diff options
| author | Jakub Zawadzki <darkjames-ws@darkjames.pl> | 2017-09-16 16:52:23 +0200 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2017-09-18 21:24:16 +0000 |
| commit | c41bab1f667cfe51b09b80869497a2db68abecce (patch) | |
| tree | f61fbf402e9cfe58b9a694eabf4dd389bed94796 /epan | |
| parent | a593fce94cb7fd0fa3f5eef7fae9c0128cb6f7e3 (diff) | |
Move most of sequence analysis code from ui/ to epan/
Create registration system to allow creation of analysis items
to be localized to the dissector. For now only frame (all) and
TCP are supported.
VOIP functionality will be covered in a separate patch.
Change-Id: I5b05ef6d5afff8d0b162b03a0f451ab810602e81
Reviewed-on: https://code.wireshark.org/review/23571
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | epan/Makefile.am | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-frame.c | 118 | ||||
| -rw-r--r-- | epan/dissectors/packet-tcp.c | 164 | ||||
| -rw-r--r-- | epan/sequence_analysis.c | 275 | ||||
| -rw-r--r-- | epan/sequence_analysis.h | 196 |
6 files changed, 702 insertions, 54 deletions
diff --git a/epan/CMakeLists.txt b/epan/CMakeLists.txt index 02cfcc5fa2..3f6d04266e 100644 --- a/epan/CMakeLists.txt +++ b/epan/CMakeLists.txt @@ -256,6 +256,7 @@ set(LIBWIRESHARK_FILES reedsolomon.c req_resp_hdrs.c rtd_table.c + sequence_analysis.c show_exception.c srt_table.c stat_tap_ui.c diff --git a/epan/Makefile.am b/epan/Makefile.am index b1c4afb693..d782b03f1f 100644 --- a/epan/Makefile.am +++ b/epan/Makefile.am @@ -106,6 +106,7 @@ LIBWIRESHARK_SRC = \ reedsolomon.c \ req_resp_hdrs.c \ rtd_table.c \ + sequence_analysis.c \ show_exception.c \ srt_table.c \ stat_tap_ui.c \ @@ -263,6 +264,7 @@ LIBWIRESHARK_INCLUDES_PUBLIC = \ rtd_table.h \ rtp_pt.h \ sctpppids.h \ + sequence_analysis.h \ show_exception.h \ slow_protocol_subtypes.h \ sminmpec.h \ diff --git a/epan/dissectors/packet-frame.c b/epan/dissectors/packet-frame.c index aa9d1f443a..9b9a0dbaf6 100644 --- a/epan/dissectors/packet-frame.c +++ b/epan/dissectors/packet-frame.c @@ -35,16 +35,20 @@ #include <epan/timestamp.h> #include <epan/prefs.h> #include <epan/to_str.h> +#include <epan/sequence_analysis.h> #include <wiretap/wtap.h> #include <epan/tap.h> #include <epan/expert.h> #include <wsutil/wsgcrypt.h> #include <wsutil/str_util.h> +#include <epan/proto_data.h> #include <wmem/wmem.h> #include "packet-frame.h" +#include "packet-icmp.h" #include "log.h" +#include <epan/column-info.h> #include <epan/color_filters.h> void proto_register_frame(void); @@ -157,6 +161,118 @@ static const value_string packet_word_reception_types[] = { static dissector_table_t wtap_encap_dissector_table; static dissector_table_t wtap_fts_rec_dissector_table; +/****************************************************************************/ +/* whenever a frame packet is seen by the tap listener */ +/* Add a new frame into the graph */ +static gboolean +frame_seq_analysis_packet( void *ptr, packet_info *pinfo, epan_dissect_t *edt _U_, const void *dummy _U_) +{ + seq_analysis_info_t *sainfo = (seq_analysis_info_t *) ptr; + + if ((sainfo->all_packets) || (pinfo->fd->flags.passed_dfilter == 1)) { + gchar *protocol = NULL; + gchar *colinfo = NULL; + seq_analysis_item_t *sai = NULL; + + if (sainfo->any_addr) { + if (pinfo->net_src.type!=AT_NONE && pinfo->net_dst.type!=AT_NONE) { + sai = g_new0(seq_analysis_item_t, 1); + copy_address(&(sai->src_addr),&(pinfo->net_src)); + copy_address(&(sai->dst_addr),&(pinfo->net_dst)); + } + + } else { + if (pinfo->src.type!=AT_NONE && pinfo->dst.type!=AT_NONE) { + sai = g_new0(seq_analysis_item_t, 1); + copy_address(&(sai->src_addr),&(pinfo->src)); + copy_address(&(sai->dst_addr),&(pinfo->dst)); + } + } + + if (!sai) + return FALSE; + + sai->frame_number = pinfo->num; + + if (pinfo->fd->color_filter) { + sai->bg_color = color_t_to_rgb(&pinfo->fd->color_filter->bg_color); + sai->fg_color = color_t_to_rgb(&pinfo->fd->color_filter->fg_color); + sai->has_color_filter = TRUE; + } + + sai->port_src=pinfo->srcport; + sai->port_dst=pinfo->destport; + sai->protocol = g_strdup(port_type_to_str(pinfo->ptype)); + + if (pinfo->cinfo) { + col_item_t *col_item; + int i; + + if (pinfo->cinfo->col_first[COL_INFO] >= 0) { + for (i = pinfo->cinfo->col_first[COL_INFO]; i <= pinfo->cinfo->col_last[COL_INFO]; i++) { + col_item = &pinfo->cinfo->columns[i]; + if (col_item->fmt_matx[COL_INFO]) { + colinfo = g_strdup(col_item->col_data); + /* break; ? or g_free(colinfo); before g_strdup() */ + } + } + } + + if (pinfo->cinfo->col_first[COL_PROTOCOL] >= 0) { + for (i = pinfo->cinfo->col_first[COL_PROTOCOL]; i <= pinfo->cinfo->col_last[COL_PROTOCOL]; i++) { + col_item = &pinfo->cinfo->columns[i]; + if (col_item->fmt_matx[COL_PROTOCOL]) { + protocol = g_strdup(col_item->col_data); + /* break; ? or g_free(protocol); before g_strdup() */ + } + } + } + } + + if (colinfo != NULL) { + sai->frame_label = g_strdup(colinfo); + if (protocol != NULL) { + sai->comment = g_strdup_printf("%s: %s", protocol, colinfo); + } else { + sai->comment = g_strdup(colinfo); + } + } else { + /* This will probably never happen...*/ + if (protocol != NULL) { + sai->frame_label = g_strdup(protocol); + sai->comment = g_strdup(protocol); + } + } + + if (pinfo->ptype == PT_NONE) { + icmp_info_t *p_icmp_info; + + if ((p_icmp_info = (icmp_info_t *) p_get_proto_data(wmem_file_scope(), pinfo, proto_get_id_by_short_name("ICMP"), 0))) { + g_free(sai->protocol); + sai->protocol = g_strdup("ICMP"); + sai->port_src = 0; + sai->port_dst = p_icmp_info->type * 256 + p_icmp_info->code; + } else if ((p_icmp_info = (icmp_info_t *) p_get_proto_data(wmem_file_scope(), pinfo, proto_get_id_by_short_name("ICMPv6"), 0))) { + g_free(sai->protocol); + sai->protocol = g_strdup("ICMPv6"); + sai->port_src = 0; + sai->port_dst = p_icmp_info->type * 256 + p_icmp_info->code; + } + } + + g_free(protocol); + g_free(colinfo); + + sai->line_style = 1; + sai->conv_num = 0; + sai->display = TRUE; + + g_queue_push_tail(sainfo->items, sai); + } + + return TRUE; +} + /* * Routine used to register frame end routine. The routine should only * be registered when the dissector is used in the frame, not in the @@ -952,6 +1068,8 @@ proto_register_frame(void) tantamount to not doing any dissection whatsoever. */ proto_set_cant_toggle(proto_frame); + register_seq_analysis("any", "All Flows", proto_frame, NULL, TL_REQUIRES_COLUMNS, frame_seq_analysis_packet); + /* Our preferences */ frame_module = prefs_register_protocol(proto_frame, NULL); prefs_register_bool_preference(frame_module, "show_file_off", diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c index e7997439f5..899326f6a6 100644 --- a/epan/dissectors/packet-tcp.c +++ b/epan/dissectors/packet-tcp.c @@ -35,6 +35,7 @@ #include <epan/show_exception.h> #include <epan/conversation_table.h> #include <epan/dissector_filters.h> +#include <epan/sequence_analysis.h> #include <epan/reassemble.h> #include <epan/decode_as.h> #include <epan/exported_pdu.h> @@ -618,6 +619,60 @@ static const int *tcp_option_mptcp_dss_flags[] = { const unit_name_string units_64bit_version = { " (64bits version)", NULL }; + +static const char * +tcp_flags_to_str(wmem_allocator_t *scope, const struct tcpheader *tcph) +{ + static const char flags[][4] = { "FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECN", "CWR", "NS" }; + const int maxlength = 64; /* upper bounds, max 53B: 8 * 3 + 2 + strlen("Reserved") + 9 * 2 + 1 */ + + char *pbuf; + const char *buf; + + int i; + + buf = pbuf = (char *) wmem_alloc(scope, maxlength); + *pbuf = '\0'; + + for (i = 0; i < 9; i++) { + if (tcph->th_flags & (1 << i)) { + if (buf[0]) + pbuf = g_stpcpy(pbuf, ", "); + pbuf = g_stpcpy(pbuf, flags[i]); + } + } + + if (tcph->th_flags & TH_RES) { + if (buf[0]) + pbuf = g_stpcpy(pbuf, ", "); + g_stpcpy(pbuf, "Reserved"); + } + + if (buf[0] == '\0') + buf = "<None>"; + + return buf; +} +static const char * +tcp_flags_to_str_first_letter(const struct tcpheader *tcph) +{ + wmem_strbuf_t *buf = wmem_strbuf_new(wmem_packet_scope(), ""); + unsigned i; + const unsigned flags_count = 12; + const char first_letters[] = "RRRNCEUAPRSF"; + + /* upper three bytes are marked as reserved ('R'). */ + for (i = 0; i < flags_count; i++) { + if (((tcph->th_flags >> (flags_count - 1 - i)) & 1)) { + wmem_strbuf_append_c(buf, first_letters[i]); + } else { + wmem_strbuf_append(buf, UTF8_MIDDLE_DOT); + } + } + + return wmem_strbuf_finalize(buf); +} + static void tcp_src_prompt(packet_info *pinfo, gchar *result) { @@ -806,6 +861,59 @@ tcp_build_filter(packet_info *pinfo) return NULL; } +/****************************************************************************/ +/* whenever a TCP packet is seen by the tap listener */ +/* Add a new tcp frame into the graph */ +static gboolean +tcp_seq_analysis_packet( void *ptr, packet_info *pinfo, epan_dissect_t *edt _U_, const void *tcp_info) +{ + seq_analysis_info_t *sainfo = (seq_analysis_info_t *) ptr; + const struct tcpheader *tcph = (const struct tcpheader *)tcp_info; + + if ((sainfo->all_packets)||(pinfo->fd->flags.passed_dfilter==1)){ + const char* flags; + seq_analysis_item_t *sai; + + sai = g_new0(seq_analysis_item_t, 1); + sai->frame_number = pinfo->num; + if (sainfo->any_addr) { + copy_address(&(sai->src_addr),&(pinfo->net_src)); + copy_address(&(sai->dst_addr),&(pinfo->net_dst)); + } else { + copy_address(&(sai->src_addr),&(pinfo->src)); + copy_address(&(sai->dst_addr),&(pinfo->dst)); + } + sai->port_src=pinfo->srcport; + sai->port_dst=pinfo->destport; + sai->protocol=g_strdup(port_type_to_str(pinfo->ptype)); + + flags = tcp_flags_to_str(NULL, tcph); + + if ((tcph->th_have_seglen)&&(tcph->th_seglen!=0)){ + sai->frame_label = g_strdup_printf("%s - Len: %u",flags, tcph->th_seglen); + } + else{ + sai->frame_label = g_strdup(flags); + } + + wmem_free(NULL, (void*)flags); + + if (tcph->th_flags & TH_ACK) + sai->comment = g_strdup_printf("Seq = %u Ack = %u",tcph->th_seq, tcph->th_ack); + else + sai->comment = g_strdup_printf("Seq = %u",tcph->th_seq); + + sai->line_style = 1; + sai->conv_num = (guint16) tcph->th_stream; + sai->display = TRUE; + + g_queue_push_tail(sainfo->items, sai); + } + + return TRUE; +} + + gchar* tcp_follow_conv_filter(packet_info* pinfo, int* stream) { conversation_t *conv; @@ -5603,59 +5711,6 @@ dissect_tcp_payload(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 seq, } } -static const char * -tcp_flags_to_str(const struct tcpheader *tcph) -{ - static const char flags[][4] = { "FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECN", "CWR", "NS" }; - const int maxlength = 64; /* upper bounds, max 53B: 8 * 3 + 2 + strlen("Reserved") + 9 * 2 + 1 */ - - char *pbuf; - const char *buf; - - int i; - - buf = pbuf = (char *) wmem_alloc(wmem_packet_scope(), maxlength); - *pbuf = '\0'; - - for (i = 0; i < 9; i++) { - if (tcph->th_flags & (1 << i)) { - if (buf[0]) - pbuf = g_stpcpy(pbuf, ", "); - pbuf = g_stpcpy(pbuf, flags[i]); - } - } - - if (tcph->th_flags & TH_RES) { - if (buf[0]) - pbuf = g_stpcpy(pbuf, ", "); - g_stpcpy(pbuf, "Reserved"); - } - - if (buf[0] == '\0') - buf = "<None>"; - - return buf; -} -static const char * -tcp_flags_to_str_first_letter(const struct tcpheader *tcph) -{ - wmem_strbuf_t *buf = wmem_strbuf_new(wmem_packet_scope(), ""); - unsigned i; - const unsigned flags_count = 12; - const char first_letters[] = "RRRNCEUAPRSF"; - - /* upper three bytes are marked as reserved ('R'). */ - for (i = 0; i < flags_count; i++) { - if (((tcph->th_flags >> (flags_count - 1 - i)) & 1)) { - wmem_strbuf_append_c(buf, first_letters[i]); - } else { - wmem_strbuf_append(buf, UTF8_MIDDLE_DOT); - } - } - - return wmem_strbuf_finalize(buf); -} - static gboolean capture_tcp(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header) { @@ -5950,7 +6005,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) } else tcph->th_have_seglen = FALSE; - flags_str = tcp_flags_to_str(tcph); + flags_str = tcp_flags_to_str(wmem_packet_scope(), tcph); flags_str_first_letter = tcp_flags_to_str_first_letter(tcph); col_append_lstr(pinfo->cinfo, COL_INFO, @@ -7493,6 +7548,7 @@ proto_register_tcp(void) register_conversation_table(proto_tcp, FALSE, tcpip_conversation_packet, tcpip_hostlist_packet); register_conversation_filter("tcp", "TCP", tcp_filter_valid, tcp_build_filter); + register_seq_analysis("tcp", "TCP Flows", proto_tcp, NULL, 0, tcp_seq_analysis_packet); /* considers MPTCP as a distinct protocol (even if it's a TCP option) */ proto_mptcp = proto_register_protocol("Multipath Transmission Control Protocol", "MPTCP", "mptcp"); diff --git a/epan/sequence_analysis.c b/epan/sequence_analysis.c new file mode 100644 index 0000000000..7d8f03064f --- /dev/null +++ b/epan/sequence_analysis.c @@ -0,0 +1,275 @@ +/* sequence-analysis.c + * Flow sequence analysis + * + * Some code from from gtk/flow_graph.c + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include "sequence_analysis.h" + +#include "addr_resolv.h" +#include "proto.h" +#include "tap.h" +#include "wmem/wmem.h" + +#define NODE_OVERFLOW MAX_NUM_NODES+1 + +struct register_analysis { + const char* name; /* Name (used for lookup) */ + const char* ui_name; /* Name used for UI */ + int proto_id; /* protocol id (0-indexed) */ + const char* tap_listen_str; /* string used in register_tap_listener (NULL to use protocol name) */ + guint tap_flags; + tap_packet_cb analysis_func; /* function to be called for new incoming packets for sequence analysis */ +}; + +static wmem_tree_t *registered_seq_analysis = NULL; + +void +register_seq_analysis(const char* name, const char* ui_name, const int proto_id, const char* tap_listener, guint tap_flags, tap_packet_cb tap_func) +{ + register_analysis_t* analysis; + + DISSECTOR_ASSERT(tap_func); + + analysis = wmem_new0(wmem_epan_scope(), register_analysis_t); + + analysis->name = name; + analysis->ui_name = ui_name; + analysis->proto_id = proto_id; + if (tap_listener != NULL) + analysis->tap_listen_str = tap_listener; + else + analysis->tap_listen_str = proto_get_protocol_filter_name(proto_id); + analysis->tap_flags = tap_flags; + analysis->analysis_func = tap_func; + + if (registered_seq_analysis == NULL) + registered_seq_analysis = wmem_tree_new(wmem_epan_scope()); + + wmem_tree_insert_string(registered_seq_analysis, name, analysis, 0); +} + +const char* sequence_analysis_get_name(register_analysis_t* analysis) +{ + return analysis->name; +} + +const char* sequence_analysis_get_ui_name(register_analysis_t* analysis) +{ + return analysis->ui_name; +} + +const char* sequence_analysis_get_tap_listener_name(register_analysis_t* analysis) +{ + return analysis->tap_listen_str; +} + +tap_packet_cb sequence_analysis_get_packet_func(register_analysis_t* analysis) +{ + return analysis->analysis_func; +} + +guint sequence_analysis_get_tap_flags(register_analysis_t* analysis) +{ + return analysis->tap_flags; +} + + +register_analysis_t* sequence_analysis_find_by_name(const char* name) +{ + return (register_analysis_t*)wmem_tree_lookup_string(registered_seq_analysis, name, 0); +} + +void sequence_analysis_table_iterate_tables(wmem_foreach_func func, gpointer user_data) +{ + wmem_tree_foreach(registered_seq_analysis, func, user_data); +} + +seq_analysis_info_t * +sequence_analysis_info_new(void) +{ + seq_analysis_info_t *sainfo = g_new0(seq_analysis_info_t, 1); + + /* SEQ_ANALYSIS_DEBUG("adding new item"); */ + sainfo->items = g_queue_new(); + sainfo->ht= g_hash_table_new(g_int_hash, g_int_equal); + return sainfo; +} + +void sequence_analysis_info_free(seq_analysis_info_t *sainfo) +{ + if (!sainfo) return; + + /* SEQ_ANALYSIS_DEBUG("%d items", g_queue_get_length(sainfo->items)); */ + sequence_analysis_list_free(sainfo); + + g_queue_free(sainfo->items); + g_hash_table_destroy(sainfo->ht); + + g_free(sainfo); +} + +static void sequence_analysis_item_free(gpointer data) +{ + seq_analysis_item_t *seq_item = (seq_analysis_item_t *)data; + g_free(seq_item->frame_label); + g_free(seq_item->time_str); + g_free(seq_item->comment); + g_free(seq_item->protocol); + free_address(&seq_item->src_addr); + free_address(&seq_item->dst_addr); + g_free(data); +} + + +/* compare two list entries by packet no */ +static gint +sequence_analysis_sort_compare(gconstpointer a, gconstpointer b, gpointer user_data _U_) +{ + const seq_analysis_item_t *entry_a = (const seq_analysis_item_t *)a; + const seq_analysis_item_t *entry_b = (const seq_analysis_item_t *)b; + + if(entry_a->frame_number < entry_b->frame_number) + return -1; + + if(entry_a->frame_number > entry_b->frame_number) + return 1; + + return 0; +} + + +void +sequence_analysis_list_sort(seq_analysis_info_t *sainfo) +{ + if (!sainfo) return; + g_queue_sort(sainfo->items, sequence_analysis_sort_compare, NULL); +} + +void +sequence_analysis_list_free(seq_analysis_info_t *sainfo) +{ + if (!sainfo) return; + /* SEQ_ANALYSIS_DEBUG("%d items", g_queue_get_length(sainfo->items)); */ + + /* free the graph data items */ + +#if GLIB_CHECK_VERSION (2, 32, 0) + g_queue_free_full(sainfo->items, sequence_analysis_item_free); + sainfo->items = g_queue_new(); +#else + { + GList *list = g_queue_peek_nth_link(sainfo->items, 0); + while (list) + { + sequence_analysis_item_free(list->data); + list = g_list_next(list); + } + g_queue_clear(sainfo->items); + } +#endif + + if (NULL != sainfo->ht) { + g_hash_table_remove_all(sainfo->ht); + } + sainfo->nconv = 0; + + sequence_analysis_free_nodes(sainfo); +} + +/* Return the index array if the node is in the array. Return -1 if there is room in the array + * and Return -2 if the array is full + */ +/****************************************************************************/ +static guint add_or_get_node(seq_analysis_info_t *sainfo, address *node) { + guint i; + + if (node->type == AT_NONE) return NODE_OVERFLOW; + + for (i=0; i<MAX_NUM_NODES && i < sainfo->num_nodes ; i++) { + if ( cmp_address(&(sainfo->nodes[i]), node) == 0 ) return i; /* it is in the array */ + } + + if (i >= MAX_NUM_NODES) { + return NODE_OVERFLOW; + } else { + sainfo->num_nodes++; + copy_address(&(sainfo->nodes[i]), node); + return i; + } +} + +struct sainfo_counter { + seq_analysis_info_t *sainfo; + int num_items; +}; + +static void sequence_analysis_get_nodes_item_proc(gpointer data, gpointer user_data) +{ + seq_analysis_item_t *gai = (seq_analysis_item_t *)data; + struct sainfo_counter *sc = (struct sainfo_counter *)user_data; + if (gai->display) { + (sc->num_items)++; + gai->src_node = add_or_get_node(sc->sainfo, &(gai->src_addr)); + gai->dst_node = add_or_get_node(sc->sainfo, &(gai->dst_addr)); + } +} + +/* Get the nodes from the list */ +/****************************************************************************/ +int +sequence_analysis_get_nodes(seq_analysis_info_t *sainfo) +{ + struct sainfo_counter sc = {sainfo, 0}; + + /* Fill the node array */ + g_queue_foreach(sainfo->items, sequence_analysis_get_nodes_item_proc, &sc); + + return sc.num_items; +} + +/* Free the node address list */ +/****************************************************************************/ +void +sequence_analysis_free_nodes(seq_analysis_info_t *sainfo) +{ + int i; + + for (i=0; i<MAX_NUM_NODES; i++) { + free_address(&sainfo->nodes[i]); + } + sainfo->num_nodes = 0; +} + +/* + * Editor modelines + * + * Local Variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * ex: set shiftwidth=4 tabstop=8 expandtab: + * :indentSize=4:tabSize=8:noTabs=true: + */ diff --git a/epan/sequence_analysis.h b/epan/sequence_analysis.h new file mode 100644 index 0000000000..bcebdef3a5 --- /dev/null +++ b/epan/sequence_analysis.h @@ -0,0 +1,196 @@ +/* sequence-analysis.h + * Flow sequence analysis + * + * Copied from gtk/graph_analysis.h + * + * Copyright 2004, Verso Technologies Inc. + * By Alejandro Vaquero <alejandrovaquero@yahoo.com> + * + * based on rtp_analysis.c and io_stat + * + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef __EPAN_SEQUENCE_ANALYSIS_H__ +#define __EPAN_SEQUENCE_ANALYSIS_H__ + +#include "ws_symbol_export.h" + +#include <glib.h> + +#include "packet_info.h" +#include "tap.h" +#include "address.h" + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +#define MAX_NUM_NODES 40 + +/** defines an entry for the graph analysis */ +typedef struct _seq_analysis_item { + guint32 frame_number; + address src_addr; + guint16 port_src; + address dst_addr; + guint16 port_dst; + gchar *frame_label; /**< the label on top of the arrow */ + gchar *time_str; /**< timestamp */ + gchar *comment; /**< a comment that appears at the right of the graph */ + guint16 conv_num; /**< The conversation number. Used for coloring VoIP calls. */ + unsigned fg_color; /**< Foreground color, 0xRRGGBB. Qt only. */ + unsigned bg_color; /**< Background color, 0xRRGGBB. Qt only. */ + gboolean has_color_filter; /**< Set if packet has color filter. Qt only. */ + gboolean display; /**< indicate if the packet is displayed or not in the graph */ + guint src_node; /**< this is used by graph_analysis.c to identify the node */ + guint dst_node; /**< a node is an IP address that will be displayed in columns */ + guint16 line_style; /**< the arrow line width in pixels*/ + gchar *protocol; /**< the label of the protocol defined in the IP packet */ +} seq_analysis_item_t; + +/** defines the graph analysis structure */ +typedef struct _seq_analysis_info { + const char* name; /**< Name of sequence analysis */ + gboolean all_packets; /**< all packets vs only displayed */ + gboolean any_addr; /**< any addr (DL+net) vs net-only */ + int nconv; /**< number of conversations in the list */ + GQueue* items; /**< list of seq_analysis_info_t */ + GHashTable *ht; /**< hash table of seq_analysis_info_t */ + address nodes[MAX_NUM_NODES]; /**< horizontal node list */ + guint32 num_nodes; /**< actual number of nodes */ +} seq_analysis_info_t; + +/** Structure for information about a registered sequence analysis function */ +typedef struct register_analysis register_analysis_t; + +#if 0 +#define SEQ_ANALYSIS_DEBUG(...) { \ + char *SEQ_ANALYSIS_DEBUG_MSG = g_strdup_printf(__VA_ARGS__); \ + g_warning("sequence analysis: %s:%d %s", G_STRFUNC, __LINE__, SEQ_ANALYSIS_DEBUG_MSG); \ + g_free(SEQ_ANALYSIS_DEBUG_MSG); \ +} +#else +#define SEQ_ANALYSIS_DEBUG() +#endif + +WS_DLL_PUBLIC void register_seq_analysis(const char* name, const char* ui_name, const int proto_id, const char* tap_listener, guint tap_flags, tap_packet_cb tap_func); + +/** Helper function to get sequence analysis name + * + * @param analysis Registered sequence analysis + * @return sequence analysis name string + */ +WS_DLL_PUBLIC const char* sequence_analysis_get_name(register_analysis_t* analysis); + +/** Helper function to get tap listener name + * + * @param analysis Registered sequence analysis + * @return sequence analysis tap listener string + */ +WS_DLL_PUBLIC const char* sequence_analysis_get_tap_listener_name(register_analysis_t* analysis); + +/** Helper function to get UI name + * + * @param analysis Registered sequence analysis + * @return sequence analysis UI string + */ +WS_DLL_PUBLIC const char* sequence_analysis_get_ui_name(register_analysis_t* analysis); + +/** Get tap function handler from sequence analysis + * + * @param analysis Registered sequence analysis + * @return tap function handler of sequence analysis + */ +WS_DLL_PUBLIC tap_packet_cb sequence_analysis_get_packet_func(register_analysis_t* analysis); + +/** Helper function to get tap flags + * + * @param analysis Registered sequence analysis + * @return sequence analysis tap flags + */ +WS_DLL_PUBLIC guint sequence_analysis_get_tap_flags(register_analysis_t* analysis); + +/** Find a registered sequence analysis "protocol" by name + * + * @param name Registered sequence analysis to find + * @return registered sequence analysis, NULL if not found + */ +WS_DLL_PUBLIC register_analysis_t* sequence_analysis_find_by_name(const char* name); + +/** Interator to walk sequence_analysis tables and execute func + * + * @param func action to be performed on all sequence_analysis tables + * @param user_data any data needed to help perform function + */ +WS_DLL_PUBLIC void sequence_analysis_table_iterate_tables(wmem_foreach_func func, gpointer user_data); + +/** Create and initialize a seq_analysis_info_t struct + * @return A pointer to a newly allocated seq_analysis_info_t struct. + */ +WS_DLL_PUBLIC seq_analysis_info_t *sequence_analysis_info_new(void); + +/** Free a seq_analysis_info_t struct. + * @param sainfo A pointer to the seq_analysis_info_t struct to be freed. + */ +WS_DLL_PUBLIC void sequence_analysis_info_free(seq_analysis_info_t * sainfo); + +/** Sort a seq_analysis_info_t struct. + * @param sainfo A pointer to the seq_analysis_info_t struct to be sorted + */ +WS_DLL_PUBLIC void sequence_analysis_list_sort(seq_analysis_info_t *sainfo); + +/** Free the segment list + * + * @param sainfo Sequence analysis information. + */ +WS_DLL_PUBLIC void sequence_analysis_list_free(seq_analysis_info_t *sainfo); + +/** Fill in the node address list + * + * @param sainfo Sequence analysis information. + * @return The number of transaction items (not nodes) processed. + */ +WS_DLL_PUBLIC int sequence_analysis_get_nodes(seq_analysis_info_t *sainfo); + +/** Free the node address list + * + * @param sainfo Sequence analysis information. + */ +WS_DLL_PUBLIC void sequence_analysis_free_nodes(seq_analysis_info_t *sainfo); + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __EPAN_SEQUENCE_ANALYSIS_H__ */ + +/* + * Editor modelines + * + * Local Variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * ex: set shiftwidth=4 tabstop=8 expandtab: + * :indentSize=4:tabSize=8:noTabs=true: + */ |