aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/epan
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/epan')
-rw-r--r--plugins/epan/mate/examples/call.mate34
-rw-r--r--plugins/epan/mate/examples/mms.mate97
-rw-r--r--plugins/epan/mate/examples/pasv_ftp.mate39
-rw-r--r--plugins/epan/mate/examples/tcp.mate17
-rw-r--r--plugins/epan/mate/examples/web.mate79
5 files changed, 148 insertions, 118 deletions
diff --git a/plugins/epan/mate/examples/call.mate b/plugins/epan/mate/examples/call.mate
deleted file mode 100644
index 0dbbb45ef8..0000000000
--- a/plugins/epan/mate/examples/call.mate
+++ /dev/null
@@ -1,34 +0,0 @@
-# call.mate
-
-Action=Settings; DiscardPduData=TRUE; ShowGopTimes=FALSE; ShowPduTree=FALSE;
-
-Action=PduDef; Name=q931_pdu; Proto=q931; Stop=TRUE; Transport=tcp/ip; addr=ip.addr; call_ref=q931.call_ref; q931_msg=q931.message_type;
-Action=PduDef; Name=ras_pdu; Proto=h225.RasMessage; Transport=udp/ip; addr=ip.addr; ras_sn=h225.requestSeqNum; ras_msg=h225.RasMessage;
-Action=PduDef; Name=isup_pdu; Proto=isup; Transport=mtp3; m3pc=mtp3.dpc; m3pc=mtp3.opc; cic=isup.cic; isup_msg=isup.message_type;
-
-Action=PduExtra; For=q931_pdu; guid=h225.guid; calling=q931.calling_party_number.digits; q931_cause=q931.cause_value;
-Action=PduExtra; For=isup_pdu; calling=isup.calling; isup_cause=isup.cause_indicator;
-Action=PduExtra; For=ras_pdu; guid=h225.guid;
-
-Action=GopDef; Name=q931_leg; On=q931_pdu; addr; addr; call_ref;
-Action=GopStart; For=q931_leg; q931_msg=5;
-Action=GopStop; For=q931_leg; q931_msg=90;
-Action=GopExtra; For=q931_leg; calling; q931_cause; guid;
-
-Action=GopDef; Name=isup_leg; On=isup_pdu; ShowPduTree=TRUE; ShowGopTimes=TRUE; m3pc; m3pc; cic;
-Action=GopStart; For=isup_leg; isup_msg=1;
-Action=GopStop; For=isup_leg; isup_msg=16;
-Action=GopExtra; For=isup_leg; calling; isup_cause;
-
-Action=GopDef; Name=ras_leg; On=ras_pdu; addr; addr; ras_sn;
-Action=GopStart; For=ras_leg; ras_msg|0|3|6|9|12|15|18|21|26|30;
-Action=GopStop; For=ras_leg; ras_msg|1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31;
-Action=GopExtra; For=ras_leg; guid;
-
-Action=GogDef; Name=call; GogExpiration=0.75;
-Action=GogKey; For=call; On=isup_leg; calling;
-Action=GogKey; For=call; On=q931_leg; calling;
-Action=GogKey; For=call; On=q931_leg; guid;
-Action=GogKey; For=call; On=ras_leg; guid;
-Action=GogExtra; For=call; isup_cause;
-Action=GogExtra; For=call; q931_cause;
diff --git a/plugins/epan/mate/examples/mms.mate b/plugins/epan/mate/examples/mms.mate
index 7554b11932..43da382777 100644
--- a/plugins/epan/mate/examples/mms.mate
+++ b/plugins/epan/mate/examples/mms.mate
@@ -1,40 +1,57 @@
-# mms.mate
-
-# MMSE over HTTP
-Action=PduDef; Name=mmse_over_http_pdu; Proto=http; Transport=tcp/ip; Payload=mmse; addr=ip.addr; port=tcp.port; http_rq=http.request; content=http.content_type;
-Action=PduExtra; For=mmse_over_http_pdu; resp=http.response.code; method=http.request.method; host=http.host; content=http.content_type;
-Action=PduExtra; For=mmse_over_http_pdu; method=http.request.method; host=http.host;
-Action=PduExtra; For=mmse_over_http_pdu; trx=mmse.transaction_id; msg_type=mmse.message_type; notify_status=mmse.status; send_status=mmse.response_status;
-
-Action=Transform; Name=rm_client_from_http_resp1; Mode=Insert; Match=Strict; http_rq;
-Action=Transform; Name=rm_client_from_http_resp1; Mode=Insert; Match=Every; addr; .not_rq;
-
-Action=Transform; Name=rm_client_from_http_resp2; Mode=Replace; Match=Strict; not_rq; ue;
-
-Action=PduTransform; For=mmse_over_http_pdu; Name=rm_client_from_http_resp1;
-Action=PduTransform; For=mmse_over_http_pdu; Name=rm_client_from_http_resp2;
-
-Action=GopDef; Name=mmse_over_http; On=mmse_over_http_pdu; addr; addr; port; port;
-Action=GopStart; For=mmse_over_http; http_rq;
-Action=GopStop; For=mmse_over_http; http_rs;
-
-Action=GopExtra; For=mmse_over_http; host; ue; resp; notify_status; send_status; trx;
-
-# MMSE over WSP
-Action=PduDef; Name=mmse_over_wsp_pdu; Proto=wsp; Payload=mmse; Transport=ip; trx=mmse.transaction_id; msg_type=mmse.message_type; notify_status=mmse.status; send_status=mmse.response_status;
-
-Action=Transform; Name=mms_start; Match=Loose; .mms_start;
-
-Action=PduTransform; Name=mms_start; For=mmse_over_wsp_pdu;
-
-Action=GopDef; Name=mmse_over_wsp; On=mmse_over_wsp_pdu; trx;
-Action=GopStart; For=mmse_over_wsp; mms_start;
-Action=GopStop; For=mmse_over_wsp; never;
-
-Action=GopExtra; For=mmse_over_wsp; ue; notify_status; send_status;
-
-# the MMS GoG
-Action=GogDef; Name=mms; GogExpiration=60.0;
-Action=GogKey; For=mms; On=mmse_over_http; trx;
-Action=GogKey; For=mms; On=mmse_over_wsp; trx;
-Action=GogExtra; For=mms; ue; notify_status; send_status; resp; host; trx;
+Transform rm_client_from_http_resp1 {
+ Match (http_rq);
+ Match Every (addr) Insert (not_rq);
+};
+
+Transform rm_client_from_http_resp2 {
+ Match (not_rq,ue) Replace ();
+};
+
+Pdu mmse_over_http_pdu Proto http Transport tcp/ip {
+ Payload mmse;
+ Extract addr From ip.addr;
+ Extract port From tcp.port;
+ Extract http_rq From http.request;
+ Extract content From http.content_type;
+ Extract resp From http.response.code;
+ Extract method From http.request.method;
+ Extract host From http.host;
+ Extract content From http.content_type;
+ Extract trx From mmse.transaction_id;
+ Extract msg_type From mmse.message_type;
+ Extract notify_status From mmse.status;
+ Extract send_status From mmse.response_status;
+ Transform rm_client_from_http_resp1, rm_client_from_http_resp2;
+};
+
+Gop mmse_over_http On mmse_over_http_pdu Match (addr, addr, port, port) {
+ Start (http_rq);
+ Stop (http_rs);
+ Extra (host, ue, resp, notify_status, send_status, trx);
+};
+
+Transform mms_start {
+ Match Loose() Insert (mms_start);
+};
+
+Pdu mmse_over_wsp_pdu Proto wsp Transport ip {
+ Payload mmse;
+ Extract trx From mmse.transaction_id;
+ Extract msg_type From mmse.message_type;
+ Extract notify_status From mmse.status;
+ Extract send_status From mmse.response_status;
+ Transform mms_start;
+};
+
+Gop mmse_over_wsp On mmse_over_wsp_pdu Match (trx) {
+ Start (mms_start);
+ Stop (never);
+ Extra (ue, notify_status, send_status);
+};
+
+Gog mms {
+ Member mmse_over_http (trx);
+ Member mmse_over_wsp (trx);
+ Extra (ue, notify_status, send_status, resp, host, trx);
+ Expiration 60.0;
+};
diff --git a/plugins/epan/mate/examples/pasv_ftp.mate b/plugins/epan/mate/examples/pasv_ftp.mate
index 24ef7ab470..9a8852803b 100644
--- a/plugins/epan/mate/examples/pasv_ftp.mate
+++ b/plugins/epan/mate/examples/pasv_ftp.mate
@@ -1,18 +1,33 @@
-# pasv_ftp.mate
+Pdu ftp_pdu Proto ftp Transport tcp/ip {
+ Extract ftp_addr From ip.addr;
+ Extract ftp_port From tcp.port;
+ Extract ftp_resp From ftp.response.code;
+ Extract ftp_req From ftp.request.command;
+ Extract server_addr From ftp.passive.ip;
+ Extract server_port From ftp.passive.port;
-Action=PduDef; Name=ftp_pdu; Proto=ftp; Transport=tcp/ip; Stop=TRUE; ftp_addr=ip.addr; ftp_port=tcp.port; ftp_resp=ftp.response.code; ftp_req=ftp.request.command; server_addr=ftp.passive.ip; server_port=ftp.passive.port;
+ LastPdu true;
+};
-Action=PduDef; Name=ftp_data_pdu; Proto=ftp-data; Transport=tcp/ip; server_addr=ip.src; server_port=tcp.srcport;
+Pdu ftp_data_pdu Proto ftp-data Transport tcp/ip{
+ Extract server_addr From ip.src;
+ Extract server_port From tcp.srcport;
-Action=GopDef; Name=ftp_data; On=ftp_data_pdu; server_addr; server_port;
-Action=GopStart; For=ftp_data; server_addr;
+};
-Action=GopDef; Name=ftp_ctl; On=ftp_pdu; ftp_addr; ftp_addr; ftp_port; ftp_port;
-Action=GopStart; For=ftp_ctl; ftp_resp=220;
-Action=GopStop; For=ftp_ctl; ftp_resp=221;
-Action=GopExtra; For=ftp_ctl; server_addr; server_port;
+Gop ftp_data On ftp_data_pdu Match (server_addr, server_port) {
+ Start (server_addr);
+};
-Action=GogDef; Name=ftp_ses;
-Action=GogKey; For=ftp_ses; On=ftp_ctl; ftp_addr; ftp_addr; ftp_port; ftp_port;
-Action=GogKey; For=ftp_ses; On=ftp_data; server_addr; server_port;
+Gop ftp_ctl On ftp_pdu Match (ftp_addr, ftp_addr, ftp_port, ftp_port) {
+ Start (ftp_resp=220);
+ Stop (ftp_resp=221);
+ Extra (server_addr, server_port);
+};
+Gog ftp_ses {
+ Member ftp_ctl (ftp_addr, ftp_addr, ftp_port, ftp_port);
+ Member ftp_data (server_addr, server_port);
+};
+
+Done;
diff --git a/plugins/epan/mate/examples/tcp.mate b/plugins/epan/mate/examples/tcp.mate
index 2abe3e8882..773ad85f37 100644
--- a/plugins/epan/mate/examples/tcp.mate
+++ b/plugins/epan/mate/examples/tcp.mate
@@ -1,7 +1,14 @@
-# tcp.mate
+Pdu tcp_pdu Proto tcp Transport ip {
+ Extract addr From ip.addr;
+ Extract port From tcp.port;
+ Extract tcp_start From tcp.flags.syn;
+ Extract tcp_stop From tcp.flags.reset;
+ Extract tcp_stop From tcp.flags.fin;
+};
- Action=PduDef; Name=tcp_pdu; Proto=tcp; Transport=ip; addr=ip.addr; port=tcp.port; tcp_start=tcp.flags.syn; tcp_stop=tcp.flags.fin; tcp_stop=tcp.flags.reset;
- Action=GopDef; Name=tcp_session; On=tcp_pdu; addr; addr; port; port;
- Action=GopStart; For=tcp_session; tcp_start=1;
- Action=GopStop; For=tcp_session; tcp_stop=1;
+Gop tcp_ses On tcp_pdu Match (addr, addr, port, port) {
+ Start (tcp_start=1);
+ Stop (tcp_stop=1);
+};
+Done;
diff --git a/plugins/epan/mate/examples/web.mate b/plugins/epan/mate/examples/web.mate
index fd00c651de..7b3d2246b5 100644
--- a/plugins/epan/mate/examples/web.mate
+++ b/plugins/epan/mate/examples/web.mate
@@ -1,27 +1,52 @@
-# web.mate
-
-Action=PduDef; Name=dns_pdu; Proto=dns; Transport=ip; addr=ip.addr; dns_resp=dns.flags.response; host=dns.qry.name; client_addr=ip.src; dns_id=dns.id;
-Action=PduDef; Name=http_pdu; Proto=http; Transport=tcp/ip; addr=ip.addr; port=tcp.port; http_rq=http.request.method; http_rs=http.response; host=http.host; client_addr=ip.src;
-
-Action=GopDef; Name=dns_req; On=dns_pdu; addr; addr; dns_id;
-Action=GopStart; For=dns_req; dns_resp=0;
-Action=GopStop; For=dns_req; dns_resp=1;
-
-Action=GopDef; Name=http_req; On=http_pdu; addr; addr; port; port;
-Action=GopStart; For=http_req; http_rq;
-Action=GopStop; For=http_req; http_rs;
-
-Action=Transform; Name=rm_client_from_dns_resp; Mode=Replace; Match=Every; dns_resp=1; client_addr; .dns_resp=1;
-Action=PduTransform; For=dns_pdu; Name=rm_client_from_dns_resp;
-
-Action=Transform; Name=rm_client_from_http_resp; Mode=Replace; Match=Every; http_rs; client_addr; .http_rs=;
-Action=PduTransform; For=http_pdu; Name=rm_client_from_http_resp;
-
-Action=GopExtra; For=http_req; host; client_addr;
-Action=GopExtra; For=dns_req; host; client_addr;
-
-Action=GogDef; Name=http_use; GogExpiration=0.75;
-Action=GogKey; For=http_use; On=http_req; host; client_addr;
-Action=GogKey; For=http_use; On=dns_req; host;client_addr;
-
-Action=GogExtra; For=http_use; host; client_addr;
+Transform rm_client_from_dns_resp {
+ Match (dns_resp=1, client) Replace (dns_resp=1);
+};
+
+Pdu dns_pdu Proto dns Transport ip {
+ Extract addr From ip.addr;
+ Extract dns_id From dns.id;
+ Extract dns_resp From dns.flags.response;
+ Extract host From dns.qry.name;
+ Extract client From ip.src;
+ Transform rm_client_from_dns_resp;
+};
+
+Gop dns_req On dns_pdu Match (addr,addr,dns_id) {
+ Start (dns_resp=0);
+ Stop (dns_resp=1);
+ Extra (host, client);
+};
+
+Transform rm_client_from_http_resp1 {
+ Match (http_rq);
+ Match Every (addr) Insert (not_rq);
+};
+
+Transform rm_client_from_http_resp2 {
+ Match (not_rq, client) Replace ();
+};
+
+Pdu http_pdu Proto http Transport tcp/ip {
+ Extract addr From ip.addr;
+ Extract port From tcp.port;
+ Extract http_rq From http.request.method;
+ Extract http_rs From http.response;
+ Extract host From http.host;
+ Extract client From ip.src;
+ Transform rm_client_from_http_resp1, rm_client_from_http_resp2;
+ DiscardPduData true;
+};
+
+Gop http_req On http_pdu Match (addr, addr, port, port) {
+ Start (http_rq);
+ Stop (http_rs);
+ Extra (host, client);
+};
+
+Gog http_use {
+ Member http_req (host, client);
+ Member dns_req (host, client);
+ Expiration 0.75;
+};
+
+Done;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-25 20:26:38 +0000