1 files changed, 185 insertions, 0 deletions

diff --git a/plugins/transum/packet-transum.h b/plugins/transum/packet-transum.h
new file mode 100644
index 0000000000..992d3a3249
--- /dev/null
+++ b/plugins/transum/packet-transum.h
@@ -0,0 +1,185 @@
+/* packet-transum.h
+* Header file for the TRANSUM response time analyzer post-dissector
+* By Paul Offord <paul.offord@advance7.com>
+* Copyright 2016 Advance Seven Limited
+*
+* Wireshark - Network traffic analyzer
+* By Gerald Combs <gerald@wireshark.org>
+* Copyright 1998 Gerald Combs
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#define ETH_TYPE_IPV4 0x0800
+#define ETH_TYPE_IPV6 0x86dd
+
+#define IP_PROTO_TCP 6
+#define IP_PROTO_UDP 17
+
+#define RRPD_STATE_DONT_CARE 0
+#define RRPD_STATE_INIT 0
+#define RRPD_STATE_1 1
+#define RRPD_STATE_2 2
+#define RRPD_STATE_3 3
+#define RRPD_STATE_4 4
+#define RRPD_STATE_5 5
+#define RRPD_STATE_6 6
+#define RRPD_STATE_7 7
+#define RRPD_STATE_8 8
+
+#define RTE_CALC_SYN    1
+#define RTE_CALC_GTCP   2
+#define RTE_CALC_GUDP   3
+#define RTE_CALC_SMB1   4
+#define RTE_CALC_SMB2   5
+#define RTE_CALC_DCERPC 6
+#define RTE_CALC_DNS    7
+
+#define RRPD_SIZE 64
+
+#define MAX_STREAMS_PER_PROTOCOL 256*1024
+#define MAX_PACKETS 8000000  /* We support 8 million packets */
+#define MAX_SUBPKTS_PER_PACKET 16
+#define MAX_RRPDS 1000000  /* We support 4 million RRPDs */
+#define SIZE_OF_TEMP_RSP_RRPD_LIST 1024
+
+/*
+    An RR pair is identified by a Fully Qualified Message ID (RRPD)
+*/
+
+typedef struct _RRPD
+{
+    /*
+        When a c2s is set TRUE it means that the associated packet is going from
+        client-to-service.  If this value is false the associated packet is going
+        from service-to-client.
+
+        This value is only valid for RRPDs imbedded in subpacket structures.
+     */
+    gboolean c2s;
+
+    guint8   ip_proto;
+    guint32  stream_no;
+    guint64  session_id;
+    guint64  msg_id;
+    guint32  suffix;
+
+    /*
+        Some request-response pairs are demarked simple by a change in direction on a
+        TCP or UDP stream from s2c to c2s.  This is true for the GTCP and GUDP
+        calculations.  Other calculations (such as DCERPC) use application protocol
+        values to detect the start and end of APDUs.  In this latter case decode_based
+        is set to true.
+     */
+    gboolean decode_based;
+
+    int      state;
+
+    guint32  req_first_frame;
+    nstime_t req_first_rtime;
+    guint32  req_last_frame;
+    nstime_t req_last_rtime;
+
+    guint32  rsp_first_frame;
+    nstime_t rsp_first_rtime;
+    guint32  rsp_last_frame;
+    nstime_t rsp_last_rtime;
+
+    guint    calculation;
+} RRPD;
+
+typedef struct _PKT_INFO
+{
+    int frame_number;
+    nstime_t relative_time;
+
+    gboolean tcp_retran;  /* tcp.analysis.retransmission */
+    gboolean tcp_keep_alive;  /* tcp.analysis.keep_alive */
+    gboolean tcp_flags_syn;  /* tcp.flags.syn */
+    gboolean tcp_flags_ack;  /* tcp.flags.ack */
+    gboolean tcp_flags_reset;  /* tcp.flags.reset */
+    guint32 tcp_flags_urg;  /* tcp.urgent_pointer */
+    guint32 tcp_seq;  /* tcp.seq */
+
+    /* Generic transport values */
+    guint16 srcport;  /* tcp.srcport or udp.srcport*/
+    guint16 dstport;  /* tcp.dstport or udp.dstport*/
+    guint16 len;  /* tcp.len or udp.len */
+
+    guint8  tds_type;  /*tds.type */
+    guint16 tds_length;  /* tds.length */
+
+    guint16 smb_mid;  /* smb.mid */
+
+    guint64 smb2_sesid;  /* smb2.sesid */
+    guint64 smb2_msg_id;  /* smb2.msg_id */
+    guint16 smb2_cmd;  /* smb2.cmd */
+
+    guint8 dcerpc_ver;  /* dcerpc.ver */
+    guint8 dcerpc_pkt_type;  /* dcerpc.pkt_type */
+    guint32 dcerpc_cn_call_id;  /* dcerpc.cn_call_id */
+    guint16 dcerpc_cn_ctx_id;  /* dcerpc.cn_ctx_id */
+
+    guint16 dns_id;  /* dns.id */
+
+    /* The following values are calculated */
+    gboolean pkt_of_interest;
+
+    /* RRPD data for this packet */
+    /* Complete this based on the detected protocol */
+    RRPD rrpd;
+
+} PKT_INFO;
+
+typedef struct _HF_OF_INTEREST
+{
+    int ip_proto;
+    int ipv6_nxt;
+
+    int tcp_retran;
+    int tcp_keep_alive;
+    int tcp_flags_syn;
+    int tcp_flags_ack;
+    int tcp_flags_reset;
+    int tcp_flags_urg;
+    int tcp_seq;
+    int tcp_srcport;
+    int tcp_dstport;
+    int tcp_stream;
+    int tcp_len;
+
+    int udp_srcport;
+    int udp_dstport;
+    int udp_stream;
+    int udp_length;
+
+    int tds_type;
+    int tds_length;
+
+    int smb_mid;
+
+    int smb2_ses_id;
+    int smb2_msg_id;
+    int smb2_cmd;
+
+    int dcerpc_ver;
+    int dcerpc_pkt_type;
+    int dcerpc_cn_call_id;
+    int dcerpc_cn_ctx_id;
+
+    int dns_id;
+
+    int data_data;
+} HF_OF_INTEREST;