   =  0;
  41
  42 static int ett_expert         = -1;
  43 static int ett_subexpert      = -1;
  44
  45 static int hf_expert_msg      = -1;
  46 static int hf_expert_group    = -1;
  47 static int hf_expert_severity = -1;
  48
  49 const value_string expert_group_vals[] = {
  50         { PI_CHECKSUM,          "Checksum" },
  51         { PI_SEQUENCE,          "Sequence" },
  52         { PI_RESPONSE_CODE,     "Response" },
  53         { PI_REQUEST_CODE,      "Request" },
  54         { PI_UNDECODED,         "Undecoded" },
  55         { PI_REASSEMBLE,        "Reassemble" },
  56         { PI_MALFORMED,         "Malformed" },
  57         { PI_DEBUG,             "Debug" },
  58 /*      { PI_SECURITY,          "Security" },*/
  59         { 0, NULL }
  60 };
  61
  62 const value_string expert_severity_vals[] = {
  63         { PI_ERROR,             "Error" },
  64         { PI_WARN,              "Warn" },
  65         { PI_NOTE,              "Note" },
  66         { PI_CHAT,              "Chat" },
  67         { 0,                    "Ok" },
  68         { 0, NULL }
  69 };
  70
  71 void
  72 expert_init(void)
  73 {
  74         static hf_register_info hf[] = {
  75                 { &hf_expert_msg,
  76                         { "Message", "expert.message", FT_STRING, BASE_NONE, NULL, 0, "Wireshark expert information", HFILL }
  77                 },
  78                 { &hf_expert_group,
  79                         { "Group", "expert.group", FT_UINT32, BASE_NONE, VALS(expert_group_vals), 0, "Wireshark expert group", HFILL }
  80                 },
  81                 { &hf_expert_severity,
  82                         { "Severity level", "expert.severity", FT_UINT32, BASE_NONE, VALS(expert_severity_vals), 0, "Wireshark expert severity level", HFILL }
  83                 }
  84         };
  85         static gint *ett[] = {
  86                 &ett_expert,
  87                 &ett_subexpert
  88         };
  89
  90         if(expert_tap == -1) {
  91                 expert_tap = register_tap("expert");
  92         }
  93
  94         if (proto_expert == -1) {
  95                 proto_expert = proto_register_protocol("Expert Info", "Expert", "expert");
  96                 proto_register_field_array(proto_expert, hf, array_length(hf));
  97                 proto_register_subtree_array(ett, array_length(ett));
  98                 proto_set_cant_toggle(proto_expert);
  99         }
 100
 101         highest_severity = 0;
 102 }
 103
 104
 105 void
 106 expert_cleanup(void)
 107 {
 108         /* memory cleanup will be done by se_... */
 109 }
 110
 111
 112 int
 113 expert_get_highest_severity(void)
 114 {
 115         return highest_severity;
 116 }
 117
 118
 119 /* set's the PI_ flags to a protocol item
 120  * (and its parent items till the toplevel) */
 121 static void
 122 expert_set_item_flags(proto_item *pi, int group, int severity)
 123 {
 124
 125         if(proto_item_set_expert_flags(pi, group, severity)) {
 126                 /* propagate till toplevel item */
 127                 pi = proto_item_get_parent(pi);
 128                 expert_set_item_flags(pi, group, severity);
 129         }
 130 }
 131
 132 static proto_tree*
 133 expert_create_tree(proto_item *pi, int group, int severity, const char *msg)
 134 {
 135         proto_tree *tree;
 136         proto_item *ti;
 137
 138         tree = proto_item_add_subtree(pi, ett_expert);
 139         ti = proto_tree_add_protocol_format(tree, proto_expert, NULL, 0, 0, "Expert Info (%s/%s): %s",
 140                                             val_to_str(severity, expert_severity_vals, "?%u?"),
 141                                             val_to_str(group, expert_group_vals, "?%u?"),
 142                                             msg);
 143         PROTO_ITEM_SET_GENERATED(ti);
 144
 145         return proto_item_add_subtree(ti, ett_subexpert);
 146 }
 147
 148 static void
 149 expert_set_info_vformat(
 150 packet_info *pinfo, proto_item *pi, int group, int severity, const char *format, va_list ap)
 151 {
 152         char            formatted[300];
 153         int             tap;
 154         expert_info_t   *ei;
 155         proto_tree      *tree;
 156         proto_item      *ti;
 157
 158
 159         /* if this packet isn't loaded because of a read filter, don't output anything */
 160         if(pinfo == NULL || pinfo->fd->num == 0) {
 161                 return;
 162         }
 163
 164         if(severity > highest_severity) {
 165                 highest_severity = severity;
 166         }
 167
 168         if(pi != NULL && pi->finfo != NULL) {
 169                 expert_set_item_flags(pi, group, severity);
 170         }
 171
 172         if (check_col(pinfo->cinfo, COL_EXPERT))
 173                 col_add_str(pinfo->cinfo, COL_EXPERT, val_to_str(severity, expert_severity_vals, "?%u?"));
 174
 175         tap = have_tap_listener(expert_tap);
 176
 177         /* XXX - use currently nonexistant se_vsnprintf instead */
 178         g_vsnprintf(formatted, sizeof(formatted), format, ap);
 179
 180         tree = expert_create_tree(pi, group, severity, formatted);
 181         ti = proto_tree_add_string(tree, hf_expert_msg, NULL, 0, 0, formatted);
 182         PROTO_ITEM_SET_GENERATED(ti);
 183         ti = proto_tree_add_uint(tree, hf_expert_severity, NULL, 0, 0, severity);
 184         PROTO_ITEM_SET_GENERATED(ti);
 185         ti = proto_tree_add_uint(tree, hf_expert_group, NULL, 0, 0, group);
 186         PROTO_ITEM_SET_GENERATED(ti);
 187
 188         if (!tap)
 189                 return;
 190
 191         ei = ep_alloc(sizeof(expert_info_t));
 192
 193         ei->packet_num  = pinfo->fd->num;
 194         ei->group       = group;
 195         ei->severity    = severity;
 196         ei->protocol    = pinfo->current_proto; /* ep_strdup(pinfo->current_proto); it's a const */
 197         ei->summary     = ep_strdup(formatted);
 198         ei->pitem       = NULL;
 199
 200         /* if we have a proto_item (not a faked item), set expert attributes to it */
 201         if(pi != NULL && PITEM_FINFO(pi) != NULL) {
 202                 ei->pitem = pi;
 203         }
 204
 205         tap_queue_packet(expert_tap, pinfo, ei);
 206 }
 207
 208
 209 void
 210 expert_add_info_format(
 211 packet_info *pinfo, proto_item *pi, int group, int severity, const char *format, ...)
 212 {
 213         va_list ap;
 214
 215
 216         va_start(ap, format);
 217         expert_set_info_vformat(pinfo, pi, group, severity, format, ap);
 218         va_end(ap);
 219 }
 220
 221