diff options
| author | John Thacker <johnthacker@gmail.com> | 2024-01-30 09:41:12 -0500 |
|---|---|---|
| committer | John Thacker <johnthacker@gmail.com> | 2024-01-30 16:05:15 +0000 |
| commit | 28e9035eec0d77b40475a7ee92b465112c4474b8 (patch) | |
| tree | b72b7be77841e5dad5ff87183a9602183732d392 | |
| parent | 81d094d47fca5f0121554a74043df692298e3d29 (diff) | |
MATE: Update examples
Fix the distributed examples to use the "new" style configuration,
as shown in the WSUG and Wiki. Fix the FTP example in the WSUG,
as it's missing the Match keyword
Related to #12118.
Fix #16940
| -rw-r--r-- | docbook/wsug_src/wsug_mate.adoc | 6 | ||||
| -rw-r--r-- | plugins/epan/mate/examples/call.mate | 34 | ||||
| -rw-r--r-- | plugins/epan/mate/examples/mms.mate | 97 | ||||
| -rw-r--r-- | plugins/epan/mate/examples/pasv_ftp.mate | 39 | ||||
| -rw-r--r-- | plugins/epan/mate/examples/tcp.mate | 17 | ||||
| -rw-r--r-- | plugins/epan/mate/examples/web.mate | 79 |
6 files changed, 151 insertions, 121 deletions
diff --git a/docbook/wsug_src/wsug_mate.adoc b/docbook/wsug_src/wsug_mate.adoc index 6de78c70dc..151c560d6e 100644 --- a/docbook/wsug_src/wsug_mate.adoc +++ b/docbook/wsug_src/wsug_mate.adoc @@ -1205,7 +1205,7 @@ Pdu ftp_pdu Proto ftp Transport tcp/ip { Extract server_addr From ftp.passive.ip; Extract server_port From ftp.passive.port; - LastPdu; + LastPdu true; }; Pdu ftp_data_pdu Proto ftp-data Transport tcp/ip{ @@ -1214,11 +1214,11 @@ Pdu ftp_data_pdu Proto ftp-data Transport tcp/ip{ }; -Gop ftp_data On ftp_data_pdu (server_addr, server_port) { +Gop ftp_data On ftp_data_pdu Match (server_addr, server_port) { Start (server_addr); }; -Gop ftp_ctl On ftp_pdu (ftp_addr, ftp_addr, ftp_port, ftp_port) { +Gop ftp_ctl On ftp_pdu Match (ftp_addr, ftp_addr, ftp_port, ftp_port) { Start (ftp_resp=220); Stop (ftp_resp=221); Extra (server_addr, server_port); diff --git a/plugins/epan/mate/examples/call.mate b/plugins/epan/mate/examples/call.mate deleted file mode 100644 index 0dbbb45ef8..0000000000 --- a/plugins/epan/mate/examples/call.mate +++ /dev/null @@ -1,34 +0,0 @@ -# call.mate - -Action=Settings; DiscardPduData=TRUE; ShowGopTimes=FALSE; ShowPduTree=FALSE; - -Action=PduDef; Name=q931_pdu; Proto=q931; Stop=TRUE; Transport=tcp/ip; addr=ip.addr; call_ref=q931.call_ref; q931_msg=q931.message_type; -Action=PduDef; Name=ras_pdu; Proto=h225.RasMessage; Transport=udp/ip; addr=ip.addr; ras_sn=h225.requestSeqNum; ras_msg=h225.RasMessage; -Action=PduDef; Name=isup_pdu; Proto=isup; Transport=mtp3; m3pc=mtp3.dpc; m3pc=mtp3.opc; cic=isup.cic; isup_msg=isup.message_type; - -Action=PduExtra; For=q931_pdu; guid=h225.guid; calling=q931.calling_party_number.digits; q931_cause=q931.cause_value; -Action=PduExtra; For=isup_pdu; calling=isup.calling; isup_cause=isup.cause_indicator; -Action=PduExtra; For=ras_pdu; guid=h225.guid; - -Action=GopDef; Name=q931_leg; On=q931_pdu; addr; addr; call_ref; -Action=GopStart; For=q931_leg; q931_msg=5; -Action=GopStop; For=q931_leg; q931_msg=90; -Action=GopExtra; For=q931_leg; calling; q931_cause; guid; - -Action=GopDef; Name=isup_leg; On=isup_pdu; ShowPduTree=TRUE; ShowGopTimes=TRUE; m3pc; m3pc; cic; -Action=GopStart; For=isup_leg; isup_msg=1; -Action=GopStop; For=isup_leg; isup_msg=16; -Action=GopExtra; For=isup_leg; calling; isup_cause; - -Action=GopDef; Name=ras_leg; On=ras_pdu; addr; addr; ras_sn; -Action=GopStart; For=ras_leg; ras_msg|0|3|6|9|12|15|18|21|26|30; -Action=GopStop; For=ras_leg; ras_msg|1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31; -Action=GopExtra; For=ras_leg; guid; - -Action=GogDef; Name=call; GogExpiration=0.75; -Action=GogKey; For=call; On=isup_leg; calling; -Action=GogKey; For=call; On=q931_leg; calling; -Action=GogKey; For=call; On=q931_leg; guid; -Action=GogKey; For=call; On=ras_leg; guid; -Action=GogExtra; For=call; isup_cause; -Action=GogExtra; For=call; q931_cause; diff --git a/plugins/epan/mate/examples/mms.mate b/plugins/epan/mate/examples/mms.mate index 7554b11932..43da382777 100644 --- a/plugins/epan/mate/examples/mms.mate +++ b/plugins/epan/mate/examples/mms.mate @@ -1,40 +1,57 @@ -# mms.mate - -# MMSE over HTTP -Action=PduDef; Name=mmse_over_http_pdu; Proto=http; Transport=tcp/ip; Payload=mmse; addr=ip.addr; port=tcp.port; http_rq=http.request; content=http.content_type; -Action=PduExtra; For=mmse_over_http_pdu; resp=http.response.code; method=http.request.method; host=http.host; content=http.content_type; -Action=PduExtra; For=mmse_over_http_pdu; method=http.request.method; host=http.host; -Action=PduExtra; For=mmse_over_http_pdu; trx=mmse.transaction_id; msg_type=mmse.message_type; notify_status=mmse.status; send_status=mmse.response_status; - -Action=Transform; Name=rm_client_from_http_resp1; Mode=Insert; Match=Strict; http_rq; -Action=Transform; Name=rm_client_from_http_resp1; Mode=Insert; Match=Every; addr; .not_rq; - -Action=Transform; Name=rm_client_from_http_resp2; Mode=Replace; Match=Strict; not_rq; ue; - -Action=PduTransform; For=mmse_over_http_pdu; Name=rm_client_from_http_resp1; -Action=PduTransform; For=mmse_over_http_pdu; Name=rm_client_from_http_resp2; - -Action=GopDef; Name=mmse_over_http; On=mmse_over_http_pdu; addr; addr; port; port; -Action=GopStart; For=mmse_over_http; http_rq; -Action=GopStop; For=mmse_over_http; http_rs; - -Action=GopExtra; For=mmse_over_http; host; ue; resp; notify_status; send_status; trx; - -# MMSE over WSP -Action=PduDef; Name=mmse_over_wsp_pdu; Proto=wsp; Payload=mmse; Transport=ip; trx=mmse.transaction_id; msg_type=mmse.message_type; notify_status=mmse.status; send_status=mmse.response_status; - -Action=Transform; Name=mms_start; Match=Loose; .mms_start; - -Action=PduTransform; Name=mms_start; For=mmse_over_wsp_pdu; - -Action=GopDef; Name=mmse_over_wsp; On=mmse_over_wsp_pdu; trx; -Action=GopStart; For=mmse_over_wsp; mms_start; -Action=GopStop; For=mmse_over_wsp; never; - -Action=GopExtra; For=mmse_over_wsp; ue; notify_status; send_status; - -# the MMS GoG -Action=GogDef; Name=mms; GogExpiration=60.0; -Action=GogKey; For=mms; On=mmse_over_http; trx; -Action=GogKey; For=mms; On=mmse_over_wsp; trx; -Action=GogExtra; For=mms; ue; notify_status; send_status; resp; host; trx; +Transform rm_client_from_http_resp1 { + Match (http_rq); + Match Every (addr) Insert (not_rq); +}; + +Transform rm_client_from_http_resp2 { + Match (not_rq,ue) Replace (); +}; + +Pdu mmse_over_http_pdu Proto http Transport tcp/ip { + Payload mmse; + Extract addr From ip.addr; + Extract port From tcp.port; + Extract http_rq From http.request; + Extract content From http.content_type; + Extract resp From http.response.code; + Extract method From http.request.method; + Extract host From http.host; + Extract content From http.content_type; + Extract trx From mmse.transaction_id; + Extract msg_type From mmse.message_type; + Extract notify_status From mmse.status; + Extract send_status From mmse.response_status; + Transform rm_client_from_http_resp1, rm_client_from_http_resp2; +}; + +Gop mmse_over_http On mmse_over_http_pdu Match (addr, addr, port, port) { + Start (http_rq); + Stop (http_rs); + Extra (host, ue, resp, notify_status, send_status, trx); +}; + +Transform mms_start { + Match Loose() Insert (mms_start); +}; + +Pdu mmse_over_wsp_pdu Proto wsp Transport ip { + Payload mmse; + Extract trx From mmse.transaction_id; + Extract msg_type From mmse.message_type; + Extract notify_status From mmse.status; + Extract send_status From mmse.response_status; + Transform mms_start; +}; + +Gop mmse_over_wsp On mmse_over_wsp_pdu Match (trx) { + Start (mms_start); + Stop (never); + Extra (ue, notify_status, send_status); +}; + +Gog mms { + Member mmse_over_http (trx); + Member mmse_over_wsp (trx); + Extra (ue, notify_status, send_status, resp, host, trx); + Expiration 60.0; +}; diff --git a/plugins/epan/mate/examples/pasv_ftp.mate b/plugins/epan/mate/examples/pasv_ftp.mate index 24ef7ab470..9a8852803b 100644 --- a/plugins/epan/mate/examples/pasv_ftp.mate +++ b/plugins/epan/mate/examples/pasv_ftp.mate @@ -1,18 +1,33 @@ -# pasv_ftp.mate +Pdu ftp_pdu Proto ftp Transport tcp/ip { + Extract ftp_addr From ip.addr; + Extract ftp_port From tcp.port; + Extract ftp_resp From ftp.response.code; + Extract ftp_req From ftp.request.command; + Extract server_addr From ftp.passive.ip; + Extract server_port From ftp.passive.port; -Action=PduDef; Name=ftp_pdu; Proto=ftp; Transport=tcp/ip; Stop=TRUE; ftp_addr=ip.addr; ftp_port=tcp.port; ftp_resp=ftp.response.code; ftp_req=ftp.request.command; server_addr=ftp.passive.ip; server_port=ftp.passive.port; + LastPdu true; +}; -Action=PduDef; Name=ftp_data_pdu; Proto=ftp-data; Transport=tcp/ip; server_addr=ip.src; server_port=tcp.srcport; +Pdu ftp_data_pdu Proto ftp-data Transport tcp/ip{ + Extract server_addr From ip.src; + Extract server_port From tcp.srcport; -Action=GopDef; Name=ftp_data; On=ftp_data_pdu; server_addr; server_port; -Action=GopStart; For=ftp_data; server_addr; +}; -Action=GopDef; Name=ftp_ctl; On=ftp_pdu; ftp_addr; ftp_addr; ftp_port; ftp_port; -Action=GopStart; For=ftp_ctl; ftp_resp=220; -Action=GopStop; For=ftp_ctl; ftp_resp=221; -Action=GopExtra; For=ftp_ctl; server_addr; server_port; +Gop ftp_data On ftp_data_pdu Match (server_addr, server_port) { + Start (server_addr); +}; -Action=GogDef; Name=ftp_ses; -Action=GogKey; For=ftp_ses; On=ftp_ctl; ftp_addr; ftp_addr; ftp_port; ftp_port; -Action=GogKey; For=ftp_ses; On=ftp_data; server_addr; server_port; +Gop ftp_ctl On ftp_pdu Match (ftp_addr, ftp_addr, ftp_port, ftp_port) { + Start (ftp_resp=220); + Stop (ftp_resp=221); + Extra (server_addr, server_port); +}; +Gog ftp_ses { + Member ftp_ctl (ftp_addr, ftp_addr, ftp_port, ftp_port); + Member ftp_data (server_addr, server_port); +}; + +Done; diff --git a/plugins/epan/mate/examples/tcp.mate b/plugins/epan/mate/examples/tcp.mate index 2abe3e8882..773ad85f37 100644 --- a/plugins/epan/mate/examples/tcp.mate +++ b/plugins/epan/mate/examples/tcp.mate @@ -1,7 +1,14 @@ -# tcp.mate +Pdu tcp_pdu Proto tcp Transport ip { + Extract addr From ip.addr; + Extract port From tcp.port; + Extract tcp_start From tcp.flags.syn; + Extract tcp_stop From tcp.flags.reset; + Extract tcp_stop From tcp.flags.fin; +}; - Action=PduDef; Name=tcp_pdu; Proto=tcp; Transport=ip; addr=ip.addr; port=tcp.port; tcp_start=tcp.flags.syn; tcp_stop=tcp.flags.fin; tcp_stop=tcp.flags.reset; - Action=GopDef; Name=tcp_session; On=tcp_pdu; addr; addr; port; port; - Action=GopStart; For=tcp_session; tcp_start=1; - Action=GopStop; For=tcp_session; tcp_stop=1; +Gop tcp_ses On tcp_pdu Match (addr, addr, port, port) { + Start (tcp_start=1); + Stop (tcp_stop=1); +}; +Done; diff --git a/plugins/epan/mate/examples/web.mate b/plugins/epan/mate/examples/web.mate index fd00c651de..7b3d2246b5 100644 --- a/plugins/epan/mate/examples/web.mate +++ b/plugins/epan/mate/examples/web.mate @@ -1,27 +1,52 @@ -# web.mate - -Action=PduDef; Name=dns_pdu; Proto=dns; Transport=ip; addr=ip.addr; dns_resp=dns.flags.response; host=dns.qry.name; client_addr=ip.src; dns_id=dns.id; -Action=PduDef; Name=http_pdu; Proto=http; Transport=tcp/ip; addr=ip.addr; port=tcp.port; http_rq=http.request.method; http_rs=http.response; host=http.host; client_addr=ip.src; - -Action=GopDef; Name=dns_req; On=dns_pdu; addr; addr; dns_id; -Action=GopStart; For=dns_req; dns_resp=0; -Action=GopStop; For=dns_req; dns_resp=1; - -Action=GopDef; Name=http_req; On=http_pdu; addr; addr; port; port; -Action=GopStart; For=http_req; http_rq; -Action=GopStop; For=http_req; http_rs; - -Action=Transform; Name=rm_client_from_dns_resp; Mode=Replace; Match=Every; dns_resp=1; client_addr; .dns_resp=1; -Action=PduTransform; For=dns_pdu; Name=rm_client_from_dns_resp; - -Action=Transform; Name=rm_client_from_http_resp; Mode=Replace; Match=Every; http_rs; client_addr; .http_rs=; -Action=PduTransform; For=http_pdu; Name=rm_client_from_http_resp; - -Action=GopExtra; For=http_req; host; client_addr; -Action=GopExtra; For=dns_req; host; client_addr; - -Action=GogDef; Name=http_use; GogExpiration=0.75; -Action=GogKey; For=http_use; On=http_req; host; client_addr; -Action=GogKey; For=http_use; On=dns_req; host;client_addr; - -Action=GogExtra; For=http_use; host; client_addr; +Transform rm_client_from_dns_resp { + Match (dns_resp=1, client) Replace (dns_resp=1); +}; + +Pdu dns_pdu Proto dns Transport ip { + Extract addr From ip.addr; + Extract dns_id From dns.id; + Extract dns_resp From dns.flags.response; + Extract host From dns.qry.name; + Extract client From ip.src; + Transform rm_client_from_dns_resp; +}; + +Gop dns_req On dns_pdu Match (addr,addr,dns_id) { + Start (dns_resp=0); + Stop (dns_resp=1); + Extra (host, client); +}; + +Transform rm_client_from_http_resp1 { + Match (http_rq); + Match Every (addr) Insert (not_rq); +}; + +Transform rm_client_from_http_resp2 { + Match (not_rq, client) Replace (); +}; + +Pdu http_pdu Proto http Transport tcp/ip { + Extract addr From ip.addr; + Extract port From tcp.port; + Extract http_rq From http.request.method; + Extract http_rs From http.response; + Extract host From http.host; + Extract client From ip.src; + Transform rm_client_from_http_resp1, rm_client_from_http_resp2; + DiscardPduData true; +}; + +Gop http_req On http_pdu Match (addr, addr, port, port) { + Start (http_rq); + Stop (http_rs); + Extra (host, client); +}; + +Gog http_use { + Member http_req (host, client); + Member dns_req (host, client); + Expiration 0.75; +}; + +Done; |