diff options
author | Jakub Zawadzki <darkjames-ws@darkjames.pl> | 2017-09-16 16:52:23 +0200 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2017-09-18 21:24:16 +0000 |
commit | c41bab1f667cfe51b09b80869497a2db68abecce (patch) | |
tree | f61fbf402e9cfe58b9a694eabf4dd389bed94796 /epan/dissectors/packet-tcp.c | |
parent | a593fce94cb7fd0fa3f5eef7fae9c0128cb6f7e3 (diff) |
Move most of sequence analysis code from ui/ to epan/
Create registration system to allow creation of analysis items
to be localized to the dissector. For now only frame (all) and
TCP are supported.
VOIP functionality will be covered in a separate patch.
Change-Id: I5b05ef6d5afff8d0b162b03a0f451ab810602e81
Reviewed-on: https://code.wireshark.org/review/23571
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-tcp.c')
-rw-r--r-- | epan/dissectors/packet-tcp.c | 164 |
1 files changed, 110 insertions, 54 deletions
diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c index e7997439f5..899326f6a6 100644 --- a/epan/dissectors/packet-tcp.c +++ b/epan/dissectors/packet-tcp.c @@ -35,6 +35,7 @@ #include <epan/show_exception.h> #include <epan/conversation_table.h> #include <epan/dissector_filters.h> +#include <epan/sequence_analysis.h> #include <epan/reassemble.h> #include <epan/decode_as.h> #include <epan/exported_pdu.h> @@ -618,6 +619,60 @@ static const int *tcp_option_mptcp_dss_flags[] = { const unit_name_string units_64bit_version = { " (64bits version)", NULL }; + +static const char * +tcp_flags_to_str(wmem_allocator_t *scope, const struct tcpheader *tcph) +{ + static const char flags[][4] = { "FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECN", "CWR", "NS" }; + const int maxlength = 64; /* upper bounds, max 53B: 8 * 3 + 2 + strlen("Reserved") + 9 * 2 + 1 */ + + char *pbuf; + const char *buf; + + int i; + + buf = pbuf = (char *) wmem_alloc(scope, maxlength); + *pbuf = '\0'; + + for (i = 0; i < 9; i++) { + if (tcph->th_flags & (1 << i)) { + if (buf[0]) + pbuf = g_stpcpy(pbuf, ", "); + pbuf = g_stpcpy(pbuf, flags[i]); + } + } + + if (tcph->th_flags & TH_RES) { + if (buf[0]) + pbuf = g_stpcpy(pbuf, ", "); + g_stpcpy(pbuf, "Reserved"); + } + + if (buf[0] == '\0') + buf = "<None>"; + + return buf; +} +static const char * +tcp_flags_to_str_first_letter(const struct tcpheader *tcph) +{ + wmem_strbuf_t *buf = wmem_strbuf_new(wmem_packet_scope(), ""); + unsigned i; + const unsigned flags_count = 12; + const char first_letters[] = "RRRNCEUAPRSF"; + + /* upper three bytes are marked as reserved ('R'). */ + for (i = 0; i < flags_count; i++) { + if (((tcph->th_flags >> (flags_count - 1 - i)) & 1)) { + wmem_strbuf_append_c(buf, first_letters[i]); + } else { + wmem_strbuf_append(buf, UTF8_MIDDLE_DOT); + } + } + + return wmem_strbuf_finalize(buf); +} + static void tcp_src_prompt(packet_info *pinfo, gchar *result) { @@ -806,6 +861,59 @@ tcp_build_filter(packet_info *pinfo) return NULL; } +/****************************************************************************/ +/* whenever a TCP packet is seen by the tap listener */ +/* Add a new tcp frame into the graph */ +static gboolean +tcp_seq_analysis_packet( void *ptr, packet_info *pinfo, epan_dissect_t *edt _U_, const void *tcp_info) +{ + seq_analysis_info_t *sainfo = (seq_analysis_info_t *) ptr; + const struct tcpheader *tcph = (const struct tcpheader *)tcp_info; + + if ((sainfo->all_packets)||(pinfo->fd->flags.passed_dfilter==1)){ + const char* flags; + seq_analysis_item_t *sai; + + sai = g_new0(seq_analysis_item_t, 1); + sai->frame_number = pinfo->num; + if (sainfo->any_addr) { + copy_address(&(sai->src_addr),&(pinfo->net_src)); + copy_address(&(sai->dst_addr),&(pinfo->net_dst)); + } else { + copy_address(&(sai->src_addr),&(pinfo->src)); + copy_address(&(sai->dst_addr),&(pinfo->dst)); + } + sai->port_src=pinfo->srcport; + sai->port_dst=pinfo->destport; + sai->protocol=g_strdup(port_type_to_str(pinfo->ptype)); + + flags = tcp_flags_to_str(NULL, tcph); + + if ((tcph->th_have_seglen)&&(tcph->th_seglen!=0)){ + sai->frame_label = g_strdup_printf("%s - Len: %u",flags, tcph->th_seglen); + } + else{ + sai->frame_label = g_strdup(flags); + } + + wmem_free(NULL, (void*)flags); + + if (tcph->th_flags & TH_ACK) + sai->comment = g_strdup_printf("Seq = %u Ack = %u",tcph->th_seq, tcph->th_ack); + else + sai->comment = g_strdup_printf("Seq = %u",tcph->th_seq); + + sai->line_style = 1; + sai->conv_num = (guint16) tcph->th_stream; + sai->display = TRUE; + + g_queue_push_tail(sainfo->items, sai); + } + + return TRUE; +} + + gchar* tcp_follow_conv_filter(packet_info* pinfo, int* stream) { conversation_t *conv; @@ -5603,59 +5711,6 @@ dissect_tcp_payload(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 seq, } } -static const char * -tcp_flags_to_str(const struct tcpheader *tcph) -{ - static const char flags[][4] = { "FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECN", "CWR", "NS" }; - const int maxlength = 64; /* upper bounds, max 53B: 8 * 3 + 2 + strlen("Reserved") + 9 * 2 + 1 */ - - char *pbuf; - const char *buf; - - int i; - - buf = pbuf = (char *) wmem_alloc(wmem_packet_scope(), maxlength); - *pbuf = '\0'; - - for (i = 0; i < 9; i++) { - if (tcph->th_flags & (1 << i)) { - if (buf[0]) - pbuf = g_stpcpy(pbuf, ", "); - pbuf = g_stpcpy(pbuf, flags[i]); - } - } - - if (tcph->th_flags & TH_RES) { - if (buf[0]) - pbuf = g_stpcpy(pbuf, ", "); - g_stpcpy(pbuf, "Reserved"); - } - - if (buf[0] == '\0') - buf = "<None>"; - - return buf; -} -static const char * -tcp_flags_to_str_first_letter(const struct tcpheader *tcph) -{ - wmem_strbuf_t *buf = wmem_strbuf_new(wmem_packet_scope(), ""); - unsigned i; - const unsigned flags_count = 12; - const char first_letters[] = "RRRNCEUAPRSF"; - - /* upper three bytes are marked as reserved ('R'). */ - for (i = 0; i < flags_count; i++) { - if (((tcph->th_flags >> (flags_count - 1 - i)) & 1)) { - wmem_strbuf_append_c(buf, first_letters[i]); - } else { - wmem_strbuf_append(buf, UTF8_MIDDLE_DOT); - } - } - - return wmem_strbuf_finalize(buf); -} - static gboolean capture_tcp(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header) { @@ -5950,7 +6005,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) } else tcph->th_have_seglen = FALSE; - flags_str = tcp_flags_to_str(tcph); + flags_str = tcp_flags_to_str(wmem_packet_scope(), tcph); flags_str_first_letter = tcp_flags_to_str_first_letter(tcph); col_append_lstr(pinfo->cinfo, COL_INFO, @@ -7493,6 +7548,7 @@ proto_register_tcp(void) register_conversation_table(proto_tcp, FALSE, tcpip_conversation_packet, tcpip_hostlist_packet); register_conversation_filter("tcp", "TCP", tcp_filter_valid, tcp_build_filter); + register_seq_analysis("tcp", "TCP Flows", proto_tcp, NULL, 0, tcp_seq_analysis_packet); /* considers MPTCP as a distinct protocol (even if it's a TCP option) */ proto_mptcp = proto_register_protocol("Multipath Transmission Control Protocol", "MPTCP", "mptcp"); |