*
* Gilbert Ramirez <gram@alumni.rice.edu>
*
- * Ethereal - Network traffic analyzer
- * By Gerald Combs <gerald@ethereal.com>
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/* With MSVC and a libethereal.dll this file needs to import some variables
- in a special way. Therefore _NEED_VAR_IMPORT_ is defined. */
-#define _NEED_VAR_IMPORT_
-
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <epan/epan_dissect.h>
#include <epan/tvbuff.h>
#include <epan/packet.h>
+#include <epan/emem.h>
#include "packet-range.h"
#include "print.h"
#include "ps.h"
+#include "file_util.h"
#include <epan/charsets.h>
#include <epan/dissectors/packet-data.h>
#include <epan/dissectors/packet-frame.h>
epan_dissect_t *edt;
} write_pdml_data;
+typedef struct {
+ output_fields_t* fields;
+ epan_dissect_t *edt;
+} write_field_data_t;
+
+struct _output_fields {
+ gboolean print_header;
+ gchar separator;
+ GPtrArray* fields;
+ GHashTable* field_indicies;
+ const gchar** field_values;
+ gchar quote;
+};
+
+static const gchar* get_field_hex_value(GSList* src_list, field_info *fi);
+static const gchar* get_node_field_value(field_info* fi, epan_dissect_t* edt);
static void proto_tree_print_node(proto_node *node, gpointer data);
static void proto_tree_write_node_pdml(proto_node *node, gpointer data);
static const guint8 *get_field_data(GSList *src_list, field_info *fi);
guint length, char_enc encoding);
static void ps_clean_string(unsigned char *out, const unsigned char *in,
int outbuf_size);
-static void print_escaped_xml(FILE *fh, char *unescaped_string);
+static void print_escaped_xml(FILE *fh, const char *unescaped_string);
static void print_pdml_geninfo(proto_tree *tree, FILE *fh);
+static void proto_tree_get_node_field_values(proto_node *node, gpointer data);
+
static FILE *
open_print_dest(int to_file, const char *dest)
{
/* Open the file or command for output */
if (to_file)
- fh = fopen(dest, "w");
+ fh = eth_fopen(dest, "w");
else
fh = popen(dest, "w");
proto_item_fill_label(fi, label_str);
}
+ if (PROTO_ITEM_IS_GENERATED(node)) {
+ label_ptr = g_strdup_printf("[%s]", label_ptr);
+ }
+
if (!print_line(pdata->stream, pdata->level, label_ptr)) {
pdata->success = FALSE;
return;
}
+ if (PROTO_ITEM_IS_GENERATED(node)) {
+ g_free(label_ptr);
+ }
+
/* If it's uninterpreted data, dump it (unless our caller will
be printing the entire packet in hex). */
if (fi->hfinfo->id == proto_data && pdata->print_hex_for_data) {
{
field_info *fi = PITEM_FINFO(node);
write_pdml_data *pdata = (write_pdml_data*) data;
- gchar *label_ptr;
+ const gchar *label_ptr;
gchar label_str[ITEM_LABEL_LENGTH];
char *dfilter_string;
int chop_len;
int i;
+ /* Will wrap up top-level field items inside a fake protocol wrapper to
+ preserve the PDML schema */
+ gboolean wrap_in_fake_protocol =
+ (((fi->hfinfo->type != FT_PROTOCOL) ||
+ (fi->hfinfo->id == proto_data)) &&
+ (pdata->level == 0));
+
+ /* Indent to the correct level */
for (i = -1; i < pdata->level; i++) {
fputs(" ", pdata->fh);
}
+ if (wrap_in_fake_protocol) {
+ /* Open fake protocol wrapper */
+ fputs("<proto name=\"fake-field-wrapper\">\n", pdata->fh);
+
+ /* Indent to increased level before writint out field */
+ pdata->level++;
+ for (i = -1; i < pdata->level; i++) {
+ fputs(" ", pdata->fh);
+ }
+ }
+
/* Text label. It's printed as a field with no name. */
if (fi->hfinfo->id == hf_text_only) {
/* Get the text */
label_ptr = "";
}
- fputs("<field show=\"", pdata->fh);
+ /* Show empty name since it is a required field */
+ fputs("<field name=\"", pdata->fh);
+ fputs("\" show=\"", pdata->fh);
print_escaped_xml(pdata->fh, label_ptr);
fprintf(pdata->fh, "\" size=\"%d", fi->length);
fputs("\"/>\n", pdata->fh);
}
}
+
/* Uninterpreted data, i.e., the "Data" protocol, is
* printed as a field instead of a protocol. */
else if (fi->hfinfo->id == proto_data) {
+ /* Write out field with data */
fputs("<field name=\"data\" value=\"", pdata->fh);
-
write_pdml_field_hex_value(pdata, fi);
-
fputs("\"/>\n", pdata->fh);
-
}
/* Normal protocols and fields */
else {
fprintf(pdata->fh, "\" pos=\"%d", fi->start);
/* fprintf(pdata->fh, "\" id=\"%d", fi->hfinfo->id);*/
- if (fi->hfinfo->type != FT_PROTOCOL) {
- /* Field */
-
+ /* show, value, and unmaskedvalue attributes */
+ switch (fi->hfinfo->type)
+ {
+ case FT_PROTOCOL:
+ break;
+ case FT_NONE:
+ fputs("\" show=\"\" value=\"", pdata->fh);
+ break;
+ default:
/* XXX - this is a hack until we can just call
* fvalue_to_string_repr() for *all* FT_* types. */
- dfilter_string = proto_construct_dfilter_string(fi,
- pdata->edt);
+ dfilter_string = proto_construct_match_selected_string(fi,
+ pdata->edt);
if (dfilter_string != NULL) {
chop_len = strlen(fi->hfinfo->abbrev) + 4; /* for " == " */
fputs("\" show=\"", pdata->fh);
print_escaped_xml(pdata->fh, &dfilter_string[chop_len]);
}
+
+ /*
+ * XXX - should we omit "value" for any fields?
+ * What should we do for fields whose length is 0?
+ * They might come from a pseudo-header or from
+ * the capture header (e.g., time stamps), or
+ * they might be generated fields.
+ */
if (fi->length > 0) {
fputs("\" value=\"", pdata->fh);
- write_pdml_field_hex_value(pdata, fi);
+
+ if (fi->hfinfo->bitmask!=0) {
+ fprintf(pdata->fh, "%X", fvalue_get_uinteger(&fi->value));
+ fputs("\" unmaskedvalue=\"", pdata->fh);
+ write_pdml_field_hex_value(pdata, fi);
+ }
+ else {
+ write_pdml_field_hex_value(pdata, fi);
+ }
}
}
pdata->level--;
}
+ /* Take back the extra level we added for fake wrapper protocol */
+ if (wrap_in_fake_protocol) {
+ pdata->level--;
+ }
+
if (node->first_child != NULL) {
+ /* Indent to correct level */
for (i = -1; i < pdata->level; i++) {
fputs(" ", pdata->fh);
}
- if (fi->hfinfo->type == FT_PROTOCOL) {
- fputs("</proto>\n", pdata->fh);
- }
- else {
- fputs("</field>\n", pdata->fh);
+ /* Close off current element */
+ if (fi->hfinfo->id != proto_data) { /* Data protocol uses simple tags */
+ if (fi->hfinfo->type == FT_PROTOCOL) {
+ fputs("</proto>\n", pdata->fh);
+ }
+ else {
+ fputs("</field>\n", pdata->fh);
+ }
}
}
+
+ /* Close off fake wrapper protocol */
+ if (wrap_in_fake_protocol) {
+ fputs("</proto>\n", pdata->fh);
+ }
}
/* Print info for a 'geninfo' pseudo-protocol. This is required by
- * the PDML spec. The information is contained in Ethereal's 'frame' protocol,
+ * the PDML spec. The information is contained in Wireshark's 'frame' protocol,
* but we produce a 'geninfo' protocol in the PDML to conform to spec.
* The 'frame' protocol follows the 'geninfo' protocol in the PDML. */
static void
if (g_ptr_array_len(finfo_array) < 1) {
return;
}
- num = fvalue_get_integer(&((field_info*)finfo_array->pdata[0])->value);
+ num = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
g_ptr_array_free(finfo_array, FALSE);
/* frame.pkt_len --> geninfo.len */
if (g_ptr_array_len(finfo_array) < 1) {
return;
}
- len = fvalue_get_integer(&((field_info*)finfo_array->pdata[0])->value);
+ len = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
g_ptr_array_free(finfo_array, FALSE);
/* frame.cap_len --> geninfo.caplen */
if (g_ptr_array_len(finfo_array) < 1) {
return;
}
- caplen = fvalue_get_integer(&((field_info*)finfo_array->pdata[0])->value);
+ caplen = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
g_ptr_array_free(finfo_array, FALSE);
/* frame.time --> geninfo.timestamp */
fputs("</psml>\n", fh);
}
+void
+write_csv_preamble(FILE *fh _U_)
+{
+
+}
+
+void
+proto_tree_write_csv(epan_dissect_t *edt, FILE *fh)
+{
+ gint i;
+
+ /* if this is the first packet, we have to write the CSV header */
+ if(edt->pi.fd->num == 1) {
+ for(i=0; i < edt->pi.cinfo->num_cols - 1; i++)
+ fprintf(fh, "\"%s\",", edt->pi.cinfo->col_title[i]);
+
+ fprintf(fh, "\"%s\"\n", edt->pi.cinfo->col_title[i]);
+ }
+
+ for(i=0; i < edt->pi.cinfo->num_cols - 1; i++)
+ fprintf(fh, "\"%s\",", edt->pi.cinfo->col_data[i]);
+
+ fprintf(fh, "\"%s\"\n", edt->pi.cinfo->col_data[i]);
+}
+
+void
+write_csv_finale(FILE *fh _U_)
+{
+
+}
+
+void
+write_carrays_preamble(FILE *fh _U_)
+{
+
+}
+
+void
+proto_tree_write_carrays(const guint8 *pd, guint32 len, guint32 num, FILE *fh)
+{
+ guint32 i = 0;
+
+ if (!len)
+ return;
+
+ fprintf(fh, "char pkt%u[] = {\n", num);
+
+ for (i = 0; i < len; i++) {
+
+ fprintf(fh, "0x%02x", *(pd + i));
+
+ if (i == (len - 1)) {
+ fprintf(fh, " };\n\n");
+ break;
+ }
+
+ if (!((i + 1) % 8)) {
+ fprintf(fh, ", \n");
+ } else {
+ fprintf(fh, ", ");
+ }
+ }
+}
+
+void
+write_carrays_finale(FILE *fh _U_)
+{
+
+}
+
/*
* Find the data source for a specified field, and return a pointer
* to the data in it. Returns NULL if the data is out of bounds.
/* Print a string, escaping out certain characters that need to
* escaped out for XML. */
static void
-print_escaped_xml(FILE *fh, char *unescaped_string)
+print_escaped_xml(FILE *fh, const char *unescaped_string)
{
- unsigned char *p;
+ const char *p;
for (p = unescaped_string; *p != '\0'; p++) {
switch (*p) {
if (multiple_sources) {
name = src->name;
print_line(stream, 0, "");
- line = g_malloc(strlen(name) + 2); /* <name>:\0 */
- strcpy(line, name);
- strcat(line, ":");
+ line = g_strdup_printf("%s:", name);
print_line(stream, 0, line);
g_free(line);
}
length = tvb_length(tvb);
+ if (length == 0)
+ return TRUE;
cp = tvb_get_ptr(tvb, 0, length);
if (!print_hex_data_buffer(stream, cp, length,
edt->pi.fd->flags.encoding))
* This routine is based on a routine created by Dan Lasley
* <DLASLEY@PROMUS.com>.
*
- * It was modified for Ethereal by Gilbert Ramirez and others.
+ * It was modified for Wireshark by Gilbert Ramirez and others.
*/
#define MAX_OFFSET_LEN 8 /* max length of hex offset of bytes */
print_preamble_ps(print_stream_t *self, gchar *filename)
{
output_ps *output = self->data;
- char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
+ unsigned char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
print_ps_preamble(output->fh);
fputs("\n", output->fh);
fputs("%% the page title\n", output->fh);
ps_clean_string(psbuffer, filename, MAX_PS_LINE_LENGTH);
- fprintf(output->fh, "/eth_pagetitle (%s - Ethereal) def\n", psbuffer);
+ fprintf(output->fh, "/eth_pagetitle (%s - Wireshark) def\n", psbuffer);
fputs("\n", output->fh);
return !ferror(output->fh);
}
print_line_ps(print_stream_t *self, int indent, const char *line)
{
output_ps *output = self->data;
- char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
+ unsigned char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
ps_clean_string(psbuffer, line, MAX_PS_LINE_LENGTH);
fprintf(output->fh, "%d (%s) putline\n", indent, psbuffer);
print_bookmark_ps(print_stream_t *self, const gchar *name, const gchar *title)
{
output_ps *output = self->data;
- char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
+ unsigned char psbuffer[MAX_PS_LINE_LENGTH]; /* static sized buffer! */
/*
* See the Adobe "pdfmark reference":
return stream;
}
+
+output_fields_t* output_fields_new()
+{
+ output_fields_t* fields = g_new(output_fields_t, 1);
+ fields->print_header = FALSE;
+ fields->separator = '\t';
+ fields->fields = NULL; /*Do lazy initialisation */
+ fields->field_indicies = NULL;
+ fields->field_values = NULL;
+ fields->quote='\0';
+ return fields;
+}
+
+gsize output_fields_num_fields(output_fields_t* fields)
+{
+ g_assert(fields);
+
+ if(NULL == fields->fields) {
+ return 0;
+ } else {
+ return fields->fields->len;
+ }
+}
+
+void output_fields_free(output_fields_t* fields)
+{
+ g_assert(fields);
+
+ if(NULL != fields->field_indicies) {
+ /* Keys are stored in fields->fields, values are
+ * integers.
+ */
+ g_hash_table_destroy(fields->field_indicies);
+ }
+ if(NULL != fields->fields) {
+ gsize i;
+ for(i = 0; i < fields->fields->len; ++i) {
+ gchar* field = g_ptr_array_index(fields->fields,i);
+ g_free(field);
+ }
+ g_ptr_array_free(fields->fields, TRUE);
+ }
+
+ g_free(fields);
+}
+
+void output_fields_add(output_fields_t* fields, const gchar* field)
+{
+ gchar* field_copy;
+
+ g_assert(fields);
+ g_assert(field);
+
+
+ if(NULL == fields->fields) {
+ fields->fields = g_ptr_array_new();
+ }
+
+ field_copy = g_strdup(field);
+
+ g_ptr_array_add(fields->fields, field_copy);
+}
+
+gboolean output_fields_set_option(output_fields_t* info, gchar* option)
+{
+ const gchar* option_name;
+ const gchar* option_value;
+
+ g_assert(info);
+ g_assert(option);
+
+ if('\0' == *option) {
+ return FALSE; /* Is this guarded against by option parsing? */
+ }
+ option_name = strtok(option,"=");
+ option_value = option + strlen(option_name) + 1;
+ if(0 == strcmp(option_name, "header")) {
+ switch(NULL == option_value ? '\0' : *option_value) {
+ case 'n':
+ info->print_header = FALSE;
+ break;
+ case 'y':
+ info->print_header = TRUE;
+ break;
+ default:
+ return FALSE;
+ }
+ return TRUE;
+ }
+
+ if(0 == strcmp(option_name,"separator")) {
+ switch(NULL == option_value ? '\0' : *option_value) {
+ case '\0':
+ return FALSE;
+ case '/':
+ switch(*++option_value) {
+ case 't':
+ info->separator = '\t';
+ break;
+ case 's':
+ info->separator = ' ';
+ break;
+ default:
+ info->separator = '\\';
+ }
+ break;
+ default:
+ info->separator = *option_value;
+ break;
+ }
+ return TRUE;
+ }
+
+ if(0 == strcmp(option_name, "quote")) {
+ switch(NULL == option_value ? '\0' : *option_value) {
+ default: /* Fall through */
+ case '\0':
+ info->quote='\0';
+ return FALSE;
+ case 'd':
+ info->quote='"';
+ break;
+ case 's':
+ info->quote='\'';
+ break;
+ case 'n':
+ info->quote='\0';
+ break;
+ }
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+void output_fields_list_options(FILE *fh)
+{
+ fprintf(fh, "TShark: The available options for field output \"E\" are:\n");
+ fputs("header=y|n Print field abbreviations as first line of output (def: N: no)\n", fh);
+ fputs("separator=/t|/s|<character> Set the separator to use; \"/t\" = tab,\n \"/s\" = space (def: /t: tab)\n", fh);
+ fputs("quote=d|s|n Print either d: double-quotes, s: single quotes or n: no quotes around field values (def: n: none)\n", fh);
+}
+
+
+void write_fields_preamble(output_fields_t* fields, FILE *fh)
+{
+ gsize i;
+
+ g_assert(fields);
+ g_assert(fh);
+
+ if(!fields->print_header) {
+ return;
+ }
+
+ for(i = 0; i < fields->fields->len; ++i) {
+ const gchar* field = g_ptr_array_index(fields->fields,i);
+ if(i != 0 ) {
+ fputc(fields->separator, fh);
+ }
+ fputs(field, fh);
+ }
+ fputc('\n', fh);
+}
+
+static void proto_tree_get_node_field_values(proto_node *node, gpointer data)
+{
+ write_field_data_t *call_data;
+ field_info *fi;
+ gpointer field_index;
+
+ call_data = data;
+ fi = PITEM_FINFO(node);
+
+ field_index = g_hash_table_lookup(call_data->fields->field_indicies, fi->hfinfo->abbrev);
+ if(NULL != field_index) {
+ const gchar* value;
+
+ value = get_node_field_value(fi, call_data->edt); /* ep_alloced string */
+
+ if(NULL != value && '\0' != *value) {
+ guint actual_index;
+ actual_index = GPOINTER_TO_UINT(field_index);
+ /* Unwrap change made to disambiguiate zero / null */
+ call_data->fields->field_values[actual_index - 1] = value;
+ }
+ }
+
+ /* Recurse here. */
+ if (node->first_child != NULL) {
+ proto_tree_children_foreach(node, proto_tree_get_node_field_values,
+ call_data);
+ }
+}
+
+void proto_tree_write_fields(output_fields_t* fields, epan_dissect_t *edt, FILE *fh)
+{
+ gsize i;
+
+ write_field_data_t data;
+
+ g_assert(fields);
+ g_assert(edt);
+ g_assert(fh);
+
+ data.fields = fields;
+ data.edt = edt;
+
+ if(NULL == fields->field_indicies) {
+ /* Prepare a lookup table from string abbreviation for field to its index. */
+ fields->field_indicies = g_hash_table_new(g_str_hash, g_str_equal);
+
+ i = 0;
+ while( i < fields->fields->len) {
+ gchar* field = g_ptr_array_index(fields->fields, i);
+ /* Store field indicies +1 so that zero is not a valid value,
+ * and can be distinguished from NULL as a pointer.
+ */
+ ++i;
+ g_hash_table_insert(fields->field_indicies, field, GUINT_TO_POINTER(i));
+ }
+ }
+
+ /* Buffer to store values for this packet */
+ fields->field_values = ep_alloc_array0(const gchar*, fields->fields->len);
+
+ proto_tree_children_foreach(edt->tree, proto_tree_get_node_field_values,
+ &data);
+
+ for(i = 0; i < fields->fields->len; ++i) {
+ if(0 != i) {
+ fputc(fields->separator, fh);
+ }
+ if(NULL != fields->field_values[i]) {
+ if(fields->quote != '\0') {
+ fputc(fields->quote, fh);
+ }
+ fputs(fields->field_values[i], fh);
+ if(fields->quote != '\0') {
+ fputc(fields->quote, fh);
+ }
+ }
+ }
+}
+
+void write_fields_finale(output_fields_t* fields _U_ , FILE *fh _U_)
+{
+ /* Nothing to do */
+}
+
+/* Returns an ep_alloced string or a static constant*/
+static const gchar* get_node_field_value(field_info* fi, epan_dissect_t* edt)
+{
+ if (fi->hfinfo->id == hf_text_only) {
+ /* Text label.
+ * Get the text */
+ if (fi->rep) {
+ return fi->rep->representation;
+ }
+ else {
+ return get_field_hex_value(edt->pi.data_src, fi);
+ }
+ }
+ else if (fi->hfinfo->id == proto_data) {
+ /* Uninterpreted data, i.e., the "Data" protocol, is
+ * printed as a field instead of a protocol. */
+ return get_field_hex_value(edt->pi.data_src, fi);
+ }
+ else {
+ /* Normal protocols and fields */
+ gchar *dfilter_string;
+ gint chop_len;
+
+ switch (fi->hfinfo->type)
+ {
+ case FT_PROTOCOL:
+ /* Print out the full details for the protocol. */
+ if (fi->rep) {
+ return fi->rep->representation;
+ } else {
+ /* Just print out the protocol abbreviation */
+ return fi->hfinfo->abbrev;;
+ }
+ case FT_NONE:
+ /* Return "1" so that the presence of a field of type
+ * FT_NONE can be checked when using -T fields */
+ return "1";
+ default:
+ /* XXX - this is a hack until we can just call
+ * fvalue_to_string_repr() for *all* FT_* types. */
+ dfilter_string = proto_construct_match_selected_string(fi,
+ edt);
+ if (dfilter_string != NULL) {
+ chop_len = strlen(fi->hfinfo->abbrev) + 4; /* for " == " */
+
+ /* XXX - Remove double-quotes. Again, once we
+ * can call fvalue_to_string_repr(), we can
+ * ask it not to produce the version for
+ * display-filters, and thus, no
+ * double-quotes. */
+ if (dfilter_string[strlen(dfilter_string)-1] == '"') {
+ dfilter_string[strlen(dfilter_string)-1] = '\0';
+ chop_len++;
+ }
+
+ return &(dfilter_string[chop_len]);
+ } else {
+ return get_field_hex_value(edt->pi.data_src, fi);
+ }
+ }
+ }
+}
+
+static const gchar*
+get_field_hex_value(GSList* src_list, field_info *fi)
+{
+ const guint8 *pd;
+
+ if (fi->length > tvb_length_remaining(fi->ds_tvb, fi->start)) {
+ return "field length invalid!";
+ }
+
+ /* Find the data for this field. */
+ pd = get_field_data(src_list, fi);
+
+ if (pd) {
+ int i;
+ gchar* buffer;
+ gchar* p;
+ int len;
+ const int chars_per_byte = 2;
+
+ len = chars_per_byte * fi->length;
+ buffer = ep_alloc_array(gchar, len + 1);
+ buffer[len] = '\0'; /* Ensure NULL termination in bad cases */
+ p = buffer;
+ /* Print a simple hex dump */
+ for (i = 0 ; i < fi->length; i++) {
+ g_snprintf(p, len, "%02x", pd[i]);
+ p += chars_per_byte;
+ len -= chars_per_byte;
+ }
+ return buffer;
+ } else {
+ return NULL;
+ }
+}
git.samba.org / obnox / wireshark / wip.git / blobdiff