diff options
author | Jakub Zawadzki <darkjames-ws@darkjames.pl> | 2017-10-04 22:41:19 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2017-10-05 04:18:27 +0000 |
commit | 3c9f440ac60ba83f155a89a851f9a1d3cc947f8d (patch) | |
tree | b418c9e254efce75df8c15bda1db84a870c6dfb5 | |
parent | 7219f6467feb8ce767689aa456fe8ff2f711e22a (diff) |
sharkd: export field filter string.
This extra parameter allows to use wireshark functionality like: prepare as filter,
and also apply quick filter in protocol tree (for instance show only TCP protocol fields: tcp.),
Change-Id: I1f380b79e3802e6aaf646fdd4770c903ee9f3781
Reviewed-on: https://code.wireshark.org/review/23837
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-rw-r--r-- | sharkd.c | 4 | ||||
-rw-r--r-- | sharkd.h | 2 | ||||
-rw-r--r-- | sharkd_session.c | 24 |
3 files changed, 22 insertions, 8 deletions
@@ -548,7 +548,7 @@ sharkd_load_cap_file(void) } int -sharkd_dissect_request(unsigned int framenum, void (*cb)(packet_info *, proto_tree *, struct epan_column_info *, const GSList *, void *), int dissect_bytes, int dissect_columns, int dissect_tree, void *data) +sharkd_dissect_request(unsigned int framenum, void (*cb)(epan_dissect_t *, proto_tree *, struct epan_column_info *, const GSList *, void *), int dissect_bytes, int dissect_columns, int dissect_tree, void *data) { frame_data *fdata; column_info *cinfo = (dissect_columns) ? &cfile.cinfo : NULL; @@ -589,7 +589,7 @@ sharkd_dissect_request(unsigned int framenum, void (*cb)(packet_info *, proto_tr epan_dissect_fill_in_columns(&edt, FALSE, TRUE/* fill_fd_columns */); } - cb(&edt.pi, dissect_tree ? edt.tree : NULL, cinfo, dissect_bytes ? edt.pi.data_src : NULL, data); + cb(&edt, dissect_tree ? edt.tree : NULL, cinfo, dissect_bytes ? edt.pi.data_src : NULL, data); epan_dissect_cleanup(&edt); wtap_phdr_cleanup(&phdr); @@ -33,7 +33,7 @@ int sharkd_load_cap_file(void); int sharkd_retap(void); int sharkd_filter(const char *dftext, guint8 **result); int sharkd_dissect_columns(int framenum, column_info *cinfo, gboolean dissect_color); -int sharkd_dissect_request(unsigned int framenum, void (*cb)(packet_info *, proto_tree *, struct epan_column_info *, const GSList *, void *), int dissect_bytes, int dissect_columns, int dissect_tree, void *data); +int sharkd_dissect_request(unsigned int framenum, void (*cb)(epan_dissect_t *, proto_tree *, struct epan_column_info *, const GSList *, void *), int dissect_bytes, int dissect_columns, int dissect_tree, void *data); const char *sharkd_version(void); /* sharkd_daemon.c */ diff --git a/sharkd_session.c b/sharkd_session.c index f7d6c5a501..08cf739e85 100644 --- a/sharkd_session.c +++ b/sharkd_session.c @@ -34,6 +34,7 @@ #include <wsutil/ws_printf.h> #include <file.h> +#include <epan/epan_dissect.h> #include <epan/exceptions.h> #include <epan/color_filters.h> #include <epan/prefs.h> @@ -637,9 +638,10 @@ struct sharkd_analyse_data }; static void -sharkd_session_process_analyse_cb(packet_info *pi, proto_tree *tree, struct epan_column_info *cinfo, const GSList *data_src, void *data) +sharkd_session_process_analyse_cb(epan_dissect_t *edt, proto_tree *tree, struct epan_column_info *cinfo, const GSList *data_src, void *data) { struct sharkd_analyse_data *analyser = (struct sharkd_analyse_data *) data; + packet_info *pi = &edt->pi; frame_data *fdata = pi->fd; (void) tree; @@ -2632,7 +2634,7 @@ sharkd_session_process_follow(char *buf, const jsmntok_t *tokens, int count) } static void -sharkd_session_process_frame_cb_tree(proto_tree *tree, tvbuff_t **tvbs) +sharkd_session_process_frame_cb_tree(epan_dissect_t *edt, proto_tree *tree, tvbuff_t **tvbs) { proto_node *node; const char *sepa = ""; @@ -2688,6 +2690,8 @@ sharkd_session_process_frame_cb_tree(proto_tree *tree, tvbuff_t **tvbs) if (finfo->hfinfo) { + char *filter; + if (finfo->hfinfo->type == FT_PROTOCOL) { printf(",\"t\":\"proto\""); @@ -2704,6 +2708,14 @@ sharkd_session_process_frame_cb_tree(proto_tree *tree, tvbuff_t **tvbs) json_puts_string(url); wmem_free(NULL, url); } + + filter = proto_construct_match_selected_string(finfo, edt); + if (filter) + { + printf(",\"f\":"); + json_puts_string(filter); + wmem_free(NULL, filter); + } } if (FI_GET_FLAG(finfo, PI_SEVERITY_MASK)) @@ -2719,7 +2731,7 @@ sharkd_session_process_frame_cb_tree(proto_tree *tree, tvbuff_t **tvbs) if (finfo->tree_type != -1) printf(",\"e\":%d", finfo->tree_type); printf(",\"n\":"); - sharkd_session_process_frame_cb_tree((proto_tree *) node, tvbs); + sharkd_session_process_frame_cb_tree(edt, (proto_tree *) node, tvbs); } printf("}"); @@ -2756,8 +2768,9 @@ sharkd_follower_visit_layers_cb(const void *key _U_, void *value, void *user_dat } static void -sharkd_session_process_frame_cb(packet_info *pi, proto_tree *tree, struct epan_column_info *cinfo, const GSList *data_src, void *data) +sharkd_session_process_frame_cb(epan_dissect_t *edt, proto_tree *tree, struct epan_column_info *cinfo, const GSList *data_src, void *data) { + packet_info *pi = &edt->pi; frame_data *fdata = pi->fd; const char *pkt_comment = NULL; @@ -2800,7 +2813,7 @@ sharkd_session_process_frame_cb(packet_info *pi, proto_tree *tree, struct epan_c tvbs[count] = NULL; } - sharkd_session_process_frame_cb_tree(tree, tvbs); + sharkd_session_process_frame_cb_tree(edt, tree, tvbs); g_free(tvbs); } @@ -3027,6 +3040,7 @@ sharkd_session_process_intervals(char *buf, const jsmntok_t *tokens, int count) * (o) tree - array of frame nodes with attributes: * l - label * t: 'proto', 'framenum', 'url' - type of node + * f - filter string * s - severity * e - subtree ett index * n - array of subtree nodes |