static gpointer
pyshark_format_field(gpointer item, gchar *format)
{
if(strcmp(format, "s") == 0) {
return Py_BuildValue(format, item);
}
else if(strcmp(format, "N") == 0) {
return Py_BuildValue(""); // None object
}
else if(strcmp(format, "T") == 0) {
nstime_t *tmp_timestamp = fvalue_get(item);
/* Use fn in $wireshark/epan/nstime.c to convert timestamp to a float */
double tmp_double = nstime_to_sec(tmp_timestamp);
/* TODO: create a Python-native time or timedelta object instead (?) */
return Py_BuildValue("f", tmp_double);
}
else if(strcmp(format, "f") == 0) {
double tmp_double = fvalue_get_floating(item);
return Py_BuildValue(format, tmp_double);
}
else if(strcmp(format, "K") == 0) {
unsigned long long tmp_unsigned_long_long = fvalue_get_integer64(item);
return Py_BuildValue(format, tmp_unsigned_long_long);
}
else if(strcmp(format, "i") == 0) {
/* FIXME: does fvalue_get_sinteger() work properly with FT_INT{8,16,24} types? */
unsigned long tmp_long = fvalue_get_sinteger(item);
return Py_BuildValue(format, tmp_long);
}
else if(strcmp(format, "k") == 0) {
unsigned long tmp_unsigned_long = fvalue_get_uinteger(item);
return Py_BuildValue(format, tmp_unsigned_long);
}
else if(strcmp(format, "B") == 0) {
/* Wireshark implements FT_BOOLEANs as uintegers. See epan/ftype/ftype-integer.c */
unsigned long tmp_unsigned_long = fvalue_get_uinteger(item);
return PyBool_FromLong(tmp_unsigned_long);
}
else
return NULL;
}
WSLUA_METAMETHOD FieldInfo__call(lua_State* L) {
/*
Obtain the Value of the field
*/
FieldInfo fi = checkFieldInfo(L,1);
switch(fi->hfinfo->type) {
case FT_BOOLEAN:
lua_pushboolean(L,(int)fvalue_get_uinteger(&(fi->value)));
return 1;
case FT_UINT8:
case FT_UINT16:
case FT_UINT24:
case FT_UINT32:
case FT_FRAMENUM:
lua_pushnumber(L,(lua_Number)fvalue_get_uinteger(&(fi->value)));
return 1;
case FT_INT8:
case FT_INT16:
case FT_INT24:
case FT_INT32:
lua_pushnumber(L,(lua_Number)fvalue_get_sinteger(&(fi->value)));
return 1;
case FT_FLOAT:
case FT_DOUBLE:
lua_pushnumber(L,(lua_Number)fvalue_get_floating(&(fi->value)));
return 1;
case FT_INT64: {
Int64 num = (Int64)g_malloc(sizeof(gint64));
*num = fvalue_get_integer64(&(fi->value));
pushInt64(L,num);
return 1;
}
case FT_UINT64: {
UInt64 num = (UInt64)g_malloc(sizeof(guint64));
*num = fvalue_get_integer64(&(fi->value));
pushUInt64(L,num);
return 1;
}
case FT_ETHER: {
Address eth = (Address)g_malloc(sizeof(address));
eth->type = AT_ETHER;
eth->len = fi->length;
eth->data = tvb_memdup(NULL,fi->ds_tvb,fi->start,fi->length);
pushAddress(L,eth);
return 1;
}
case FT_IPv4:{
Address ipv4 = (Address)g_malloc(sizeof(address));
ipv4->type = AT_IPv4;
ipv4->len = fi->length;
ipv4->data = tvb_memdup(NULL,fi->ds_tvb,fi->start,fi->length);
pushAddress(L,ipv4);
return 1;
}
case FT_IPv6: {
Address ipv6 = (Address)g_malloc(sizeof(address));
ipv6->type = AT_IPv6;
ipv6->len = fi->length;
ipv6->data = tvb_memdup(NULL,fi->ds_tvb,fi->start,fi->length);
pushAddress(L,ipv6);
return 1;
}
case FT_IPXNET:{
Address ipx = (Address)g_malloc(sizeof(address));
ipx->type = AT_IPX;
ipx->len = fi->length;
ipx->data = tvb_memdup(NULL,fi->ds_tvb,fi->start,fi->length);
pushAddress(L,ipx);
return 1;
}
case FT_ABSOLUTE_TIME:
case FT_RELATIVE_TIME: {
NSTime nstime = (NSTime)g_malloc(sizeof(nstime_t));
*nstime = *(NSTime)fvalue_get(&(fi->value));
pushNSTime(L,nstime);
return 1;
}
case FT_STRING:
case FT_STRINGZ: {
gchar* repr = fvalue_to_string_repr(&fi->value,FTREPR_DISPLAY,NULL);
if (repr)
lua_pushstring(L,repr);
else
luaL_error(L,"field cannot be represented as string because it may contain invalid characters");
return 1;
}
case FT_NONE:
if (fi->length == 0) {
lua_pushnil(L);
return 1;
}
/* FALLTHROUGH */
case FT_BYTES:
case FT_UINT_BYTES:
case FT_GUID:
case FT_PROTOCOL:
case FT_REL_OID:
case FT_SYSTEM_ID:
case FT_OID: {
ByteArray ba = g_byte_array_new();
g_byte_array_append(ba, (const guint8 *)tvb_memdup(wmem_packet_scope(),fi->ds_tvb,fi->start,fi->length),fi->length);
pushByteArray(L,ba);
return 1;
}
default:
luaL_error(L,"FT_ not yet supported");
return 1;
}
}
/* WSLUA_ATTRIBUTE FieldInfo_value RO The value of this field. */
WSLUA_METAMETHOD FieldInfo__call(lua_State* L) {
/*
Obtain the Value of the field.
Previous to 1.11.4, this function retrieved the value for most field types,
but for `ftypes.UINT_BYTES` it retrieved the `ByteArray` of the field's entire `TvbRange`.
In other words, it returned a `ByteArray` that included the leading length byte(s),
instead of just the *value* bytes. That was a bug, and has been changed in 1.11.4.
Furthermore, it retrieved an `ftypes.GUID` as a `ByteArray`, which is also incorrect.
If you wish to still get a `ByteArray` of the `TvbRange`, use `FieldInfo:get_range()`
to get the `TvbRange`, and then use `Tvb:bytes()` to convert it to a `ByteArray`.
*/
FieldInfo fi = checkFieldInfo(L,1);
switch(fi->ws_fi->hfinfo->type) {
case FT_BOOLEAN:
lua_pushboolean(L,(int)fvalue_get_uinteger(&(fi->ws_fi->value)));
return 1;
case FT_UINT8:
case FT_UINT16:
case FT_UINT24:
case FT_UINT32:
case FT_FRAMENUM:
lua_pushnumber(L,(lua_Number)(fvalue_get_uinteger(&(fi->ws_fi->value))));
return 1;
case FT_INT8:
case FT_INT16:
case FT_INT24:
case FT_INT32:
lua_pushnumber(L,(lua_Number)(fvalue_get_sinteger(&(fi->ws_fi->value))));
return 1;
case FT_FLOAT:
case FT_DOUBLE:
lua_pushnumber(L,(lua_Number)(fvalue_get_floating(&(fi->ws_fi->value))));
return 1;
case FT_INT64: {
pushInt64(L,(Int64)(fvalue_get_sinteger64(&(fi->ws_fi->value))));
return 1;
}
case FT_UINT64: {
pushUInt64(L,fvalue_get_uinteger64(&(fi->ws_fi->value)));
return 1;
}
case FT_ETHER: {
Address eth = (Address)g_malloc(sizeof(address));
eth->type = AT_ETHER;
eth->len = fi->ws_fi->length;
eth->data = tvb_memdup(NULL,fi->ws_fi->ds_tvb,fi->ws_fi->start,fi->ws_fi->length);
pushAddress(L,eth);
return 1;
}
case FT_IPv4:{
Address ipv4 = (Address)g_malloc(sizeof(address));
ipv4->type = AT_IPv4;
ipv4->len = fi->ws_fi->length;
ipv4->data = tvb_memdup(NULL,fi->ws_fi->ds_tvb,fi->ws_fi->start,fi->ws_fi->length);
pushAddress(L,ipv4);
return 1;
}
case FT_IPv6: {
Address ipv6 = (Address)g_malloc(sizeof(address));
ipv6->type = AT_IPv6;
ipv6->len = fi->ws_fi->length;
ipv6->data = tvb_memdup(NULL,fi->ws_fi->ds_tvb,fi->ws_fi->start,fi->ws_fi->length);
pushAddress(L,ipv6);
return 1;
}
case FT_FCWWN: {
Address fcwwn = (Address)g_malloc(sizeof(address));
fcwwn->type = AT_FCWWN;
fcwwn->len = fi->ws_fi->length;
fcwwn->data = tvb_memdup(NULL,fi->ws_fi->ds_tvb,fi->ws_fi->start,fi->ws_fi->length);
pushAddress(L,fcwwn);
return 1;
}
case FT_IPXNET:{
Address ipx = (Address)g_malloc(sizeof(address));
ipx->type = AT_IPX;
ipx->len = fi->ws_fi->length;
ipx->data = tvb_memdup(NULL,fi->ws_fi->ds_tvb,fi->ws_fi->start,fi->ws_fi->length);
pushAddress(L,ipx);
return 1;
}
case FT_ABSOLUTE_TIME:
case FT_RELATIVE_TIME: {
NSTime nstime = (NSTime)g_malloc(sizeof(nstime_t));
*nstime = *(NSTime)fvalue_get(&(fi->ws_fi->value));
pushNSTime(L,nstime);
return 1;
}
case FT_STRING:
case FT_STRINGZ: {
gchar* repr = fvalue_to_string_repr(&fi->ws_fi->value,FTREPR_DISPLAY,BASE_NONE,NULL);
if (repr)
lua_pushstring(L,repr);
else
luaL_error(L,"field cannot be represented as string because it may contain invalid characters");
return 1;
}
case FT_NONE:
if (fi->ws_fi->length > 0 && fi->ws_fi->rep) {
/* it has a length, but calling fvalue_get() on an FT_NONE asserts,
so get the label instead (it's a FT_NONE, so a label is what it basically is) */
lua_pushstring(L, fi->ws_fi->rep->representation);
return 1;
}
return 0;
case FT_BYTES:
case FT_UINT_BYTES:
case FT_REL_OID:
case FT_SYSTEM_ID:
case FT_OID:
{
ByteArray ba = g_byte_array_new();
g_byte_array_append(ba, (const guint8 *) fvalue_get(&fi->ws_fi->value),
fvalue_length(&fi->ws_fi->value));
pushByteArray(L,ba);
return 1;
}
case FT_PROTOCOL:
{
ByteArray ba = g_byte_array_new();
tvbuff_t* tvb = (tvbuff_t *) fvalue_get(&fi->ws_fi->value);
g_byte_array_append(ba, (const guint8 *)tvb_memdup(wmem_packet_scope(), tvb, 0,
tvb_captured_length(tvb)), tvb_captured_length(tvb));
pushByteArray(L,ba);
return 1;
}
case FT_GUID:
default:
luaL_error(L,"FT_ not yet supported");
return 1;
}
}
static gboolean print_field_value(field_info *finfo, int cmd_line_index)
{
header_field_info *hfinfo;
static char *fs_buf = NULL;
char *fs_ptr = fs_buf;
static GString *label_s = NULL;
int fs_buf_len = FIELD_STR_INIT_LEN, fs_len;
guint i;
string_fmt_t *sf;
guint32 uvalue;
gint32 svalue;
const true_false_string *tfstring = &tfs_true_false;
hfinfo = finfo->hfinfo;
if (!fs_buf) {
fs_buf = g_malloc(fs_buf_len + 1);
fs_ptr = fs_buf;
}
if (!label_s) {
label_s = g_string_new("");
}
if(finfo->value.ftype->val_to_string_repr)
{
/*
* this field has an associated value,
* e.g: ip.hdr_len
*/
fs_len = fvalue_string_repr_len(&finfo->value, FTREPR_DFILTER);
while (fs_buf_len < fs_len) {
fs_buf_len *= 2;
fs_buf = g_realloc(fs_buf, fs_buf_len + 1);
fs_ptr = fs_buf;
}
fvalue_to_string_repr(&finfo->value,
FTREPR_DFILTER,
fs_buf);
/* String types are quoted. Remove them. */
if ((finfo->value.ftype->ftype == FT_STRING || finfo->value.ftype->ftype == FT_STRINGZ) && fs_len > 2) {
fs_buf[fs_len - 1] = '\0';
fs_ptr++;
}
}
if (string_fmts->len > 0 && finfo->hfinfo->strings) {
g_string_truncate(label_s, 0);
for (i = 0; i < string_fmts->len; i++) {
sf = g_ptr_array_index(string_fmts, i);
if (sf->plain) {
g_string_append(label_s, sf->plain);
} else {
switch (sf->format) {
case SF_NAME:
g_string_append(label_s, hfinfo->name);
break;
case SF_NUMVAL:
g_string_append(label_s, fs_ptr);
break;
case SF_STRVAL:
switch(hfinfo->type) {
case FT_BOOLEAN:
uvalue = fvalue_get_uinteger(&finfo->value);
tfstring = (const struct true_false_string*) hfinfo->strings;
g_string_append(label_s, uvalue ? tfstring->true_string : tfstring->false_string);
break;
case FT_INT8:
case FT_INT16:
case FT_INT24:
case FT_INT32:
DISSECTOR_ASSERT(!hfinfo->bitmask);
svalue = fvalue_get_sinteger(&finfo->value);
if (hfinfo->display & BASE_RANGE_STRING) {
g_string_append(label_s, rval_to_str(svalue, hfinfo->strings, "Unknown"));
} else {
g_string_append(label_s, val_to_str(svalue, cVALS(hfinfo->strings), "Unknown"));
}
case FT_UINT8:
case FT_UINT16:
case FT_UINT24:
case FT_UINT32:
uvalue = fvalue_get_uinteger(&finfo->value);
if (!hfinfo->bitmask && hfinfo->display & BASE_RANGE_STRING) {
g_string_append(label_s, rval_to_str(uvalue, hfinfo->strings, "Unknown"));
} else {
g_string_append(label_s, val_to_str(uvalue, cVALS(hfinfo->strings), "Unknown"));
}
break;
default:
break;
}
break;
default:
break;
}
}
}
printf(" %u=\"%s\"", cmd_line_index, label_s->str);
return TRUE;
}
if(finfo->value.ftype->val_to_string_repr)
{
printf(" %u=\"%s\"", cmd_line_index, fs_ptr);
return TRUE;
}
/*
* This field doesn't have an associated value,
* e.g. http
* We return n.a.
*/
printf(" %u=\"n.a.\"", cmd_line_index);
return TRUE;
}
gpointer cb_row_set(sharktools_callbacks *cb, void *row, void *key, gulong type, GPtrArray *tree_values)
{
static nstime_t *tmp_timestamp;
double tmp_double;
// Bomb out; I haven't updated this app...
fvalue_t *val_native;
const gchar *val_string;
g_assert_not_reached();
//printf("%s (%d)\t\t", val_string, (int)type);
switch(type)
{
case FT_NONE: /* used for text labels with no value */
printf("None");
break;
//case FT_PROTOCOL:
//case FT_BOOLEAN: /* TRUE and FALSE come from <glib.h> */
case FT_UINT8:
case FT_UINT16:
case FT_UINT24: /* really a UINT32, but displayed as 3 hex-digits if FD_HEX*/
case FT_UINT32:
/* FIXME: does fvalue_get_uinteger() work properly with FT_UINT{8,16,24} types? */
printf("%u", fvalue_get_uinteger(val_native));
break;
case FT_INT64:
/* Wireshark doesn't seem to make a difference between INT64 and UINT64 */
case FT_UINT64:
//guint64 tmp =
printf("%llu", (long long unsigned int)fvalue_get_integer64(val_native));// tmp);
break;
case FT_INT8:
case FT_INT16:
case FT_INT24: /* same as for UINT24 */
case FT_INT32:
/* FIXME: does fvalue_get_sinteger() work properly with FT_INT{8,16,24} types? */
printf("%d", fvalue_get_sinteger(val_native));
break;
case FT_FLOAT:
case FT_DOUBLE:
printf("%f", fvalue_get_floating(val_native));
break;
case FT_ABSOLUTE_TIME:
case FT_RELATIVE_TIME:
tmp_timestamp = fvalue_get(val_native);
// Use fn in $wireshark/epan/nstime.c to convert timestamp to a float
tmp_double = nstime_to_sec(tmp_timestamp);
printf("%f", tmp_double);
break;
//case FT_UINT_STRING: /* for use with proto_tree_add_item() */
//case FT_ETHER:
//case FT_BYTES:
//case FT_UINT_BYTES:
//case FT_IPv4:
//case FT_IPv6:
//case FT_IPXNET:
//case FT_FRAMENUM: /* a UINT32, but if selected lets you go to frame with that numbe */
//case FT_PCRE: /* a compiled Perl-Compatible Regular Expression object */
//case FT_GUID: /* GUID, UUID */
//case FT_OID: /* OBJECT IDENTIFIER */
default:
printf("%s", val_string);
break;
}
printf(" (%d)\t\t", (int)type);
/*
if(type == FT_UINT32)
{
//printf("%d (%d)\t\t", val_native->value.uinteger, (int)type);
printf("%d (%d)\t\t", fvalue_get_uinteger(val_native), (int)type);
}
*/
return NULL;
}
WSLUA_METAMETHOD FieldInfo__call(lua_State* L) {
/*
Obtain the Value of the field
*/
FieldInfo fi = checkFieldInfo(L,1);
switch(fi->hfinfo->type) {
case FT_NONE:
lua_pushnil(L);
return 1;
case FT_UINT8:
case FT_UINT16:
case FT_UINT24:
case FT_UINT32:
case FT_FRAMENUM:
lua_pushnumber(L,(lua_Number)fvalue_get_uinteger(&(fi->value)));
return 1;
case FT_INT8:
case FT_INT16:
case FT_INT24:
case FT_INT32:
lua_pushnumber(L,(lua_Number)fvalue_get_sinteger(&(fi->value)));
return 1;
case FT_FLOAT:
case FT_DOUBLE:
lua_pushnumber(L,(lua_Number)fvalue_get_floating(&(fi->value)));
return 1;
case FT_INT64: {
Int64 num = g_malloc(sizeof(gint64));
*num = fvalue_get_integer64(&(fi->value));
pushInt64(L,num);
return 1;
}
case FT_UINT64: {
UInt64 num = g_malloc(sizeof(guint64));
*num = fvalue_get_integer64(&(fi->value));
pushUInt64(L,num);
return 1;
}
case FT_ETHER: {
Address eth = g_malloc(sizeof(address));
eth->type = AT_ETHER;
eth->len = fi->length;
eth->data = tvb_memdup(fi->ds_tvb,fi->start,fi->length);
pushAddress(L,eth);
return 1;
}
case FT_IPv4:{
Address ipv4 = g_malloc(sizeof(address));
ipv4->type = AT_IPv4;
ipv4->len = fi->length;
ipv4->data = tvb_memdup(fi->ds_tvb,fi->start,fi->length);
pushAddress(L,ipv4);
return 1;
}
case FT_IPv6: {
Address ipv6 = g_malloc(sizeof(address));
ipv6->type = AT_IPv6;
ipv6->len = fi->length;
ipv6->data = tvb_memdup(fi->ds_tvb,fi->start,fi->length);
pushAddress(L,ipv6);
return 1;
}
case FT_IPXNET:{
Address ipx = g_malloc(sizeof(address));
ipx->type = AT_IPX;
ipx->len = fi->length;
ipx->data = tvb_memdup(fi->ds_tvb,fi->start,fi->length);
pushAddress(L,ipx);
return 1;
}
case FT_STRING:
case FT_STRINGZ: {
gchar* repr = fvalue_to_string_repr(&fi->value,FTREPR_DISPLAY,NULL);
if (repr)
lua_pushstring(L,repr);
else
luaL_error(L,"field cannot be represented as string because it may contain invalid characters");
return 1;
}
case FT_BYTES:
case FT_UINT_BYTES:
case FT_GUID:
case FT_OID: {
ByteArray ba = g_byte_array_new();
g_byte_array_append(ba, ep_tvb_memdup(fi->ds_tvb,fi->start,fi->length),fi->length);
pushByteArray(L,ba);
return 1;
}
default:
luaL_error(L,"FT_ not yet supported");
return 1;
}
}