/src/wireshark/epan/expert.c
Line | Count | Source |
1 | | /* expert.c |
2 | | * Collecting Expert information. |
3 | | * |
4 | | * Implemented as a tap named "expert". |
5 | | * |
6 | | * Wireshark - Network traffic analyzer |
7 | | * By Gerald Combs <gerald@wireshark.org> |
8 | | * Copyright 1998 Gerald Combs |
9 | | * |
10 | | * SPDX-License-Identifier: GPL-2.0-or-later |
11 | | */ |
12 | | |
13 | | #include "config.h" |
14 | 0 | #define WS_LOG_DOMAIN LOG_DOMAIN_EPAN |
15 | | |
16 | | #include <stdio.h> |
17 | | |
18 | | #include <epan/packet.h> |
19 | | #include "expert.h" |
20 | | #include "uat.h" |
21 | | #include "prefs.h" |
22 | | #include <epan/prefs-int.h> |
23 | | #include <epan/wmem_scopes.h> |
24 | | #include "tap.h" |
25 | | |
26 | | #include <wsutil/str_util.h> |
27 | | #include <wsutil/wslog.h> |
28 | | #include <wsutil/array.h> |
29 | | |
30 | | /* proto_expert cannot be static because it's referenced in the |
31 | | * print routines |
32 | | */ |
33 | | int proto_expert; |
34 | | |
35 | | static int proto_malformed; |
36 | | |
37 | | static int expert_tap; |
38 | | static int highest_severity; |
39 | | |
40 | | static int ett_expert; |
41 | | static int ett_subexpert; |
42 | | |
43 | | static int hf_expert_msg; |
44 | | static int hf_expert_group; |
45 | | static int hf_expert_severity; |
46 | | |
47 | | struct expert_module |
48 | | { |
49 | | const char *proto_name; |
50 | | int proto_id; /* Cache this for registering hfs */ |
51 | | }; |
52 | | |
53 | | /* List which stores protocols and expert_info that have been registered */ |
54 | | typedef struct _gpa_expertinfo_t { |
55 | | uint32_t len; |
56 | | uint32_t allocated_len; |
57 | | expert_field_info **ei; |
58 | | } gpa_expertinfo_t; |
59 | | static gpa_expertinfo_t gpa_expertinfo; |
60 | | |
61 | | /* Hash table of abbreviations and IDs */ |
62 | | static GHashTable *gpa_name_map; |
63 | | static expert_field_info *same_name_expinfo; |
64 | | |
65 | | static void save_same_name_expinfo(void *data) |
66 | 0 | { |
67 | 0 | same_name_expinfo = (expert_field_info*)data; |
68 | 0 | } |
69 | | |
70 | | /* Deregistered expert infos */ |
71 | | static GPtrArray *deregistered_expertinfos; |
72 | | |
73 | | const value_string expert_group_vals[] = { |
74 | | { PI_CHECKSUM, "Checksum" }, |
75 | | { PI_SEQUENCE, "Sequence" }, |
76 | | { PI_RESPONSE_CODE, "Response" }, |
77 | | { PI_REQUEST_CODE, "Request" }, |
78 | | { PI_UNDECODED, "Undecoded" }, |
79 | | { PI_REASSEMBLE, "Reassemble" }, |
80 | | { PI_MALFORMED, "Malformed" }, |
81 | | { PI_DEBUG, "Debug" }, |
82 | | { PI_PROTOCOL, "Protocol" }, |
83 | | { PI_SECURITY, "Security" }, |
84 | | { PI_COMMENTS_GROUP, "Comment" }, |
85 | | { PI_DECRYPTION, "Decryption" }, |
86 | | { PI_ASSUMPTION, "Assumption" }, |
87 | | { PI_DEPRECATED, "Deprecated" }, |
88 | | { PI_RECEIVE, "Receive" }, |
89 | | { PI_INTERFACE, "Interface" }, |
90 | | { PI_DISSECTOR_BUG, "Dissector bug" }, |
91 | | { 0, NULL } |
92 | | }; |
93 | | |
94 | | const value_string expert_severity_vals[] = { |
95 | | { PI_ERROR, "Error" }, |
96 | | { PI_WARN, "Warning" }, |
97 | | { PI_NOTE, "Note" }, |
98 | | { PI_CHAT, "Chat" }, |
99 | | { PI_COMMENT, "Comment" }, |
100 | | { 0, NULL } |
101 | | }; |
102 | | |
103 | | /* Possible values for a checksum evaluation */ |
104 | | const value_string expert_checksum_vals[] = { |
105 | | { EXPERT_CHECKSUM_DISABLED, "Disabled" }, |
106 | | { EXPERT_CHECKSUM_UNKNOWN, "Unknown" }, |
107 | | { EXPERT_CHECKSUM_GOOD, "Good" }, |
108 | | { EXPERT_CHECKSUM_BAD, "Bad" }, |
109 | | { 0, NULL } |
110 | | }; |
111 | | |
112 | | static expert_field_info *expert_registrar_get_byname(const char *field_name); |
113 | | |
114 | | /*----------------------------------------------------------------------------*/ |
115 | | /* UAT for customizing severity levels. */ |
116 | | /*----------------------------------------------------------------------------*/ |
117 | | typedef struct |
118 | | { |
119 | | char *field; |
120 | | uint32_t severity; |
121 | | } expert_level_entry_t; |
122 | | |
123 | | static expert_level_entry_t *uat_expert_entries; |
124 | | static unsigned expert_level_entry_count; |
125 | | /* Array of field names currently in UAT */ |
126 | | static GArray *uat_saved_fields; |
127 | | |
128 | 0 | UAT_CSTRING_CB_DEF(uat_expert_entries, field, expert_level_entry_t) |
129 | 0 | UAT_VS_DEF(uat_expert_entries, severity, expert_level_entry_t, uint32_t, PI_ERROR, "Error") Unexecuted instantiation: expert.c:uat_expert_entries_severity_set_cb Unexecuted instantiation: expert.c:uat_expert_entries_severity_tostr_cb |
130 | | |
131 | | static bool uat_expert_update_cb(void *r, char **err) |
132 | 0 | { |
133 | 0 | expert_level_entry_t *rec = (expert_level_entry_t *)r; |
134 | |
|
135 | 0 | if (expert_registrar_get_byname(rec->field) == NULL) { |
136 | 0 | *err = ws_strdup_printf("Expert Info field doesn't exist: %s", rec->field); |
137 | 0 | return false; |
138 | 0 | } |
139 | 0 | return true; |
140 | 0 | } |
141 | | |
142 | | static void *uat_expert_copy_cb(void *n, const void *o, size_t siz _U_) |
143 | 0 | { |
144 | 0 | expert_level_entry_t *new_record = (expert_level_entry_t*)n; |
145 | 0 | const expert_level_entry_t *old_record = (const expert_level_entry_t *)o; |
146 | |
|
147 | 0 | new_record->field = g_strdup(old_record->field); |
148 | |
|
149 | 0 | new_record->severity = old_record->severity; |
150 | |
|
151 | 0 | return new_record; |
152 | 0 | } |
153 | | |
154 | | static void uat_expert_free_cb(void*r) |
155 | 0 | { |
156 | 0 | expert_level_entry_t *rec = (expert_level_entry_t *)r; |
157 | |
|
158 | 0 | g_free(rec->field); |
159 | 0 | } |
160 | | |
161 | | static void uat_expert_post_update_cb(void) |
162 | 14 | { |
163 | 14 | unsigned i; |
164 | 14 | expert_field_info *field; |
165 | | |
166 | | /* Reset any of the previous list of expert info fields to their original severity */ |
167 | 14 | for ( i = 0 ; i < uat_saved_fields->len; i++ ) { |
168 | 0 | field = g_array_index(uat_saved_fields, expert_field_info*, i); |
169 | 0 | if (field != NULL) { |
170 | 0 | field->severity = field->orig_severity; |
171 | 0 | } |
172 | 0 | } |
173 | | |
174 | 14 | g_array_set_size(uat_saved_fields, 0); |
175 | | |
176 | 14 | for (i = 0; i < expert_level_entry_count; i++) |
177 | 0 | { |
178 | 0 | field = expert_registrar_get_byname(uat_expert_entries[i].field); |
179 | 0 | if (field != NULL) |
180 | 0 | { |
181 | 0 | field->severity = uat_expert_entries[i].severity; |
182 | 0 | g_array_append_val(uat_saved_fields, field); |
183 | 0 | } |
184 | 0 | } |
185 | 14 | } |
186 | | |
187 | | #define EXPERT_REGISTRAR_GET_NTH(eiindex, expinfo) \ |
188 | 5.61M | if((unsigned)eiindex >= gpa_expertinfo.len && wireshark_abort_on_dissector_bug) \ |
189 | 5.61M | ws_error("Unregistered expert info! index=%d", eiindex); \ |
190 | 5.61M | DISSECTOR_ASSERT_HINT((unsigned)eiindex < gpa_expertinfo.len, "Unregistered expert info!"); \ |
191 | 5.61M | DISSECTOR_ASSERT_HINT(gpa_expertinfo.ei[eiindex] != NULL, "Unregistered expert info!"); \ |
192 | 5.61M | expinfo = gpa_expertinfo.ei[eiindex]; |
193 | | |
194 | | void |
195 | | expert_packet_init(void) |
196 | 28 | { |
197 | 28 | module_t *module_expert; |
198 | 28 | uat_t *expert_uat; |
199 | | |
200 | 28 | static hf_register_info hf[] = { |
201 | 28 | { &hf_expert_msg, |
202 | 28 | { "Message", "_ws.expert.message", FT_STRING, BASE_NONE, NULL, 0, "Wireshark expert information", HFILL } |
203 | 28 | }, |
204 | 28 | { &hf_expert_group, |
205 | 28 | { "Group", "_ws.expert.group", FT_UINT32, BASE_NONE, VALS(expert_group_vals), 0, "Wireshark expert group", HFILL } |
206 | 28 | }, |
207 | 28 | { &hf_expert_severity, |
208 | 28 | { "Severity level", "_ws.expert.severity", FT_UINT32, BASE_NONE, VALS(expert_severity_vals), 0, "Wireshark expert severity level", HFILL } |
209 | 28 | } |
210 | 28 | }; |
211 | 28 | static int *ett[] = { |
212 | 28 | &ett_expert, |
213 | 28 | &ett_subexpert |
214 | 28 | }; |
215 | | |
216 | | /* UAT for overriding severity levels */ |
217 | 28 | static uat_field_t custom_expert_fields[] = { |
218 | 28 | UAT_FLD_CSTRING(uat_expert_entries, field, "Field name", "Expert Info filter name"), |
219 | 28 | UAT_FLD_VS(uat_expert_entries, severity, "Severity", expert_severity_vals, "Custom severity level"), |
220 | 28 | UAT_END_FIELDS |
221 | 28 | }; |
222 | | |
223 | 28 | if (expert_tap == 0) { |
224 | 14 | expert_tap = register_tap("expert"); |
225 | 14 | } |
226 | | |
227 | 28 | if (proto_expert <= 0) { |
228 | 14 | proto_expert = proto_register_protocol("Expert Info", "Expert", "_ws.expert"); |
229 | 14 | proto_register_field_array(proto_expert, hf, array_length(hf)); |
230 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
231 | 14 | proto_set_cant_toggle(proto_expert); |
232 | | |
233 | 14 | module_expert = prefs_register_protocol(proto_expert, NULL); |
234 | | //Since "expert" is really a pseudo protocol, it shouldn't be |
235 | | //categorized with other "real" protocols when it comes to |
236 | | //preferences. Since it's just a UAT, don't bury it in |
237 | | //with the other protocols |
238 | 14 | module_expert->use_gui = false; |
239 | | |
240 | 14 | expert_uat = uat_new("Expert Info Severity Level Configuration", |
241 | 14 | sizeof(expert_level_entry_t), |
242 | 14 | "expert_severity", |
243 | 14 | true, |
244 | 14 | (void **)&uat_expert_entries, |
245 | 14 | &expert_level_entry_count, |
246 | 14 | UAT_AFFECTS_DISSECTION, |
247 | 14 | NULL, |
248 | 14 | uat_expert_copy_cb, |
249 | 14 | uat_expert_update_cb, |
250 | 14 | uat_expert_free_cb, |
251 | 14 | uat_expert_post_update_cb, |
252 | 14 | NULL, |
253 | 14 | custom_expert_fields); |
254 | | |
255 | 14 | prefs_register_uat_preference(module_expert, |
256 | 14 | "expert_severity_levels", |
257 | 14 | "Severity Level Configuration", |
258 | 14 | "A table that overrides Expert Info field severity levels to user configured levels", |
259 | 14 | expert_uat); |
260 | | |
261 | 14 | } |
262 | | |
263 | 28 | highest_severity = 0; |
264 | | |
265 | 28 | proto_malformed = proto_get_id_by_filter_name("_ws.malformed"); |
266 | 28 | } |
267 | | |
268 | | void |
269 | | expert_init(void) |
270 | 14 | { |
271 | 14 | gpa_expertinfo.len = 0; |
272 | 14 | gpa_expertinfo.allocated_len = 0; |
273 | 14 | gpa_expertinfo.ei = NULL; |
274 | 14 | gpa_name_map = g_hash_table_new_full(g_str_hash, g_str_equal, NULL, save_same_name_expinfo); |
275 | 14 | uat_saved_fields = g_array_new(false, false, sizeof(expert_field_info*)); |
276 | 14 | deregistered_expertinfos = g_ptr_array_new(); |
277 | 14 | } |
278 | | |
279 | | void |
280 | | expert_packet_cleanup(void) |
281 | 0 | { |
282 | 0 | } |
283 | | |
284 | | void |
285 | | expert_cleanup(void) |
286 | 0 | { |
287 | 0 | if (gpa_expertinfo.allocated_len) { |
288 | 0 | gpa_expertinfo.len = 0; |
289 | 0 | gpa_expertinfo.allocated_len = 0; |
290 | 0 | g_free(gpa_expertinfo.ei); |
291 | 0 | gpa_expertinfo.ei = NULL; |
292 | 0 | } |
293 | | |
294 | | /* Free the abbrev/ID GTree */ |
295 | 0 | if (gpa_name_map) { |
296 | 0 | g_hash_table_destroy(gpa_name_map); |
297 | 0 | gpa_name_map = NULL; |
298 | 0 | } |
299 | | |
300 | | /* Free the UAT saved fields */ |
301 | 0 | if (uat_saved_fields) { |
302 | 0 | g_array_free(uat_saved_fields, true); |
303 | 0 | uat_saved_fields = NULL; |
304 | 0 | } |
305 | |
|
306 | 0 | if (deregistered_expertinfos) { |
307 | 0 | g_ptr_array_free(deregistered_expertinfos, true); |
308 | 0 | deregistered_expertinfos = NULL; |
309 | 0 | } |
310 | 0 | } |
311 | | |
312 | | |
313 | | int |
314 | | expert_get_highest_severity(void) |
315 | 0 | { |
316 | 0 | return highest_severity; |
317 | 0 | } |
318 | | |
319 | | void |
320 | | expert_update_comment_count(uint64_t count) |
321 | 0 | { |
322 | 0 | if (count==0 && highest_severity==PI_COMMENT) |
323 | 0 | highest_severity = 0; |
324 | 0 | } |
325 | | |
326 | | //coverity[-alloc] |
327 | | expert_module_t *expert_register_protocol(int id) |
328 | 12.6k | { |
329 | 12.6k | expert_module_t *module; |
330 | 12.6k | protocol_t *protocol; |
331 | | |
332 | 12.6k | protocol = find_protocol_by_id(id); |
333 | | |
334 | 12.6k | module = wmem_new(wmem_epan_scope(), expert_module_t); |
335 | 12.6k | module->proto_id = id; |
336 | 12.6k | module->proto_name = proto_get_protocol_short_name(protocol); |
337 | | |
338 | 12.6k | return module; |
339 | 12.6k | } |
340 | | |
341 | | void |
342 | | expert_deregister_expertinfo (const char *abbrev) |
343 | 0 | { |
344 | 0 | expert_field_info *expinfo = (expert_field_info*)g_hash_table_lookup(gpa_name_map, abbrev); |
345 | 0 | while (expinfo) { |
346 | 0 | g_ptr_array_add(deregistered_expertinfos, gpa_expertinfo.ei[expinfo->id]); |
347 | 0 | g_hash_table_steal(gpa_name_map, abbrev); |
348 | 0 | expinfo->hf_info.hfinfo.blurb = NULL; |
349 | 0 | expinfo = expinfo->same_name_next; |
350 | 0 | } |
351 | 0 | } |
352 | | |
353 | | void |
354 | | expert_deregister_protocol (expert_module_t *module) |
355 | 0 | { |
356 | 0 | wmem_free(wmem_epan_scope(), module); |
357 | 0 | } |
358 | | |
359 | | static void |
360 | | free_deregistered_expertinfo (void *data, void *user_data _U_) |
361 | 0 | { |
362 | 0 | expert_field_info *expinfo = (expert_field_info *) data; |
363 | 0 | gpa_expertinfo.ei[expinfo->id] = NULL; /* Invalidate this id */ |
364 | 0 | } |
365 | | |
366 | | void |
367 | | expert_free_deregistered_expertinfos (void) |
368 | 0 | { |
369 | 0 | g_ptr_array_foreach(deregistered_expertinfos, free_deregistered_expertinfo, NULL); |
370 | 0 | g_ptr_array_free(deregistered_expertinfos, true); |
371 | 0 | deregistered_expertinfos = g_ptr_array_new(); |
372 | 0 | } |
373 | | |
374 | | static int |
375 | | expert_register_field_init(expert_field_info *expinfo, expert_module_t *module) |
376 | 58.7k | { |
377 | | /* Check for valid group and severity vals */ |
378 | 58.7k | switch (expinfo->group) { |
379 | 1.73k | case PI_CHECKSUM: |
380 | 5.54k | case PI_SEQUENCE: |
381 | 6.76k | case PI_RESPONSE_CODE: |
382 | 6.90k | case PI_REQUEST_CODE: |
383 | 15.5k | case PI_UNDECODED: |
384 | 15.9k | case PI_REASSEMBLE: |
385 | 33.1k | case PI_MALFORMED: |
386 | 33.2k | case PI_DEBUG: |
387 | 57.4k | case PI_PROTOCOL: |
388 | 57.8k | case PI_SECURITY: |
389 | 58.1k | case PI_COMMENTS_GROUP: |
390 | 58.3k | case PI_DECRYPTION: |
391 | 58.5k | case PI_ASSUMPTION: |
392 | 58.7k | case PI_DEPRECATED: |
393 | 58.7k | case PI_RECEIVE: |
394 | 58.7k | case PI_INTERFACE: |
395 | 58.7k | case PI_DISSECTOR_BUG: |
396 | 58.7k | break; |
397 | 0 | default: |
398 | 0 | REPORT_DISSECTOR_BUG("Expert info for %s has invalid group=0x%08x\n", expinfo->name, expinfo->group); |
399 | 58.7k | } |
400 | 58.7k | switch (expinfo->severity) { |
401 | 266 | case PI_COMMENT: |
402 | 1.69k | case PI_CHAT: |
403 | 9.03k | case PI_NOTE: |
404 | 37.8k | case PI_WARN: |
405 | 58.7k | case PI_ERROR: |
406 | 58.7k | break; |
407 | 0 | default: |
408 | 0 | REPORT_DISSECTOR_BUG("Expert info for %s has invalid severity=0x%08x\n", expinfo->name, expinfo->severity); |
409 | 58.7k | } |
410 | | |
411 | 58.7k | expinfo->protocol = module->proto_name; |
412 | | |
413 | | /* if we always add and never delete, then id == len - 1 is correct */ |
414 | 58.7k | if (gpa_expertinfo.len >= gpa_expertinfo.allocated_len) { |
415 | 14 | if (!gpa_expertinfo.ei) { |
416 | 14 | gpa_expertinfo.allocated_len = PRE_ALLOC_EXPERT_FIELDS_MEM; |
417 | 14 | gpa_expertinfo.ei = (expert_field_info **)g_malloc(sizeof(expert_field_info *)*PRE_ALLOC_EXPERT_FIELDS_MEM); |
418 | 14 | } else { |
419 | 0 | gpa_expertinfo.allocated_len += 1000; |
420 | 0 | gpa_expertinfo.ei = (expert_field_info **)g_realloc(gpa_expertinfo.ei, |
421 | 0 | sizeof(expert_field_info *)*gpa_expertinfo.allocated_len); |
422 | 0 | } |
423 | 14 | } |
424 | 58.7k | gpa_expertinfo.ei[gpa_expertinfo.len] = expinfo; |
425 | 58.7k | gpa_expertinfo.len++; |
426 | 58.7k | expinfo->id = gpa_expertinfo.len - 1; |
427 | | /* Save the original severity so it can be restored by the UAT */ |
428 | 58.7k | expinfo->orig_severity = expinfo->severity; |
429 | | |
430 | | /* save field name for lookup */ |
431 | 58.7k | same_name_expinfo = NULL; |
432 | 58.7k | g_hash_table_replace(gpa_name_map, (void *)expinfo->name, expinfo); |
433 | 58.7k | if (same_name_expinfo) { |
434 | 0 | expinfo->same_name_next = same_name_expinfo; |
435 | 0 | } |
436 | | |
437 | 58.7k | return expinfo->id; |
438 | 58.7k | } |
439 | | |
440 | | |
441 | | /* for use with static arrays only, since we don't allocate our own copies |
442 | | of the expert_field_info struct contained within the exp_register_info struct */ |
443 | | void |
444 | | expert_register_field_array(expert_module_t *module, ei_register_info *exp, const int num_records) |
445 | 12.6k | { |
446 | 12.6k | int i; |
447 | 12.6k | ei_register_info *ptr = exp; |
448 | | |
449 | 71.4k | for (i = 0; i < num_records; i++, ptr++) { |
450 | | /* |
451 | | * Make sure we haven't registered this yet. |
452 | | * Most fields have variables associated with them |
453 | | * that are initialized to -1; some have array elements, |
454 | | * or possibly uninitialized variables, so we also allow |
455 | | * 0 (which is unlikely to be the field ID we get back |
456 | | * from "expert_register_field_init()"). |
457 | | */ |
458 | 58.7k | if (ptr->ids->ei != -1 && ptr->ids->ei != 0) { |
459 | 0 | fprintf(stderr, |
460 | 0 | "Duplicate field detected in call to expert_register_field_array: '%s' is already registered, name=%s\n", |
461 | 0 | ptr->eiinfo.summary, ptr->eiinfo.name); |
462 | 0 | return; |
463 | 0 | } |
464 | | |
465 | | /* Register the field with the experts */ |
466 | 58.7k | ptr->ids->ei = expert_register_field_init(&ptr->eiinfo, module); |
467 | | |
468 | | /* Register with the header field info, so it's display filterable */ |
469 | 58.7k | ptr->eiinfo.hf_info.p_id = &ptr->ids->hf; |
470 | 58.7k | ptr->eiinfo.hf_info.hfinfo.name = ptr->eiinfo.summary; |
471 | 58.7k | ptr->eiinfo.hf_info.hfinfo.abbrev = ptr->eiinfo.name; |
472 | 58.7k | ptr->eiinfo.hf_info.hfinfo.blurb = "Expert_Item"; |
473 | | |
474 | 58.7k | proto_register_field_array(module->proto_id, &ptr->eiinfo.hf_info, 1); |
475 | 58.7k | } |
476 | 12.6k | } |
477 | | |
478 | | /* Finds a record in the expert array by name. |
479 | | * For the moment, this function is only used "internally" |
480 | | * but may find a reason to be exported |
481 | | */ |
482 | | static expert_field_info * |
483 | | expert_registrar_get_byname(const char *field_name) |
484 | 0 | { |
485 | 0 | expert_field_info *hfinfo; |
486 | |
|
487 | 0 | if (!field_name) |
488 | 0 | return NULL; |
489 | | |
490 | 0 | hfinfo = (expert_field_info*)g_hash_table_lookup(gpa_name_map, field_name); |
491 | |
|
492 | 0 | return hfinfo; |
493 | 0 | } |
494 | | |
495 | | /** |
496 | | * Get summary text of an expert_info field. |
497 | | * This is intended for use in expert_add_info_format or proto_tree_add_expert_format |
498 | | * to get the "base" string to then append additional information |
499 | | */ |
500 | | const char* expert_get_summary(expert_field *eiindex) |
501 | 8.50k | { |
502 | 8.50k | expert_field_info *eiinfo; |
503 | | |
504 | | /* Look up the item */ |
505 | 8.50k | EXPERT_REGISTRAR_GET_NTH(eiindex->ei, eiinfo); |
506 | | |
507 | 8.50k | return eiinfo->summary; |
508 | 8.50k | } |
509 | | |
510 | | /** clear flags according to the mask and set new flag values */ |
511 | 10.1M | #define FI_REPLACE_FLAGS(fi, mask, flags_in) { \ |
512 | 10.1M | (fi->flags = (fi)->flags & ~(mask)); \ |
513 | 10.1M | (fi->flags = (fi)->flags | (flags_in)); \ |
514 | 10.1M | } |
515 | | |
516 | | /* set's the PI_ flags to a protocol item |
517 | | * (and its parent items till the toplevel) */ |
518 | | static void |
519 | | // NOLINTNEXTLINE(misc-no-recursion) |
520 | | expert_set_item_flags(proto_item *pi, const int group, const unsigned severity) |
521 | 6.00M | { |
522 | 6.00M | if (pi != NULL && PITEM_FINFO(pi) != NULL && (severity >= FI_GET_FLAG(PITEM_FINFO(pi), PI_SEVERITY_MASK))) { |
523 | 5.09M | FI_REPLACE_FLAGS(PITEM_FINFO(pi), PI_GROUP_MASK, group); |
524 | 5.09M | FI_REPLACE_FLAGS(PITEM_FINFO(pi), PI_SEVERITY_MASK, severity); |
525 | | |
526 | | /* propagate till toplevel item */ |
527 | 5.09M | pi = proto_item_get_parent(pi); |
528 | | // We recurse here, but we're limited by our tree depth checks in proto.c |
529 | 5.09M | expert_set_item_flags(pi, group, severity); |
530 | 5.09M | } |
531 | 6.00M | } |
532 | | |
533 | | static proto_tree* |
534 | | expert_create_tree(proto_item *pi, packet_info* pinfo, int group, int severity, const char *msg) |
535 | 5.48M | { |
536 | 5.48M | proto_tree *tree; |
537 | 5.48M | proto_item *ti; |
538 | | |
539 | 5.48M | tree = proto_item_add_subtree(pi, ett_expert); |
540 | 5.48M | ti = proto_tree_add_protocol_format(tree, proto_expert, NULL, 0, 0, "Expert Info (%s/%s): %s", |
541 | 5.48M | val_to_str(pinfo->pool, severity, expert_severity_vals, "Unknown (%u)"), |
542 | 5.48M | val_to_str(pinfo->pool, group, expert_group_vals, "Unknown (%u)"), |
543 | 5.48M | msg); |
544 | 5.48M | proto_item_set_generated(ti); |
545 | | |
546 | 5.48M | if (group == PI_MALFORMED) { |
547 | | /* Add hidden malformed protocol filter */ |
548 | 455k | proto_item *malformed_ti = proto_tree_add_item(tree, proto_malformed, NULL, 0, 0, ENC_NA); |
549 | 455k | proto_item_set_hidden(malformed_ti); |
550 | 455k | } |
551 | | |
552 | 5.48M | return proto_item_add_subtree(ti, ett_subexpert); |
553 | 5.48M | } |
554 | | |
555 | | static proto_tree* |
556 | | expert_set_info_vformat(packet_info *pinfo, proto_item *pi, int group, int severity, int hf_index, bool use_vaformat, |
557 | | const char *format, va_list ap) |
558 | 5.60M | { |
559 | 5.60M | char formatted[ITEM_LABEL_LENGTH]; |
560 | 5.60M | int pos; |
561 | 5.60M | int tap; |
562 | 5.60M | expert_info_t *ei; |
563 | 5.60M | proto_tree *tree; |
564 | 5.60M | proto_item *ti; |
565 | | |
566 | 5.60M | if (pinfo == NULL && pi && pi->tree_data) { |
567 | 92.0k | pinfo = PTREE_DATA(pi)->pinfo; |
568 | 92.0k | } |
569 | | |
570 | | /* if this packet isn't loaded because of a read filter, don't output anything */ |
571 | 5.60M | if (pinfo == NULL || pinfo->num == 0) { |
572 | 124k | return NULL; |
573 | 124k | } |
574 | | |
575 | | /* severity - the severity of this item |
576 | | * highest_severity - the highest severity in the entire capture, |
577 | | * used to set the color/tooltip in the main status bar |
578 | | * pinfo->expert_severity - the highest severity of an item in the |
579 | | * entire frame, used for setting COL_EXPERT. We always have |
580 | | * packet_info at this point. |
581 | | * FI_GET_FLAG(PITEM_FINFO(pi)) - the highest severity of an item |
582 | | * or its descendants, used to set the background color in |
583 | | * proto_tree_model.cpp. Note we can't set or get this if an item |
584 | | * is faked. |
585 | | */ |
586 | 5.48M | if (severity > highest_severity) { |
587 | 8 | highest_severity = severity; |
588 | 8 | } |
589 | | |
590 | | /* The item might be faked, but we still need to tap it even so, e.g., |
591 | | * for the Expert Info dialog or CLI tap. */ |
592 | 5.48M | if (pi != NULL && PITEM_FINFO(pi) != NULL) { |
593 | 909k | expert_set_item_flags(pi, group, severity); |
594 | 909k | } |
595 | | |
596 | 5.48M | if ((unsigned)severity > pinfo->expert_severity) { |
597 | 140k | pinfo->expert_severity = (unsigned)severity; |
598 | 140k | col_add_str(pinfo->cinfo, COL_EXPERT, val_to_str(pinfo->pool, severity, expert_severity_vals, "Unknown (%u)")); |
599 | 140k | } |
600 | | |
601 | 5.48M | if (use_vaformat) { |
602 | 4.82M | pos = vsnprintf(formatted, ITEM_LABEL_LENGTH, format, ap); |
603 | 4.82M | } else { |
604 | 653k | pos = (int)g_strlcpy(formatted, format, ITEM_LABEL_LENGTH); |
605 | 653k | } |
606 | | |
607 | | /* Both vsnprintf and g_strlcpy return the number of bytes attempted |
608 | | * to write. |
609 | | */ |
610 | 5.48M | if (pos >= ITEM_LABEL_LENGTH) { |
611 | | /* Truncation occurred. It might have split a UTF-8 character. */ |
612 | 288 | ws_utf8_truncate(formatted, ITEM_LABEL_LENGTH - 1); |
613 | 288 | } |
614 | | |
615 | 5.48M | tree = expert_create_tree(pi, pinfo, group, severity, formatted); |
616 | | |
617 | 5.48M | if (hf_index <= 0) { |
618 | | /* If no filterable expert info, just add the message */ |
619 | 0 | ti = proto_tree_add_string(tree, hf_expert_msg, NULL, 0, 0, formatted); |
620 | 0 | proto_item_set_generated(ti); |
621 | 5.48M | } else { |
622 | | /* If filterable expert info, hide the "generic" form of the message, |
623 | | and generate the formatted filterable expert info */ |
624 | 5.48M | ti = proto_tree_add_none_format(tree, hf_index, NULL, 0, 0, "%s", formatted); |
625 | 5.48M | proto_item_set_generated(ti); |
626 | 5.48M | ti = proto_tree_add_string(tree, hf_expert_msg, NULL, 0, 0, formatted); |
627 | 5.48M | proto_item_set_hidden(ti); |
628 | 5.48M | } |
629 | | |
630 | 5.48M | ti = proto_tree_add_uint_format_value(tree, hf_expert_severity, NULL, 0, 0, severity, |
631 | 5.48M | "%s", val_to_str_const(severity, expert_severity_vals, "Unknown")); |
632 | 5.48M | proto_item_set_generated(ti); |
633 | 5.48M | ti = proto_tree_add_uint_format_value(tree, hf_expert_group, NULL, 0, 0, group, |
634 | 5.48M | "%s", val_to_str_const(group, expert_group_vals, "Unknown")); |
635 | 5.48M | proto_item_set_generated(ti); |
636 | | |
637 | 5.48M | tap = have_tap_listener(expert_tap); |
638 | | |
639 | 5.48M | if (!tap) |
640 | 5.48M | return tree; |
641 | | |
642 | 5 | ei = wmem_new(pinfo->pool, expert_info_t); |
643 | | |
644 | 5 | ei->packet_num = pinfo->num; |
645 | 5 | ei->group = group; |
646 | 5 | ei->severity = severity; |
647 | 5 | ei->hf_index = hf_index; |
648 | 5 | ei->protocol = pinfo->current_proto; |
649 | 5 | ei->summary = wmem_strdup(pinfo->pool, formatted); |
650 | | |
651 | | /* if we have a proto_item (not a faked item), set expert attributes to it */ |
652 | 5 | if (pi != NULL && PITEM_FINFO(pi) != NULL) { |
653 | 0 | ei->pitem = pi; |
654 | 0 | } |
655 | 5 | else { |
656 | 5 | ei->pitem = NULL; |
657 | 5 | } |
658 | | |
659 | 5 | tap_queue_packet(expert_tap, pinfo, ei); |
660 | 5 | return tree; |
661 | 5.48M | } |
662 | | |
663 | | /* Helper function for expert_add_info() to work around compiler's special needs on ARM */ |
664 | | static inline proto_tree* |
665 | | expert_add_info_internal(packet_info *pinfo, proto_item *pi, expert_field *expindex, ...) |
666 | 696k | { |
667 | | /* the va_list is ignored */ |
668 | 696k | va_list unused; |
669 | 696k | expert_field_info *eiinfo; |
670 | 696k | proto_tree *tree; |
671 | | |
672 | | /* Look up the item */ |
673 | 696k | EXPERT_REGISTRAR_GET_NTH(expindex->ei, eiinfo); |
674 | | |
675 | 696k | va_start(unused, expindex); |
676 | 696k | tree = expert_set_info_vformat(pinfo, pi, eiinfo->group, eiinfo->severity, *eiinfo->hf_info.p_id, false, eiinfo->summary, unused); |
677 | 696k | va_end(unused); |
678 | 696k | return tree; |
679 | 696k | } |
680 | | |
681 | | proto_item * |
682 | | expert_add_info(packet_info *pinfo, proto_item *pi, expert_field *expindex) |
683 | 696k | { |
684 | 696k | proto_tree *tree; |
685 | 696k | tree = expert_add_info_internal(pinfo, pi, expindex); |
686 | 696k | return (proto_item *)tree; |
687 | 696k | } |
688 | | |
689 | | proto_item * |
690 | | expert_add_info_format(packet_info *pinfo, proto_item *pi, expert_field *expindex, const char *format, ...) |
691 | 4.47M | { |
692 | 4.47M | va_list ap; |
693 | 4.47M | expert_field_info *eiinfo; |
694 | 4.47M | proto_tree *tree; |
695 | | |
696 | | /* Look up the item */ |
697 | 4.47M | EXPERT_REGISTRAR_GET_NTH(expindex->ei, eiinfo); |
698 | | |
699 | 4.47M | va_start(ap, format); |
700 | 4.47M | tree = expert_set_info_vformat(pinfo, pi, eiinfo->group, eiinfo->severity, *eiinfo->hf_info.p_id, true, format, ap); |
701 | 4.47M | va_end(ap); |
702 | 4.47M | return (proto_item *)tree; |
703 | 4.47M | } |
704 | | |
705 | | /* Helper function for expert_add_expert() to work around compiler's special needs on ARM */ |
706 | | static inline proto_item * |
707 | | proto_tree_add_expert_internal(proto_tree *tree, packet_info *pinfo, expert_field *expindex, |
708 | | tvbuff_t *tvb, unsigned start, unsigned length, ...) |
709 | 58.6k | { |
710 | 58.6k | expert_field_info *eiinfo; |
711 | 58.6k | proto_item *ti; |
712 | 58.6k | unsigned item_length, captured_length; |
713 | 58.6k | va_list unused; |
714 | | |
715 | | /* Look up the item */ |
716 | 58.6k | EXPERT_REGISTRAR_GET_NTH(expindex->ei, eiinfo); |
717 | | |
718 | | /* Make sure this doesn't throw an exception when adding the item */ |
719 | 58.6k | item_length = length; |
720 | 58.6k | captured_length = tvb_captured_length_remaining(tvb, start); |
721 | 58.6k | if (captured_length < item_length) { |
722 | 2.01k | item_length = captured_length; |
723 | 2.01k | } |
724 | 58.6k | ti = proto_tree_add_text_internal(tree, tvb, start, item_length, "%s", eiinfo->summary); |
725 | 58.6k | va_start(unused, length); |
726 | 58.6k | expert_set_info_vformat(pinfo, ti, eiinfo->group, eiinfo->severity, *eiinfo->hf_info.p_id, false, eiinfo->summary, unused); |
727 | 58.6k | va_end(unused); |
728 | | |
729 | | /* But make sure it throws an exception *after* adding the item */ |
730 | 58.6k | tvb_ensure_bytes_exist(tvb, start, length); |
731 | | |
732 | 58.6k | return ti; |
733 | 58.6k | } |
734 | | |
735 | | static inline proto_item* |
736 | | proto_tree_add_expert_internal_remaining(proto_tree* tree, packet_info* pinfo, expert_field* expindex, |
737 | | tvbuff_t* tvb, unsigned start, ...) |
738 | 4.39k | { |
739 | 4.39k | expert_field_info* eiinfo; |
740 | 4.39k | proto_item* ti; |
741 | 4.39k | unsigned item_length, captured_length; |
742 | 4.39k | va_list unused; |
743 | | |
744 | | /* Look up the item */ |
745 | 4.39k | EXPERT_REGISTRAR_GET_NTH(expindex->ei, eiinfo); |
746 | | |
747 | | /* Make sure this doesn't throw an exception when adding the item */ |
748 | 4.39k | captured_length = tvb_captured_length(tvb); |
749 | 4.39k | if (start >= captured_length) { |
750 | 112 | item_length = 0; |
751 | 4.28k | } else { |
752 | 4.28k | item_length = captured_length - start; |
753 | 4.28k | } |
754 | 4.39k | ti = proto_tree_add_text_internal(tree, tvb, start, item_length, "%s", eiinfo->summary); |
755 | 4.39k | va_start(unused, start); |
756 | 4.39k | expert_set_info_vformat(pinfo, ti, eiinfo->group, eiinfo->severity, *eiinfo->hf_info.p_id, false, eiinfo->summary, unused); |
757 | 4.39k | va_end(unused); |
758 | | |
759 | 4.39k | return ti; |
760 | 4.39k | } |
761 | | proto_item * |
762 | | proto_tree_add_expert(proto_tree *tree, packet_info *pinfo, expert_field *expindex, |
763 | | tvbuff_t *tvb, unsigned start, unsigned length) |
764 | 58.6k | { |
765 | 58.6k | return proto_tree_add_expert_internal(tree, pinfo, expindex, tvb, start, length); |
766 | 58.6k | } |
767 | | |
768 | | proto_item* |
769 | | proto_tree_add_expert_remaining(proto_tree* tree, packet_info* pinfo, expert_field* expindex, |
770 | | tvbuff_t* tvb, unsigned start) |
771 | 4.39k | { |
772 | 4.39k | return proto_tree_add_expert_internal_remaining(tree, pinfo, expindex, tvb, start); |
773 | 4.39k | } |
774 | | |
775 | | proto_item * |
776 | | proto_tree_add_expert_format(proto_tree *tree, packet_info *pinfo, expert_field *expindex, |
777 | | tvbuff_t *tvb, unsigned start, unsigned length, const char *format, ...) |
778 | 348k | { |
779 | 348k | va_list ap; |
780 | 348k | expert_field_info *eiinfo; |
781 | 348k | unsigned item_length, captured_length; |
782 | 348k | proto_item *ti; |
783 | | |
784 | | /* Look up the item */ |
785 | 348k | EXPERT_REGISTRAR_GET_NTH(expindex->ei, eiinfo); |
786 | | |
787 | | /* Make sure this doesn't throw an exception when adding the item */ |
788 | 348k | item_length = length; |
789 | 348k | captured_length = tvb_captured_length_remaining(tvb, start); |
790 | 348k | if (captured_length < item_length) { |
791 | 4.10k | item_length = captured_length; |
792 | 4.10k | } |
793 | 348k | va_start(ap, format); |
794 | 348k | ti = proto_tree_add_text_valist_internal(tree, tvb, start, item_length, format, ap); |
795 | 348k | va_end(ap); |
796 | | |
797 | 348k | va_start(ap, format); |
798 | 348k | expert_set_info_vformat(pinfo, ti, eiinfo->group, eiinfo->severity, *eiinfo->hf_info.p_id, true, format, ap); |
799 | 348k | va_end(ap); |
800 | | |
801 | | /* But make sure it throws an exception *after* adding the item */ |
802 | 348k | tvb_ensure_bytes_exist(tvb, start, length); |
803 | | |
804 | 348k | return ti; |
805 | 348k | } |
806 | | |
807 | | proto_item* |
808 | | proto_tree_add_expert_format_remaining(proto_tree* tree, packet_info* pinfo, expert_field* expindex, |
809 | | tvbuff_t* tvb, unsigned start, const char* format, ...) |
810 | 21.5k | { |
811 | 21.5k | va_list ap; |
812 | 21.5k | expert_field_info* eiinfo; |
813 | 21.5k | unsigned item_length, captured_length; |
814 | 21.5k | proto_item* ti; |
815 | | |
816 | | /* Look up the item */ |
817 | 21.5k | EXPERT_REGISTRAR_GET_NTH(expindex->ei, eiinfo); |
818 | | |
819 | | /* Make sure this doesn't throw an exception when adding the item */ |
820 | 21.5k | captured_length = tvb_captured_length(tvb); |
821 | 21.5k | if (start >= captured_length) { |
822 | 2.26k | item_length = 0; |
823 | 19.3k | } else { |
824 | 19.3k | item_length = captured_length - start; |
825 | 19.3k | } |
826 | 21.5k | va_start(ap, format); |
827 | 21.5k | ti = proto_tree_add_text_valist_internal(tree, tvb, start, item_length, format, ap); |
828 | 21.5k | va_end(ap); |
829 | | |
830 | 21.5k | va_start(ap, format); |
831 | 21.5k | expert_set_info_vformat(pinfo, ti, eiinfo->group, eiinfo->severity, *eiinfo->hf_info.p_id, true, format, ap); |
832 | 21.5k | va_end(ap); |
833 | | |
834 | 21.5k | return ti; |
835 | 21.5k | } |
836 | | /* |
837 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
838 | | * |
839 | | * Local variables: |
840 | | * c-basic-offset: 8 |
841 | | * tab-width: 8 |
842 | | * indent-tabs-mode: t |
843 | | * End: |
844 | | * |
845 | | * vi: set shiftwidth=8 tabstop=8 noexpandtab: |
846 | | * :indentSize=8:tabSize=8:noTabs=false: |
847 | | */ |