* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * SPDX-License-Identifier: GPL-2.0-or-later
*/
#include <config.h>
#include <glib.h>
-#include <wsutil/wsjsmn.h>
+#include <wsutil/wsjson.h>
#include <wsutil/ws_printf.h>
#include <file.h>
+#include <epan/epan_dissect.h>
#include <epan/exceptions.h>
#include <epan/color_filters.h>
#include <epan/prefs.h>
#include <epan/stats_tree_priv.h>
#include <epan/stat_tap_ui.h>
#include <epan/conversation_table.h>
+#include <epan/sequence_analysis.h>
#include <epan/expert.h>
#include <epan/export_object.h>
#include <epan/follow.h>
# include <codecs/speex/speex_resampler.h>
#endif /* HAVE_SPEEXDSP */
-#ifdef HAVE_GEOIP
-# include <GeoIP.h>
-# include <epan/geoip_db.h>
-# include <wsutil/pint.h>
-#endif
+#include <epan/maxmind_db.h>
-#include <wsutil/glib-compat.h>
+#include <wsutil/pint.h>
#include <wsutil/strtoi.h>
+#include "globals.h"
+
#include "sharkd.h"
-static void
-json_unescape_str(char *input)
+struct sharkd_filter_item
{
- char *output = input;
-
- while (*input)
- {
- char ch = *input++;
-
- if (ch == '\\')
- {
- /* TODO, add more escaping rules */
- ch = *input++;
- }
+ guint8 *filtered;
+};
- *output = ch;
- output++;
- }
+static GHashTable *filter_table = NULL;
- *output = '\0';
+static gboolean
+json_unescape_str(char *input)
+{
+ return wsjson_unescape_json_string(input, input);
}
static const char *
putchar('"');
}
-struct filter_item
+static void
+sharkd_session_filter_free(gpointer data)
{
- struct filter_item *next;
+ struct sharkd_filter_item *l = (struct sharkd_filter_item *) data;
- char *filter;
- guint8 *filtered;
-};
-
-static struct filter_item *filter_list = NULL;
+ g_free(l->filtered);
+ g_free(l);
+}
static const guint8 *
sharkd_session_filter_data(const char *filter)
{
- struct filter_item *l;
-
- for (l = filter_list; l; l = l->next)
- {
- if (!strcmp(l->filter, filter))
- return l->filtered;
- }
+ struct sharkd_filter_item *l;
+ l = (struct sharkd_filter_item *) g_hash_table_lookup(filter_table, filter);
+ if (!l)
{
guint8 *filtered = NULL;
if (ret == -1)
return NULL;
- l = (struct filter_item *) g_malloc(sizeof(struct filter_item));
- l->filter = g_strdup(filter);
+ l = (struct sharkd_filter_item *) g_malloc(sizeof(struct sharkd_filter_item));
l->filtered = filtered;
- l->next = filter_list;
- filter_list = l;
-
- return filtered;
+ g_hash_table_insert(filter_table, g_strdup(filter), l);
}
+
+ return l->filtered;
}
struct sharkd_rtp_match
static gboolean
sharkd_session_process_info_nstat_cb(const void *key, void *value, void *userdata)
{
- stat_tap_table_ui *new_stat_tap = (stat_tap_table_ui *) value;
+ stat_tap_table_ui *stat_tap = (stat_tap_table_ui *) value;
int *pi = (int *) userdata;
printf("%s{", (*pi) ? "," : "");
- printf("\"name\":\"%s\"", new_stat_tap->title);
+ printf("\"name\":\"%s\"", stat_tap->title);
printf(",\"tap\":\"nstat:%s\"", (const char *) key);
printf("}");
struct register_ct *table = (struct register_ct *) value;
int *pi = (int *) userdata;
- const char *label = (const char*)key;
+ const char *label = (const char *) key;
if (get_conversation_packet_func(table))
{
return FALSE;
}
+static gboolean
+sharkd_session_seq_analysis_cb(const void *key, void *value, void *userdata)
+{
+ register_analysis_t *analysis = (register_analysis_t *) value;
+ int *pi = (int *) userdata;
+
+ printf("%s{", (*pi) ? "," : "");
+ printf("\"name\":\"%s\"", sequence_analysis_get_ui_name(analysis));
+ printf(",\"tap\":\"seqa:%s\"", (const char *) key);
+ printf("}");
+
+ *pi = *pi + 1;
+ return FALSE;
+}
+
static gboolean
sharkd_export_object_visit_cb(const void *key _U_, void *value, void *user_data)
{
- register_eo_t *eo = (register_eo_t*)value;
+ register_eo_t *eo = (register_eo_t *) value;
int *pi = (int *) user_data;
const int proto_id = get_eo_proto_id(eo);
static gboolean
sharkd_follower_visit_cb(const void *key _U_, void *value, void *user_data)
{
- register_follow_t *follower = (register_follow_t*) value;
+ register_follow_t *follower = (register_follow_t *) value;
int *pi = (int *) user_data;
const int proto_id = get_follow_proto_id(follower);
* 'name' - response time delay name
* 'tap' - sharkd tap-name for rtd
*
+ * (m) seqa - available sequence analysis (flow) list, array of object with attributes:
+ * 'name' - sequence analysis name
+ * 'tap' - sharkd tap-name
+ *
* (m) taps - available taps, array of object with attributes:
* 'name' - tap name
* 'tap' - sharkd tap-name
printf(",\"nstat\":[");
i = 0;
- new_stat_tap_iterate_tables(sharkd_session_process_info_nstat_cb, &i);
+ stat_tap_iterate_tables(sharkd_session_process_info_nstat_cb, &i);
printf("]");
printf(",\"convs\":[");
conversation_table_iterate_tables(sharkd_session_process_info_conv_cb, &i);
printf("]");
+ printf(",\"seqa\":[");
+ i = 0;
+ sequence_analysis_table_iterate_tables(sharkd_session_seq_analysis_cb, &i);
+ printf("]");
+
printf(",\"taps\":[");
{
printf("{\"name\":\"%s\",\"tap\":\"%s\"}", "RTP streams", "rtp-streams");
g_free(name);
}
- if (cfile.wth)
+ if (cfile.provider.wth)
{
- gint64 file_size = wtap_file_size(cfile.wth, NULL);
+ gint64 file_size = wtap_file_size(cfile.provider.wth, NULL);
if (file_size > 0)
printf(",\"filesize\":%" G_GINT64_FORMAT, file_size);
};
static void
-sharkd_session_process_analyse_cb(packet_info *pi, proto_tree *tree, struct epan_column_info *cinfo, const GSList *data_src, void *data)
+sharkd_session_process_analyse_cb(epan_dissect_t *edt, proto_tree *tree, struct epan_column_info *cinfo, const GSList *data_src, void *data)
{
struct sharkd_analyse_data *analyser = (struct sharkd_analyse_data *) data;
+ packet_info *pi = &edt->pi;
frame_data *fdata = pi->fd;
(void) tree;
printf(",\"protocols\":[");
for (framenum = 1; framenum <= cfile.count; framenum++)
- sharkd_dissect_request(framenum, &sharkd_session_process_analyse_cb, 0, 0, 0, &analyser);
+ sharkd_dissect_request(framenum, (framenum != 1) ? 1 : 0, framenum - 1, &sharkd_session_process_analyse_cb, 0, 0, 0, &analyser);
printf("]");
if (analyser.first_time)
g_hash_table_destroy(analyser.protocols_set);
}
+static column_info *
+sharkd_session_create_columns(column_info *cinfo, const char *buf, const jsmntok_t *tokens, int count)
+{
+ const char *columns_custom[32];
+ guint16 columns_fmt[32];
+ gint16 columns_occur[32];
+
+ int i, cols;
+
+ for (i = 0; i < 32; i++)
+ {
+ const char *tok_column;
+ char tok_column_name[64];
+ char *custom_sepa;
+
+ ws_snprintf(tok_column_name, sizeof(tok_column_name), "column%d", i);
+ tok_column = json_find_attr(buf, tokens, count, tok_column_name);
+ if (tok_column == NULL)
+ break;
+
+ columns_custom[i] = NULL;
+ columns_occur[i] = 0;
+
+ if ((custom_sepa = strchr(tok_column, ':')))
+ {
+ *custom_sepa = '\0'; /* XXX, C abuse: discarding-const */
+
+ columns_fmt[i] = COL_CUSTOM;
+ columns_custom[i] = tok_column;
+
+ if (!ws_strtoi16(custom_sepa + 1, NULL, &columns_occur[i]))
+ return NULL;
+ }
+ else
+ {
+ if (!ws_strtou16(tok_column, NULL, &columns_fmt[i]))
+ return NULL;
+
+ if (columns_fmt[i] >= NUM_COL_FMTS)
+ return NULL;
+
+ /* if custom, that it shouldn't be just custom number -> error */
+ if (columns_fmt[i] == COL_CUSTOM)
+ return NULL;
+ }
+ }
+
+ cols = i;
+
+ col_setup(cinfo, cols);
+
+ for (i = 0; i < cols; i++)
+ {
+ col_item_t *col_item = &cinfo->columns[i];
+
+ col_item->col_fmt = columns_fmt[i];
+ col_item->col_title = NULL; /* no need for title */
+
+ if (col_item->col_fmt == COL_CUSTOM)
+ {
+ col_item->col_custom_fields = g_strdup(columns_custom[i]);
+ col_item->col_custom_occurrence = columns_occur[i];
+ }
+
+ col_item->col_fence = 0;
+ }
+
+ col_finalize(cinfo);
+
+ return cinfo;
+}
+
/**
* sharkd_session_process_frames()
*
* Process frames request
*
* Input:
+ * (o) column0...columnXX - requested columns either number in range [0..NUM_COL_FMTS), or custom (syntax <dfilter>:<occurence>).
+ * If column0 is not specified default column set will be used.
* (o) filter - filter to be used
* (o) skip=N - skip N frames
* (o) limit=N - show only N frames
+ * (o) refs - list (comma separated) with sorted time reference frame numbers.
*
* Output array of frames with attributes:
* (m) c - array of column data
* (m) num - frame number
- * (m) i - if frame is ignored
- * (m) m - if frame is marked
- * (m) bg - color filter - background color in hex
- * (m) fg - color filter - foreground color in hex
+ * (o) i - if frame is ignored
+ * (o) m - if frame is marked
+ * (o) ct - if frame is commented
+ * (o) bg - color filter - background color in hex
+ * (o) fg - color filter - foreground color in hex
*/
static void
sharkd_session_process_frames(const char *buf, const jsmntok_t *tokens, int count)
{
const char *tok_filter = json_find_attr(buf, tokens, count, "filter");
+ const char *tok_column = json_find_attr(buf, tokens, count, "column0");
const char *tok_skip = json_find_attr(buf, tokens, count, "skip");
const char *tok_limit = json_find_attr(buf, tokens, count, "limit");
+ const char *tok_refs = json_find_attr(buf, tokens, count, "refs");
const guint8 *filter_data = NULL;
const char *frame_sepa = "";
int col;
- guint32 framenum;
+ guint32 framenum, prev_dis_num = 0;
+ guint32 current_ref_frame = 0, next_ref_frame = G_MAXUINT32;
guint32 skip;
guint32 limit;
column_info *cinfo = &cfile.cinfo;
+ column_info user_cinfo;
+
+ if (tok_column)
+ {
+ memset(&user_cinfo, 0, sizeof(user_cinfo));
+ cinfo = sharkd_session_create_columns(&user_cinfo, buf, tokens, count);
+ if (!cinfo)
+ return;
+ }
if (tok_filter)
{
return;
}
+ if (tok_refs)
+ {
+ if (!ws_strtou32(tok_refs, &tok_refs, &next_ref_frame))
+ return;
+ }
+
printf("[");
for (framenum = 1; framenum <= cfile.count; framenum++)
{
- frame_data *fdata = frame_data_sequence_find(cfile.frames, framenum);
+ frame_data *fdata;
+ guint32 ref_frame = (framenum != 1) ? 1 : 0;
if (filter_data && !(filter_data[framenum / 8] & (1 << (framenum % 8))))
continue;
if (skip)
{
skip--;
+ prev_dis_num = framenum;
continue;
}
- sharkd_dissect_columns(framenum, cinfo, (fdata->color_filter == NULL));
+ if (tok_refs)
+ {
+ if (framenum >= next_ref_frame)
+ {
+ current_ref_frame = next_ref_frame;
+
+ if (*tok_refs != ',')
+ next_ref_frame = G_MAXUINT32;
+
+ while (*tok_refs == ',' && framenum >= next_ref_frame)
+ {
+ current_ref_frame = next_ref_frame;
+
+ if (!ws_strtou32(tok_refs + 1, &tok_refs, &next_ref_frame))
+ {
+ fprintf(stderr, "sharkd_session_process_frames() wrong format for refs: %s\n", tok_refs);
+ break;
+ }
+ }
+ }
+
+ if (current_ref_frame)
+ ref_frame = current_ref_frame;
+ }
+
+ fdata = sharkd_get_frame(framenum);
+ sharkd_dissect_columns(fdata, ref_frame, prev_dis_num, cinfo, (fdata->color_filter == NULL));
printf("%s{\"c\":[", frame_sepa);
for (col = 0; col < cinfo->num_cols; ++col)
}
printf("],\"num\":%u", framenum);
+ if (fdata->flags.has_user_comment || fdata->flags.has_phdr_comment)
+ {
+ if (!fdata->flags.has_user_comment || sharkd_get_user_comment(fdata) != NULL)
+ printf(",\"ct\":true");
+ }
+
if (fdata->flags.ignored)
printf(",\"i\":true");
printf("}");
frame_sepa = ",";
+ prev_dis_num = framenum;
if (limit && --limit == 0)
break;
sharkd_session_packet_tap_expert_cb(void *tapdata, packet_info *pinfo _U_, epan_dissect_t *edt _U_, const void *pointer)
{
struct sharkd_expert_tap *etd = (struct sharkd_expert_tap *) tapdata;
- expert_info_t *ei = (expert_info_t *) pointer;
+ const expert_info_t *ei = (const expert_info_t *) pointer;
+ expert_info_t *ei_copy;
+
+ if (ei == NULL)
+ return FALSE;
- ei = (expert_info_t *) g_memdup(ei, sizeof(*ei));
- ei->protocol = g_string_chunk_insert_const(etd->text, ei->protocol);
- ei->summary = g_string_chunk_insert_const(etd->text, ei->summary);
+ ei_copy = g_new(expert_info_t, 1);
+ /* Note: this is a shallow copy */
+ *ei_copy = *ei;
- etd->details = g_slist_prepend(etd->details, ei);
+ /* ei->protocol, ei->summary might be allocated in packet scope, make a copy. */
+ ei_copy->protocol = g_string_chunk_insert_const(etd->text, ei_copy->protocol);
+ ei_copy->summary = g_string_chunk_insert_const(etd->text, ei_copy->summary);
+
+ etd->details = g_slist_prepend(etd->details, ei_copy);
return TRUE;
}
g_free(etd);
}
-struct sharkd_conv_tap_data
+/**
+ * sharkd_session_process_tap_flow_cb()
+ *
+ * Output flow tap:
+ * (m) tap - tap name
+ * (m) type:flow - tap output type
+ * (m) nodes - array of strings with node address
+ * (m) flows - array of object with attributes:
+ * (m) t - frame time string
+ * (m) n - array of two numbers with source node index and destination node index
+ * (m) pn - array of two numbers with source and destination port
+ * (o) c - comment
+ */
+static void
+sharkd_session_process_tap_flow_cb(void *tapdata)
{
- const char *type;
- conv_hash_t hash;
- gboolean resolve_name;
- gboolean resolve_port;
-};
+ seq_analysis_info_t *graph_analysis = (seq_analysis_info_t *) tapdata;
+ GList *flow_list;
+ guint i;
-static int
-sharkd_session_geoip_addr(address *addr, const char *suffix)
-{
- int with_geoip = 0;
+ const char *sepa = "";
- (void) addr;
- (void) suffix;
+ sequence_analysis_get_nodes(graph_analysis);
-#ifdef HAVE_GEOIP
- if (addr->type == AT_IPv4)
+ printf("{\"tap\":\"seqa:%s\",\"type\":\"%s\"", graph_analysis->name, "flow");
+
+ printf(",\"nodes\":[");
+ for (i = 0; i < graph_analysis->num_nodes; i++)
{
- guint32 ip = pntoh32(addr->data);
+ char *addr_str;
+
+ if (i)
+ printf(",");
+
+ addr_str = address_to_display(NULL, &(graph_analysis->nodes[i]));
+ json_puts_string(addr_str);
+ wmem_free(NULL, addr_str);
+ }
+ printf("]");
+
+ printf(",\"flows\":[");
+
+ flow_list = g_queue_peek_nth_link(graph_analysis->items, 0);
+ while (flow_list)
+ {
+ seq_analysis_item_t *sai = (seq_analysis_item_t *) flow_list->data;
- guint num_dbs = geoip_db_num_dbs();
- guint dbnum;
+ flow_list = g_list_next(flow_list);
- for (dbnum = 0; dbnum < num_dbs; dbnum++)
+ if (!sai->display)
+ continue;
+
+ printf("%s{", sepa);
+
+ printf("\"t\":\"%s\"", sai->time_str);
+ printf(",\"n\":[%u,%u]", sai->src_node, sai->dst_node);
+ printf(",\"pn\":[%u,%u]", sai->port_src, sai->port_dst);
+
+ if (sai->comment)
{
- const char *geoip_key = NULL;
- char *geoip_val;
+ printf(",\"c\":");
+ json_puts_string(sai->comment);
+ }
- int db_type = geoip_db_type(dbnum);
+ printf("}");
+ sepa = ",";
+ }
- switch (db_type)
- {
- case GEOIP_COUNTRY_EDITION:
- geoip_key = "geoip_country";
- break;
+ printf("]");
- case GEOIP_CITY_EDITION_REV0:
- case GEOIP_CITY_EDITION_REV1:
- geoip_key = "geoip_city";
- break;
+ printf("},");
+}
- case GEOIP_ORG_EDITION:
- geoip_key = "geoip_org";
- break;
+static void
+sharkd_session_free_tap_flow_cb(void *tapdata)
+{
+ seq_analysis_info_t *graph_analysis = (seq_analysis_info_t *) tapdata;
- case GEOIP_ISP_EDITION:
- geoip_key = "geoip_isp";
- break;
+ sequence_analysis_info_free(graph_analysis);
+}
- case GEOIP_ASNUM_EDITION:
- geoip_key = "geoip_as";
- break;
+struct sharkd_conv_tap_data
+{
+ const char *type;
+ conv_hash_t hash;
+ gboolean resolve_name;
+ gboolean resolve_port;
+};
- case WS_LAT_FAKE_EDITION:
- geoip_key = "geoip_lat";
- break;
+static gboolean
+sharkd_session_geoip_addr(address *addr, const char *suffix)
+{
+ const mmdb_lookup_t *lookup = NULL;
+ gboolean with_geoip = FALSE;
- case WS_LON_FAKE_EDITION:
- geoip_key = "geoip_lon";
- break;
- }
+ if (addr->type == AT_IPv4)
+ {
+ guint32 ip = pntoh32(addr->data);
- if (geoip_key && (geoip_val = geoip_db_lookup_ipv4(dbnum, ip, NULL)))
- {
- printf(",\"%s%s\":", geoip_key, suffix);
- json_puts_string(geoip_val);
- with_geoip = 1;
- }
- }
+ lookup = maxmind_db_lookup_ipv4(ip);
}
-#ifdef HAVE_GEOIP_V6
- if (addr->type == AT_IPv6)
+ else if (addr->type == AT_IPv6)
{
- const struct e_in6_addr *ip6 = (const struct e_in6_addr *) addr->data;
+ const ws_in6_addr *ip6 = (const ws_in6_addr *) addr->data;
- guint num_dbs = geoip_db_num_dbs();
- guint dbnum;
+ lookup = maxmind_db_lookup_ipv6(ip6);
+ }
- for (dbnum = 0; dbnum < num_dbs; dbnum++)
- {
- const char *geoip_key = NULL;
- char *geoip_val;
+ if (!lookup || !lookup->found)
+ return FALSE;
- int db_type = geoip_db_type(dbnum);
+ if (lookup->country)
+ {
+ printf(",\"geoip_country%s\":", suffix);
+ json_puts_string(lookup->country);
+ with_geoip = TRUE;
+ }
- switch (db_type)
- {
- case GEOIP_COUNTRY_EDITION_V6:
- geoip_key = "geoip_country";
- break;
-#if NUM_DB_TYPES > 31
- case GEOIP_CITY_EDITION_REV0_V6:
- case GEOIP_CITY_EDITION_REV1_V6:
- geoip_key = "geoip_city";
- break;
+ if (lookup->country_iso)
+ {
+ printf(",\"geoip_country_iso%s\":", suffix);
+ json_puts_string(lookup->country_iso);
+ with_geoip = TRUE;
+ }
- case GEOIP_ORG_EDITION_V6:
- geoip_key = "geoip_org";
- break;
+ if (lookup->city)
+ {
+ printf(",\"geoip_city%s\":", suffix);
+ json_puts_string(lookup->city);
+ with_geoip = TRUE;
+ }
- case GEOIP_ISP_EDITION_V6:
- geoip_key = "geoip_isp";
- break;
+ if (lookup->as_org)
+ {
+ printf(",\"geoip_as_org%s\":", suffix);
+ json_puts_string(lookup->as_org);
+ with_geoip = TRUE;
+ }
- case GEOIP_ASNUM_EDITION_V6:
- geoip_key = "geoip_as";
- break;
-#endif /* DB_NUM_TYPES */
- case WS_LAT_FAKE_EDITION:
- geoip_key = "geoip_lat";
- break;
+ if (lookup->as_number > 0)
+ {
+ printf(",\"geoip_as%s\":%u", suffix, lookup->as_number);
+ with_geoip = TRUE;
+ }
- case WS_LON_FAKE_EDITION:
- geoip_key = "geoip_lon";
- break;
- }
+ if (lookup->latitude >= -90.0 && lookup->latitude <= 90.0)
+ {
+ printf(",\"geoip_lat%s\":%f", suffix, lookup->latitude);
+ with_geoip = TRUE;
+ }
- if (geoip_key && (geoip_val = geoip_db_lookup_ipv6(dbnum, *ip6, NULL)))
- {
- printf(",\"%s%s\":", geoip_key, suffix);
- json_puts_string(geoip_val);
- with_geoip = 1;
- }
- }
+ if (lookup->longitude >= -180.0 && lookup->longitude <= 180.0)
+ {
+ printf(",\"geoip_lon%s\":%f", suffix, lookup->longitude);
+ with_geoip = TRUE;
}
-#endif /* HAVE_GEOIP_V6 */
-#endif /* HAVE_GEOIP */
return with_geoip;
}
if (proto_with_port)
{
- printf(",\"sport\":\"%s\"", (src_port = get_conversation_port(NULL, iui->src_port, iui->ptype, iu->resolve_port)));
- printf(",\"dport\":\"%s\"", (dst_port = get_conversation_port(NULL, iui->dst_port, iui->ptype, iu->resolve_port)));
+ printf(",\"sport\":\"%s\"", (src_port = get_conversation_port(NULL, iui->src_port, iui->etype, iu->resolve_port)));
+ printf(",\"dport\":\"%s\"", (dst_port = get_conversation_port(NULL, iui->dst_port, iui->etype, iu->resolve_port)));
wmem_free(NULL, src_port);
wmem_free(NULL, dst_port);
if (proto_with_port)
{
- printf(",\"port\":\"%s\"", (port_str = get_conversation_port(NULL, host->port, host->ptype, iu->resolve_port)));
+ printf(",\"port\":\"%s\"", (port_str = get_conversation_port(NULL, host->port, host->etype, iu->resolve_port)));
wmem_free(NULL, port_str);
}
static void
sharkd_session_process_tap_nstat_cb(void *arg)
{
- new_stat_data_t *stat_data = (new_stat_data_t *) arg;
+ stat_data_t *stat_data = (stat_data_t *) arg;
guint i, j, k;
printf("{\"tap\":\"nstat:%s\",\"type\":\"nstat\"", stat_data->stat_tap_data->cli_string);
{
stat_tap_table_item_type *field_data;
- field_data = new_stat_tap_get_field_data(table, j, 0);
+ field_data = stat_tap_get_field_data(table, j, 0);
if (field_data == NULL || field_data->type == TABLE_ITEM_NONE) /* Nothing for us here */
continue;
printf("%s[", sepa);
for (k = 0; k < table->num_fields; k++)
{
- field_data = new_stat_tap_get_field_data(table, j, k);
+ field_data = stat_tap_get_field_data(table, j, k);
if (k)
printf(",");
break;
case TABLE_ITEM_INT:
- printf("%d", field_data->value.uint_value);
+ printf("%d", field_data->value.int_value);
break;
case TABLE_ITEM_STRING:
static void
sharkd_session_free_tap_nstat_cb(void *arg)
{
- new_stat_data_t *stat_data = (new_stat_data_t *) arg;
+ stat_data_t *stat_data = (stat_data_t *) arg;
free_stat_tables(stat_data->stat_tap_data, NULL, NULL);
}
sharkd_session_process_tap_eo_cb(void *tapdata)
{
export_object_list_t *tap_object = (export_object_list_t *) tapdata;
- struct sharkd_export_object_list *object_list = (struct sharkd_export_object_list*) tap_object->gui_data;
+ struct sharkd_export_object_list *object_list = (struct sharkd_export_object_list *) tap_object->gui_data;
GSList *slist;
int i = 0;
* for type:expert see sharkd_session_process_tap_expert_cb()
* for type:rtd see sharkd_session_process_tap_rtd_cb()
* for type:srt see sharkd_session_process_tap_srt_cb()
+ * for type:flow see sharkd_session_process_tap_flow_cb()
*
* (m) err - error code
*/
int i;
rtpstream_tapinfo_t rtp_tapinfo =
- {NULL, NULL, NULL, NULL, 0, NULL, 0, TAP_ANALYSE, NULL, NULL, NULL, FALSE};
+ { NULL, NULL, NULL, NULL, 0, NULL, 0, TAP_ANALYSE, NULL, NULL, NULL, FALSE };
for (i = 0; i < 16; i++)
{
tap_data = expert_tap;
tap_free = sharkd_session_free_tap_expert_cb;
}
+ else if (!strncmp(tok_tap, "seqa:", 5))
+ {
+ seq_analysis_info_t *graph_analysis;
+ register_analysis_t *analysis;
+ const char *tap_name;
+ tap_packet_cb tap_func;
+ guint tap_flags;
+
+ analysis = sequence_analysis_find_by_name(tok_tap + 5);
+ if (!analysis)
+ {
+ fprintf(stderr, "sharkd_session_process_tap() seq analysis %s not found\n", tok_tap + 5);
+ continue;
+ }
+
+ graph_analysis = sequence_analysis_info_new();
+ graph_analysis->name = tok_tap + 5;
+ /* TODO, make configurable */
+ graph_analysis->any_addr = FALSE;
+
+ tap_name = sequence_analysis_get_tap_listener_name(analysis);
+ tap_flags = sequence_analysis_get_tap_flags(analysis);
+ tap_func = sequence_analysis_get_packet_func(analysis);
+
+ tap_error = register_tap_listener(tap_name, graph_analysis, NULL, tap_flags, NULL, tap_func, sharkd_session_process_tap_flow_cb);
+
+ tap_data = graph_analysis;
+ tap_free = sharkd_session_free_tap_flow_cb;
+ }
else if (!strncmp(tok_tap, "conv:", 5) || !strncmp(tok_tap, "endpt:", 6))
{
struct register_ct *ct = NULL;
}
else if (!strncmp(tok_tap, "nstat:", 6))
{
- stat_tap_table_ui *stat_tap = new_stat_tap_by_name(tok_tap + 6);
- new_stat_data_t *stat_data;
+ stat_tap_table_ui *stat_tap = stat_tap_by_name(tok_tap + 6);
+ stat_data_t *stat_data;
if (!stat_tap)
{
stat_tap->stat_tap_init_cb(stat_tap, NULL, NULL);
- stat_data = g_new0(new_stat_data_t, 1);
+ stat_data = g_new0(stat_data_t, 1);
stat_data->stat_tap_data = stat_tap;
stat_data->user_data = NULL;
}
static void
-sharkd_session_process_frame_cb_tree(proto_tree *tree, tvbuff_t **tvbs)
+sharkd_session_process_frame_cb_tree(epan_dissect_t *edt, proto_tree *tree, tvbuff_t **tvbs)
{
proto_node *node;
const char *sepa = "";
if (finfo->hfinfo)
{
+ char *filter;
+
if (finfo->hfinfo->type == FT_PROTOCOL)
{
printf(",\"t\":\"proto\"");
json_puts_string(url);
wmem_free(NULL, url);
}
+
+ filter = proto_construct_match_selected_string(finfo, edt);
+ if (filter)
+ {
+ printf(",\"f\":");
+ json_puts_string(filter);
+ wmem_free(NULL, filter);
+ }
}
if (FI_GET_FLAG(finfo, PI_SEVERITY_MASK))
printf(",\"s\":\"%s\"", severity);
}
- if (((proto_tree *) node)->first_child) {
+ if (((proto_tree *) node)->first_child)
+ {
if (finfo->tree_type != -1)
printf(",\"e\":%d", finfo->tree_type);
printf(",\"n\":");
- sharkd_session_process_frame_cb_tree((proto_tree *) node, tvbs);
+ sharkd_session_process_frame_cb_tree(edt, (proto_tree *) node, tvbs);
}
printf("}");
}
static void
-sharkd_session_process_frame_cb(packet_info *pi, proto_tree *tree, struct epan_column_info *cinfo, const GSList *data_src, void *data)
+sharkd_session_process_frame_cb(epan_dissect_t *edt, proto_tree *tree, struct epan_column_info *cinfo, const GSList *data_src, void *data)
{
- (void) pi;
+ packet_info *pi = &edt->pi;
+ frame_data *fdata = pi->fd;
+ const char *pkt_comment = NULL;
+
(void) data;
printf("{");
printf("\"err\":0");
+ if (fdata->flags.has_user_comment)
+ pkt_comment = sharkd_get_user_comment(fdata);
+ else if (fdata->flags.has_phdr_comment)
+ pkt_comment = pi->rec->opt_comment;
+
+ if (pkt_comment)
+ {
+ printf(",\"comment\":");
+ json_puts_string(pkt_comment);
+ }
+
if (tree)
{
tvbuff_t **tvbs = NULL;
for (i = 0; i < count; i++)
{
- struct data_source *src = (struct data_source *) g_slist_nth_data((GSList *) data_src, i);
+ const struct data_source *src = (const struct data_source *) g_slist_nth_data((GSList *) data_src, i);
tvbs[i] = get_data_source_tvb(src);
}
tvbs[count] = NULL;
}
- sharkd_session_process_frame_cb_tree(tree, tvbs);
+ sharkd_session_process_frame_cb_tree(edt, tree, tvbs);
g_free(tvbs);
}
if (data_src)
{
- struct data_source *src = (struct data_source *)data_src->data;
+ struct data_source *src = (struct data_source *) data_src->data;
const char *ds_sepa = NULL;
tvbuff_t *tvb;
while (data_src)
{
- src = (struct data_source *)data_src->data;
+ src = (struct data_source *) data_src->data;
{
char *src_name = get_data_source_name(src);
guint64 bytes;
} st, st_total;
- nstime_t *start_ts = NULL;
+ nstime_t *start_ts;
guint32 interval_ms = 1000; /* default: one per second */
gint64 idx;
gint64 max_idx = 0;
- if (tok_interval) {
- if (!ws_strtou32(tok_interval, NULL, &interval_ms) || interval_ms == 0) {
+ if (tok_interval)
+ {
+ if (!ws_strtou32(tok_interval, NULL, &interval_ms) || interval_ms == 0)
+ {
fprintf(stderr, "Invalid interval parameter: %s.\n", tok_interval);
return;
}
printf("{\"intervals\":[");
+ start_ts = (cfile.count >= 1) ? &(sharkd_get_frame(1)->abs_ts) : NULL;
+
for (framenum = 1; framenum <= cfile.count; framenum++)
{
- frame_data *fdata = frame_data_sequence_find(cfile.frames, framenum);
+ frame_data *fdata;
gint64 msec_rel;
gint64 new_idx;
- if (start_ts == NULL)
- start_ts = &fdata->abs_ts;
-
if (filter_data && !(filter_data[framenum / 8] & (1 << (framenum % 8))))
continue;
+ fdata = sharkd_get_frame(framenum);
+
msec_rel = (fdata->abs_ts.secs - start_ts->secs) * (gint64) 1000 + (fdata->abs_ts.nsecs - start_ts->nsecs) / 1000000;
new_idx = msec_rel / interval_ms;
*
* Input:
* (m) frame - requested frame number
+ * (o) ref_frame - time reference frame number
+ * (o) prev_frame - previously displayed frame number
* (o) proto - set if output frame tree
* (o) columns - set if output frame columns
* (o) bytes - set if output frame bytes
* (o) tree - array of frame nodes with attributes:
* l - label
* t: 'proto', 'framenum', 'url' - type of node
+ * f - filter string
* s - severity
* e - subtree ett index
* n - array of subtree nodes
* (o) col - array of column data
* (o) bytes - base64 of frame bytes
* (o) ds - array of other data srcs
+ * (o) comment - frame comment
* (o) fol - array of follow filters:
* [0] - protocol
* [1] - filter string
sharkd_session_process_frame(char *buf, const jsmntok_t *tokens, int count)
{
const char *tok_frame = json_find_attr(buf, tokens, count, "frame");
+ const char *tok_ref_frame = json_find_attr(buf, tokens, count, "ref_frame");
+ const char *tok_prev_frame = json_find_attr(buf, tokens, count, "prev_frame");
int tok_proto = (json_find_attr(buf, tokens, count, "proto") != NULL);
int tok_bytes = (json_find_attr(buf, tokens, count, "bytes") != NULL);
int tok_columns = (json_find_attr(buf, tokens, count, "columns") != NULL);
- guint32 framenum;
+ guint32 framenum, ref_frame_num, prev_dis_num;
if (!tok_frame || !ws_strtou32(tok_frame, NULL, &framenum) || framenum == 0)
return;
- sharkd_dissect_request(framenum, &sharkd_session_process_frame_cb, tok_bytes, tok_columns, tok_proto, NULL);
+ ref_frame_num = (framenum != 1) ? 1 : 0;
+ if (tok_ref_frame && (!ws_strtou32(tok_ref_frame, NULL, &ref_frame_num) || ref_frame_num > framenum))
+ return;
+
+ prev_dis_num = framenum - 1;
+ if (tok_prev_frame && (!ws_strtou32(tok_prev_frame, NULL, &prev_dis_num) || prev_dis_num >= framenum))
+ return;
+
+ sharkd_dissect_request(framenum, ref_frame_num, prev_dis_num, &sharkd_session_process_frame_cb, tok_bytes, tok_columns, tok_proto, NULL);
}
/**
return 0;
}
+/**
+ * sharkd_session_process_setcomment()
+ *
+ * Process setcomment request
+ *
+ * Input:
+ * (m) frame - frame number
+ * (o) comment - user comment
+ *
+ * Output object with attributes:
+ * (m) err - error code: 0 succeed
+ */
+static void
+sharkd_session_process_setcomment(char *buf, const jsmntok_t *tokens, int count)
+{
+ const char *tok_frame = json_find_attr(buf, tokens, count, "frame");
+ const char *tok_comment = json_find_attr(buf, tokens, count, "comment");
+
+ guint32 framenum;
+ frame_data *fdata;
+ int ret;
+
+ if (!tok_frame || !ws_strtou32(tok_frame, NULL, &framenum) || framenum == 0)
+ return;
+
+ fdata = sharkd_get_frame(framenum);
+ if (!fdata)
+ return;
+
+ ret = sharkd_set_user_comment(fdata, tok_comment);
+ printf("{\"err\":%d}\n", ret);
+}
+
/**
* sharkd_session_process_setconf()
*
break;
case PREF_STRING:
+ case PREF_SAVE_FILENAME:
+ case PREF_OPEN_FILENAME:
+ case PREF_DIRNAME:
printf("\"s\":");
json_puts_string(prefs_get_string_value(pref, pref_current));
break;
* Output object with attributes:
* (o) prefs - object with module preferences
* (m) [KEY] - preference name
- * (o) u - preference value (only for PREF_UINT)
- * (o) ub - preference value suggested base for display (only for PREF_UINT) and if different than 10
+ * (o) u - preference value (for PREF_UINT, PREF_DECODE_AS_UINT)
+ * (o) ub - preference value suggested base for display (for PREF_UINT, PREF_DECODE_AS_UINT) and if different than 10
* (o) b - preference value (only for PREF_BOOL) (1 true, 0 false)
- * (o) s - preference value (only for PREF_STRING)
+ * (o) s - preference value (for PREF_STRING, PREF_SAVE_FILENAME, PREF_OPEN_FILENAME, PREF_DIRNAME)
* (o) e - preference possible values (only for PREF_ENUM)
- * (o) r - preference value (only for PREF_RANGE)
+ * (o) r - preference value (for PREF_RANGE, PREF_DECODE_AS_RANGE)
* (o) t - preference value (only for PREF_UAT)
*/
static void
printf("{\"prefs\":{");
prefs_pref_foreach(pref_mod, sharkd_session_process_dumpconf_cb, &data);
printf("}}\n");
- }
+ }
}
struct sharkd_download_rtp
printf(",\"mime\":");
json_puts_string(mime);
printf(",\"data\":");
- json_print_base64(eo_entry->payload_data, eo_entry->payload_len);
+ json_print_base64(eo_entry->payload_data, (size_t)(eo_entry->payload_len));
printf("}\n");
}
}
return;
}
+ if (tokens[i + 1].type != JSMN_STRING && tokens[i + 1].type != JSMN_PRIMITIVE)
+ {
+ fprintf(stderr, "sanity check(3a): [%d] wrong type\n", i + 1);
+ return;
+ }
+
buf[tokens[i + 0].end] = '\0';
buf[tokens[i + 1].end] = '\0';
- json_unescape_str(&buf[tokens[i + 0].start]);
- json_unescape_str(&buf[tokens[i + 1].start]);
+ /* unescape only value, as keys are simple strings */
+ if (tokens[i + 1].type == JSMN_STRING && !json_unescape_str(&buf[tokens[i + 1].start]))
+ {
+ fprintf(stderr, "sanity check(3b): [%d] cannot unescape string\n", i + 1);
+ return;
+ }
}
{
sharkd_session_process_intervals(buf, tokens, count);
else if (!strcmp(tok_req, "frame"))
sharkd_session_process_frame(buf, tokens, count);
+ else if (!strcmp(tok_req, "setcomment"))
+ sharkd_session_process_setcomment(buf, tokens, count);
else if (!strcmp(tok_req, "setconf"))
sharkd_session_process_setconf(buf, tokens, count);
else if (!strcmp(tok_req, "dumpconf"))
fprintf(stderr, "Hello in child.\n");
+ filter_table = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, sharkd_session_filter_free);
+
while (fgets(buf, sizeof(buf), stdin))
{
/* every command is line seperated JSON */
int ret;
- ret = wsjsmn_parse(buf, NULL, 0);
+ ret = wsjson_parse(buf, NULL, 0);
if (ret < 0)
{
fprintf(stderr, "invalid JSON -> closing\n");
memset(tokens, 0, ret * sizeof(jsmntok_t));
- ret = wsjsmn_parse(buf, tokens, ret);
+ ret = wsjson_parse(buf, tokens, ret);
if (ret < 0)
{
fprintf(stderr, "invalid JSON(2) -> closing\n");
sharkd_session_process(buf, tokens, ret);
}
+ g_hash_table_destroy(filter_table);
g_free(tokens);
return 0;