summaryrefslogtreecommitdiff
path: root/epan/conversation_table.c
diff options
context:
space:
mode:
Diffstat (limited to 'epan/conversation_table.c')
-rw-r--r--epan/conversation_table.c581
1 files changed, 581 insertions, 0 deletions
diff --git a/epan/conversation_table.c b/epan/conversation_table.c
new file mode 100644
index 0000000000..50f1954ea9
--- /dev/null
+++ b/epan/conversation_table.c
@@ -0,0 +1,581 @@
+/* conversations_table.c
+ * conversations_table 2003 Ronnie Sahlberg
+ * Helper routines common to all endpoint conversations tap.
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <string.h>
+
+#include "packet_info.h"
+#include "proto.h"
+#include "conversation_table.h"
+#include "addr_resolv.h"
+#include "emem.h"
+
+#include "stat_cmd_args.h"
+
+GList *cmd_string_list_ = NULL;
+
+struct register_ct {
+ gboolean hide_ports; /* hide TCP / UDP port columns */
+ int proto_id; /* protocol id (0-indexed) */
+ tap_packet_cb packet_func; /* function to be called for new incoming packets */
+ conv_gui_init_cb gui_init_cb; /* GUI specific function to initialize conversation */
+};
+
+gboolean get_conversation_hide_ports(register_ct_t* ct)
+{
+ return ct->hide_ports;
+}
+
+int get_conversation_proto_id(register_ct_t* ct)
+{
+ if (!ct) {
+ return -1;
+ }
+ return ct->proto_id;
+}
+
+tap_packet_cb get_conversation_packet_func(register_ct_t* ct)
+{
+ return ct->packet_func;
+}
+
+static GSList *registered_ct_tables = NULL;
+
+void
+dissector_conversation_init(const char *opt_arg, void* userdata)
+{
+ register_ct_t *table = (register_ct_t*)userdata;
+ GString *cmd_str = g_string_new("conv,");
+ const char *filter=NULL;
+
+ g_string_append(cmd_str, proto_get_protocol_filter_name(table->proto_id));
+ if(!strncmp(opt_arg, cmd_str->str, cmd_str->len)){
+ filter = opt_arg + cmd_str->len;
+ } else {
+ filter = NULL;
+ }
+ g_string_free(cmd_str, TRUE);
+
+ if (table->gui_init_cb)
+ table->gui_init_cb(table, filter);
+}
+
+/** get conversation from protocol ID
+ *
+ * @param proto_id protocol ID
+ * @return tap function handler of conversation
+ */
+register_ct_t* get_conversation_by_proto_id(int proto_id)
+{
+ GSList *ct;
+ register_ct_t *table;
+
+ for(ct = registered_ct_tables; ct != NULL; ct = g_slist_next(ct)){
+ table = (register_ct_t*)ct->data;
+ if ((table) && (table->proto_id == proto_id))
+ return table;
+ }
+
+ return NULL;
+}
+
+static gint
+insert_sorted_by_table_name(gconstpointer aparam, gconstpointer bparam)
+{
+ const register_ct_t *a = (register_ct_t *)aparam;
+ const register_ct_t *b = (register_ct_t *)bparam;
+
+ return g_ascii_strcasecmp(proto_get_protocol_short_name(find_protocol_by_id(a->proto_id)), proto_get_protocol_short_name(find_protocol_by_id(b->proto_id)));
+}
+
+void
+register_conversation_table(const int proto_id, gboolean hide_ports, tap_packet_cb packet_func)
+{
+ register_ct_t *table;
+ GString *cmd_str = g_string_new("conv,");
+
+ table = g_new(register_ct_t,1);
+
+ table->hide_ports = hide_ports;
+ table->proto_id = proto_id;
+ table->packet_func = packet_func;
+ table->gui_init_cb = NULL;
+
+ registered_ct_tables = g_slist_insert_sorted(registered_ct_tables, table, insert_sorted_by_table_name);
+
+ g_string_append(cmd_str, proto_get_protocol_filter_name(table->proto_id));
+ cmd_string_list_ = g_list_append(cmd_string_list_, cmd_str->str);
+ register_stat_cmd_arg(cmd_str->str, dissector_conversation_init, table);
+ g_string_free(cmd_str, FALSE);
+}
+
+/* Set GUI fields for register_ct list */
+static void
+set_gui_data(gpointer data, gpointer user_data)
+{
+ register_ct_t *table = (register_ct_t*)data;
+ table->gui_init_cb = (conv_gui_init_cb)user_data;
+}
+
+void conversation_table_set_gui_info(conv_gui_init_cb init_cb)
+{
+ g_slist_foreach(registered_ct_tables, set_gui_data, init_cb);
+}
+
+void conversation_table_iterate_tables(GFunc func, gpointer user_data)
+{
+ g_slist_foreach(registered_ct_tables, func, user_data);
+}
+
+guint conversation_table_get_num(void)
+{
+ return g_slist_length(registered_ct_tables);
+}
+
+
+register_ct_t *get_conversation_table_by_num(guint table_num)
+{
+ return (register_ct_t *) g_slist_nth_data(registered_ct_tables, table_num);
+}
+
+/** Compute the hash value for two given address/port pairs.
+ * (Parameter type is gconstpointer for GHashTable compatibility.)
+ *
+ * @param key Conversation. MUST point to a conv_key_t struct.
+ * @return Computed key hash.
+ */
+static guint
+conversation_hash(gconstpointer v)
+{
+ const conv_key_t *key = (const conv_key_t *)v;
+ guint hash_val;
+
+ hash_val = 0;
+ ADD_ADDRESS_TO_HASH(hash_val, &key->addr1);
+ hash_val += key->port1;
+ ADD_ADDRESS_TO_HASH(hash_val, &key->addr2);
+ hash_val += key->port2;
+ hash_val ^= key->conv_id;
+
+ return hash_val;
+}
+
+/** Compare two conversation keys for an exact match.
+ * (Parameter types are gconstpointer for GHashTable compatibility.)
+ *
+ * @param key1 First conversation. MUST point to a conv_key_t struct.
+ * @param key2 Second conversation. MUST point to a conv_key_t struct.
+ * @return TRUE if conversations are equal, FALSE otherwise.
+ */
+static gboolean
+conversation_equal(gconstpointer key1, gconstpointer key2)
+{
+ const conv_key_t *ck1 = (const conv_key_t *)key1;
+ const conv_key_t *ck2 = (const conv_key_t *)key2;
+
+ if (ck1->conv_id == ck2->conv_id)
+ {
+ if (ck1->port1 == ck2->port1 &&
+ ck1->port2 == ck2->port2 &&
+ ADDRESSES_EQUAL(&ck1->addr1, &ck2->addr1) &&
+ ADDRESSES_EQUAL(&ck1->addr2, &ck2->addr2)) {
+ return TRUE;
+ }
+
+ if (ck1->port2 == ck2->port1 &&
+ ck1->port1 == ck2->port2 &&
+ ADDRESSES_EQUAL(&ck1->addr2, &ck2->addr1) &&
+ ADDRESSES_EQUAL(&ck1->addr1, &ck2->addr2)) {
+ return TRUE;
+ }
+ }
+
+ /*
+ * The addresses, ports, or conversation IDs don't match.
+ */
+ return FALSE;
+}
+
+void
+reset_conversation_table_data(conv_hash_t *ch)
+{
+ if (!ch) {
+ return;
+ }
+
+ if (ch->conv_array != NULL) {
+ guint i;
+ for(i = 0; i < ch->conv_array->len; i++){
+ conv_item_t *conv = &g_array_index(ch->conv_array, conv_item_t, i);
+ g_free((gpointer)conv->src_address.data);
+ g_free((gpointer)conv->dst_address.data);
+ }
+
+ g_array_free(ch->conv_array, TRUE);
+ }
+
+ if (ch->hashtable != NULL) {
+ g_hash_table_destroy(ch->hashtable);
+ }
+
+ ch->conv_array=NULL;
+ ch->hashtable=NULL;
+}
+
+const char *get_conversation_address(address *addr, gboolean resolve_names)
+{
+ if (resolve_names) {
+ return ep_address_to_display(addr);
+ } else {
+ return ep_address_to_str(addr);
+ }
+}
+
+const char *get_conversation_port(guint32 port, port_type ptype, gboolean resolve_names)
+{
+
+ if(!resolve_names) ptype = PT_NONE;
+
+ switch(ptype) {
+ case(PT_TCP):
+ return ep_tcp_port_to_display(port);
+ case(PT_UDP):
+ return ep_udp_port_to_display(port);
+ case(PT_SCTP):
+ return ep_sctp_port_to_display(port);
+ default:
+ return ep_strdup_printf("%d", port);
+ }
+}
+
+/* given an address (to distinguish between ipv4 and ipv6 for tcp/udp),
+ a port_type and a name_type (FN_...)
+ return a string for the filter name.
+
+ Some addresses, like AT_ETHER may actually be any of multiple types
+ of protocols, either ethernet, tokenring, fddi, wlan etc so we must be
+ more specific there; that's why we need specific_addr_type.
+*/
+static const char *
+conversation_get_filter_name(conv_item_t *conv_item, conv_filter_type_e filter_type)
+{
+
+ if ((conv_item == NULL) || (conv_item->dissector_info == NULL) || (conv_item->dissector_info->get_filter_type == NULL)) {
+ return CONV_FILTER_INVALID;
+ }
+
+ return conv_item->dissector_info->get_filter_type(conv_item, filter_type);
+}
+
+/* Convert a port number into a string or NULL */
+static char *
+ct_port_to_str(port_type ptype, guint32 port)
+{
+ switch(ptype){
+ case PT_TCP:
+ case PT_UDP:
+ case PT_SCTP:
+ case PT_NCP:
+ return g_strdup_printf("%d", port);
+ default:
+ break;
+ }
+ return NULL;
+}
+
+const char *get_conversation_filter(conv_item_t *conv_item, conv_direction_e direction)
+{
+ char *sport, *dport;
+ const char *str = "INVALID";
+
+ sport = ct_port_to_str(conv_item->ptype, conv_item->src_port);
+ dport = ct_port_to_str(conv_item->ptype, conv_item->dst_port);
+
+ switch(direction){
+ case CONV_DIR_A_TO_FROM_B:
+ /* A <-> B */
+ str = ep_strdup_printf("%s==%s%s%s%s%s && %s==%s%s%s%s%s",
+ conversation_get_filter_name(conv_item, CONV_FT_ANY_ADDRESS),
+ ep_address_to_str(&conv_item->src_address),
+ sport?" && ":"",
+ sport?conversation_get_filter_name(conv_item, CONV_FT_ANY_PORT):"",
+ sport?"==":"",
+ sport?sport:"",
+ conversation_get_filter_name(conv_item, CONV_FT_ANY_ADDRESS),
+ ep_address_to_str(&conv_item->dst_address),
+ dport?" && ":"",
+ dport?conversation_get_filter_name(conv_item, CONV_FT_ANY_PORT):"",
+ dport?"==":"",
+ dport?dport:""
+ );
+ break;
+ case CONV_DIR_A_TO_B:
+ /* A --> B */
+ str = ep_strdup_printf("%s==%s%s%s%s%s && %s==%s%s%s%s%s",
+ conversation_get_filter_name(conv_item, CONV_FT_SRC_ADDRESS),
+ ep_address_to_str(&conv_item->src_address),
+ sport?" && ":"",
+ sport?conversation_get_filter_name(conv_item, CONV_FT_SRC_PORT):"",
+ sport?"==":"",
+ sport?sport:"",
+ conversation_get_filter_name(conv_item, CONV_FT_DST_ADDRESS),
+ ep_address_to_str(&conv_item->dst_address),
+ dport?" && ":"",
+ dport?conversation_get_filter_name(conv_item, CONV_FT_DST_PORT):"",
+ dport?"==":"",
+ dport?dport:""
+ );
+ break;
+ case CONV_DIR_A_FROM_B:
+ /* A <-- B */
+ str = ep_strdup_printf("%s==%s%s%s%s%s && %s==%s%s%s%s%s",
+ conversation_get_filter_name(conv_item, CONV_FT_DST_ADDRESS),
+ ep_address_to_str(&conv_item->src_address),
+ sport?" && ":"",
+ sport?conversation_get_filter_name(conv_item, CONV_FT_DST_PORT):"",
+ sport?"==":"",
+ sport?sport:"",
+ conversation_get_filter_name(conv_item, CONV_FT_SRC_ADDRESS),
+ ep_address_to_str(&conv_item->dst_address),
+ dport?" && ":"",
+ dport?conversation_get_filter_name(conv_item, CONV_FT_SRC_PORT):"",
+ dport?"==":"",
+ dport?dport:""
+ );
+ break;
+ case CONV_DIR_A_TO_FROM_ANY:
+ /* A <-> ANY */
+ str = ep_strdup_printf("%s==%s%s%s%s%s",
+ conversation_get_filter_name(conv_item, CONV_FT_ANY_ADDRESS),
+ ep_address_to_str(&conv_item->src_address),
+ sport?" && ":"",
+ sport?conversation_get_filter_name(conv_item, CONV_FT_ANY_PORT):"",
+ sport?"==":"",
+ sport?sport:""
+ );
+ break;
+ case CONV_DIR_A_TO_ANY:
+ /* A --> ANY */
+ str = ep_strdup_printf("%s==%s%s%s%s%s",
+ conversation_get_filter_name(conv_item, CONV_FT_SRC_ADDRESS),
+ ep_address_to_str(&conv_item->src_address),
+ sport?" && ":"",
+ sport?conversation_get_filter_name(conv_item, CONV_FT_SRC_PORT):"",
+ sport?"==":"",
+ sport?sport:""
+ );
+ break;
+ case CONV_DIR_A_FROM_ANY:
+ /* A <-- ANY */
+ str = ep_strdup_printf("%s==%s%s%s%s%s",
+ conversation_get_filter_name(conv_item, CONV_FT_DST_ADDRESS),
+ ep_address_to_str(&conv_item->src_address),
+ sport?" && ":"",
+ sport?conversation_get_filter_name(conv_item, CONV_FT_DST_PORT):"",
+ sport?"==":"",
+ sport?sport:""
+ );
+ break;
+ case CONV_DIR_ANY_TO_FROM_B:
+ /* ANY <-> B */
+ str = ep_strdup_printf("%s==%s%s%s%s%s",
+ conversation_get_filter_name(conv_item, CONV_FT_ANY_ADDRESS),
+ ep_address_to_str(&conv_item->dst_address),
+ dport?" && ":"",
+ dport?conversation_get_filter_name(conv_item, CONV_FT_ANY_PORT):"",
+ dport?"==":"",
+ dport?dport:""
+ );
+ break;
+ case CONV_DIR_ANY_FROM_B:
+ /* ANY <-- B */
+ str = ep_strdup_printf("%s==%s%s%s%s%s",
+ conversation_get_filter_name(conv_item, CONV_FT_SRC_ADDRESS),
+ ep_address_to_str(&conv_item->dst_address),
+ dport?" && ":"",
+ dport?conversation_get_filter_name(conv_item, CONV_FT_SRC_PORT):"",
+ dport?"==":"",
+ dport?dport:""
+ );
+ break;
+ case CONV_DIR_ANY_TO_B:
+ /* ANY --> B */
+ str = ep_strdup_printf("%s==%s%s%s%s%s",
+ conversation_get_filter_name(conv_item, CONV_FT_DST_ADDRESS),
+ ep_address_to_str(&conv_item->dst_address),
+ dport?" && ":"",
+ dport?conversation_get_filter_name(conv_item, CONV_FT_DST_PORT):"",
+ dport?"==":"",
+ dport?dport:""
+ );
+ break;
+ default:
+ break;
+ }
+ g_free(sport);
+ g_free(dport);
+ return str;
+}
+
+void
+add_conversation_table_data(conv_hash_t *ch, const address *src, const address *dst, guint32 src_port, guint32 dst_port, int num_frames, int num_bytes, nstime_t *ts, ct_dissector_info_t *ct_info, port_type ptype)
+{
+ add_conversation_table_data_with_conv_id(ch, src, dst, src_port, dst_port, CONV_ID_UNSET, num_frames, num_bytes, ts, ct_info, ptype);
+}
+
+void
+add_conversation_table_data_with_conv_id(
+ conv_hash_t *ch,
+ const address *src,
+ const address *dst,
+ guint32 src_port,
+ guint32 dst_port,
+ conv_id_t conv_id,
+ int num_frames,
+ int num_bytes,
+ nstime_t *ts,
+ ct_dissector_info_t *ct_info,
+ port_type ptype)
+{
+ const address *addr1, *addr2;
+ guint32 port1, port2;
+ conv_item_t *conv_item = NULL;
+ unsigned int conversation_idx = 0;
+
+ if (src_port > dst_port) {
+ addr1 = src;
+ addr2 = dst;
+ port1 = src_port;
+ port2 = dst_port;
+ } else if (src_port < dst_port) {
+ addr2 = src;
+ addr1 = dst;
+ port2 = src_port;
+ port1 = dst_port;
+ } else if (CMP_ADDRESS(src, dst) < 0) {
+ addr1 = src;
+ addr2 = dst;
+ port1 = src_port;
+ port2 = dst_port;
+ } else {
+ addr2 = src;
+ addr1 = dst;
+ port2 = src_port;
+ port1 = dst_port;
+ }
+
+ /* if we dont have any entries at all yet */
+ if (ch->conv_array == NULL) {
+ ch->conv_array = g_array_sized_new(FALSE, FALSE, sizeof(conv_item_t), 10000);
+
+ ch->hashtable = g_hash_table_new_full(conversation_hash,
+ conversation_equal, /* key_equal_func */
+ g_free, /* key_destroy_func */
+ NULL); /* value_destroy_func */
+
+ } else {
+ /* try to find it among the existing known conversations */
+ conv_key_t existing_key;
+
+ existing_key.addr1 = *addr1;
+ existing_key.addr2 = *addr2;
+ existing_key.port1 = port1;
+ existing_key.port2 = port2;
+ existing_key.conv_id = conv_id;
+ if (g_hash_table_lookup_extended(ch->hashtable, &existing_key, NULL, (gpointer *) &conversation_idx)) {
+ conv_item = &g_array_index(ch->conv_array, conv_item_t, conversation_idx);
+ }
+ }
+
+ /* if we still dont know what conversation this is it has to be a new one
+ and we have to allocate it and append it to the end of the list */
+ if (conv_item == NULL) {
+ conv_key_t *new_key;
+ conv_item_t new_conv_item;
+
+ COPY_ADDRESS(&new_conv_item.src_address, addr1);
+ COPY_ADDRESS(&new_conv_item.dst_address, addr2);
+ new_conv_item.dissector_info = ct_info;
+ new_conv_item.ptype = ptype;
+ new_conv_item.src_port = port1;
+ new_conv_item.dst_port = port2;
+ new_conv_item.conv_id = conv_id;
+ new_conv_item.rx_frames = 0;
+ new_conv_item.tx_frames = 0;
+ new_conv_item.rx_bytes = 0;
+ new_conv_item.tx_bytes = 0;
+ new_conv_item.modified = TRUE;
+
+ if (ts) {
+ memcpy(&new_conv_item.start_time, ts, sizeof(new_conv_item.start_time));
+ memcpy(&new_conv_item.stop_time, ts, sizeof(new_conv_item.stop_time));
+ } else {
+ nstime_set_unset(&new_conv_item.start_time);
+ nstime_set_unset(&new_conv_item.stop_time);
+ }
+ g_array_append_val(ch->conv_array, new_conv_item);
+ conversation_idx = ch->conv_array->len - 1;
+ conv_item = &g_array_index(ch->conv_array, conv_item_t, conversation_idx);
+
+ /* ct->conversations address is not a constant but src/dst_address.data are */
+ new_key = g_new(conv_key_t, 1);
+ SET_ADDRESS(&new_key->addr1, conv_item->src_address.type, conv_item->src_address.len, conv_item->src_address.data);
+ SET_ADDRESS(&new_key->addr2, conv_item->dst_address.type, conv_item->dst_address.len, conv_item->dst_address.data);
+ new_key->port1 = port1;
+ new_key->port2 = port2;
+ new_key->conv_id = conv_id;
+ g_hash_table_insert(ch->hashtable, new_key, GUINT_TO_POINTER(conversation_idx));
+ }
+
+ /* update the conversation struct */
+ conv_item->modified = TRUE;
+ if ( (!CMP_ADDRESS(src, addr1)) && (!CMP_ADDRESS(dst, addr2)) && (src_port==port1) && (dst_port==port2) ) {
+ conv_item->tx_frames += num_frames;
+ conv_item->tx_bytes += num_bytes;
+ } else {
+ conv_item->rx_frames += num_frames;
+ conv_item->rx_bytes += num_bytes;
+ }
+
+ if (ts) {
+ if (nstime_cmp(ts, &conv_item->stop_time) > 0) {
+ memcpy(&conv_item->stop_time, ts, sizeof(conv_item->stop_time));
+ } else if (nstime_cmp(ts, &conv_item->start_time) < 0) {
+ memcpy(&conv_item->start_time, ts, sizeof(conv_item->start_time));
+ }
+ }
+}
+
+/*
+ * Editor modelines
+ *
+ * Local Variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * ex: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */
generated by cgit v1.2.1 (git 2.18.0) at 2024-06-18 21:26:52 +0000