diff options
| author | Gerald Combs <gerald@wireshark.org> | 2009-05-14 23:33:17 +0000 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2009-05-14 23:33:17 +0000 |
| commit | 9a72434b1e7e716717d8e813b47ed4dc38950f75 (patch) | |
| tree | ed252079e0ffc2c70921034aacd3edfbaff9be74 /epan/dissectors/packet-udp.h | |
| parent | bec2875b2b09b03612bcdff46157049a399b5324 (diff) | |
Add support for process flow records to IPFIX, which required adding
support for vendor-specific IEs. Fix variable-length record handling. Add
conversation tracking to the UDP dissector and add process flow
information to TCP and UDP conversations.
This lets us run process flow collectors on one or more machines and
have the process username, PID, command name, etc. show up in the TCP
and UDP protocol trees.
svn path=/trunk/; revision=28366
Diffstat (limited to 'epan/dissectors/packet-udp.h')
| -rw-r--r-- | epan/dissectors/packet-udp.h | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/epan/dissectors/packet-udp.h b/epan/dissectors/packet-udp.h index 4cb043b7f3..c289b241a2 100644 --- a/epan/dissectors/packet-udp.h +++ b/epan/dissectors/packet-udp.h @@ -36,6 +36,53 @@ typedef struct _e_udphdr { address ip_dst; } e_udphdr; +/* Conversation and process structures originally copied from packet-tcp.c */ +typedef struct _udp_flow_t { + /* Process info, currently discovered via IPFIX */ + guint32 process_uid; /* UID of local process */ + guint32 process_pid; /* PID of local process */ + gchar *username; /* Username of the local process */ + gchar *command; /* Local process name + path + args */ +} udp_flow_t; + +struct udp_analysis { + /* These two structs are managed based on comparing the source + * and destination addresses and, if they're equal, comparing + * the source and destination ports. + * + * If the source is greater than the destination, then stuff + * sent from src is in ual1. + * + * If the source is less than the destination, then stuff + * sent from src is in ual2. + * + * XXX - if the addresses and ports are equal, we don't guarantee + * the behavior. + */ + udp_flow_t flow1; + udp_flow_t flow2; + + /* These pointers are set by get_tcp_conversation_data() + * fwd point in the same direction as the current packet + * and rev in the reverse direction + */ + udp_flow_t *fwd; + udp_flow_t *rev; +}; + +/** Associate process information with a given flow + * + * @param local_addr The local IPv4 or IPv6 address of the process + * @param remote_addr The remote IPv4 or IPv6 address of the process + * @param local_port The local TCP port of the process + * @param remote_port The remote TCP port of the process + * @param uid The numeric user ID of the process + * @param pid The numeric PID of the process + * @param username Ephemeral string containing the full or partial process name + * @param command Ephemeral string containing the full or partial process name + */ +extern void add_udp_process_info(guint32 frame_num, address *local_addr, address *remote_addr, guint16 local_port, guint16 remote_port, guint32 uid, guint32 pid, gchar *username, gchar *command); + extern void decode_udp_ports(tvbuff_t *, int, packet_info *, proto_tree *, int, int, int); |