3 * Copyright (C) 2016 Jakub Zawadzki
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
9 * SPDX-License-Identifier: GPL-2.0-or-later
21 #include <wsutil/wsjson.h>
22 #include <wsutil/ws_printf.h>
25 #include <epan/epan_dissect.h>
26 #include <epan/exceptions.h>
27 #include <epan/color_filters.h>
28 #include <epan/prefs.h>
29 #include <epan/prefs-int.h>
30 #include <epan/uat-int.h>
31 #include <wiretap/wtap.h>
33 #include <epan/column.h>
35 #include <ui/ssl_key_export.h>
37 #include <ui/io_graph_item.h>
38 #include <epan/stats_tree_priv.h>
39 #include <epan/stat_tap_ui.h>
40 #include <epan/conversation_table.h>
41 #include <epan/sequence_analysis.h>
42 #include <epan/expert.h>
43 #include <epan/export_object.h>
44 #include <epan/follow.h>
45 #include <epan/rtd_table.h>
46 #include <epan/srt_table.h>
48 #include <epan/dissectors/packet-h225.h>
49 #include <epan/rtp_pt.h>
50 #include <ui/voip_calls.h>
51 #include <ui/rtp_stream.h>
52 #include <ui/tap-rtp-common.h>
53 #include <ui/tap-rtp-analysis.h>
54 #include <epan/to_str.h>
56 #include <epan/addr_resolv.h>
57 #include <epan/dissectors/packet-rtp.h>
58 #include <ui/rtp_media.h>
60 # include <speex/speex_resampler.h>
62 # include <codecs/speex/speex_resampler.h>
63 #endif /* HAVE_SPEEXDSP */
65 #include <epan/maxmind_db.h>
67 #include <wsutil/pint.h>
68 #include <wsutil/strtoi.h>
74 struct sharkd_filter_item
76 guint8 *filtered; /* can be NULL if all frames are matching for given filter. */
79 static GHashTable *filter_table = NULL;
82 json_unescape_str(char *input)
84 return wsjson_unescape_json_string(input, input);
88 json_find_attr(const char *buf, const jsmntok_t *tokens, int count, const char *attr)
92 for (i = 0; i < count; i += 2)
94 const char *tok_attr = &buf[tokens[i + 0].start];
95 const char *tok_value = &buf[tokens[i + 1].start];
97 if (!strcmp(tok_attr, attr))
105 json_puts_string(const char *str)
113 for (i = 0; str[i]; i++)
138 json_print_base64_step(const guint8 *data, int *state1, int *state2)
140 gchar buf[(1 / 3 + 1) * 4 + 4 + 1];
144 wrote = g_base64_encode_step(data, 1, FALSE, buf, state1, state2);
146 wrote = g_base64_encode_close(FALSE, buf, state1, state2);
156 json_print_base64(const guint8 *data, size_t len)
159 int base64_state1 = 0;
160 int base64_state2 = 0;
164 for (i = 0; i < len; i++)
165 json_print_base64_step(&data[i], &base64_state1, &base64_state2);
167 json_print_base64_step(NULL, &base64_state1, &base64_state2);
173 sharkd_session_filter_free(gpointer data)
175 struct sharkd_filter_item *l = (struct sharkd_filter_item *) data;
181 static const struct sharkd_filter_item *
182 sharkd_session_filter_data(const char *filter)
184 struct sharkd_filter_item *l;
186 l = (struct sharkd_filter_item *) g_hash_table_lookup(filter_table, filter);
189 guint8 *filtered = NULL;
191 int ret = sharkd_filter(filter, &filtered);
196 l = (struct sharkd_filter_item *) g_malloc(sizeof(struct sharkd_filter_item));
197 l->filtered = filtered;
199 g_hash_table_insert(filter_table, g_strdup(filter), l);
206 sharkd_rtp_match_init(rtpstream_id_t *id, const char *init_str)
208 gboolean ret = FALSE;
210 guint32 tmp_addr_src, tmp_addr_dst;
211 address tmp_src_addr, tmp_dst_addr;
213 memset(id, 0, sizeof(*id));
215 arr = g_strsplit(init_str, "_", 7); /* pass larger value, so we'll catch incorrect input :) */
216 if (g_strv_length(arr) != 5)
219 /* TODO, for now only IPv4 */
220 if (!get_host_ipaddr(arr[0], &tmp_addr_src))
223 if (!ws_strtou16(arr[1], NULL, &id->src_port))
226 if (!get_host_ipaddr(arr[2], &tmp_addr_dst))
229 if (!ws_strtou16(arr[3], NULL, &id->dst_port))
232 if (!ws_hexstrtou32(arr[4], NULL, &id->ssrc))
235 set_address(&tmp_src_addr, AT_IPv4, 4, &tmp_addr_src);
236 copy_address(&id->src_addr, &tmp_src_addr);
237 set_address(&tmp_dst_addr, AT_IPv4, 4, &tmp_addr_dst);
238 copy_address(&id->dst_addr, &tmp_dst_addr);
248 sharkd_session_process_info_nstat_cb(const void *key, void *value, void *userdata)
250 stat_tap_table_ui *stat_tap = (stat_tap_table_ui *) value;
251 int *pi = (int *) userdata;
253 printf("%s{", (*pi) ? "," : "");
254 printf("\"name\":\"%s\"", stat_tap->title);
255 printf(",\"tap\":\"nstat:%s\"", (const char *) key);
263 sharkd_session_process_info_conv_cb(const void* key, void* value, void* userdata)
265 struct register_ct *table = (struct register_ct *) value;
266 int *pi = (int *) userdata;
268 const char *label = (const char *) key;
270 if (get_conversation_packet_func(table))
272 printf("%s{", (*pi) ? "," : "");
273 printf("\"name\":\"Conversation List/%s\"", label);
274 printf(",\"tap\":\"conv:%s\"", label);
280 if (get_hostlist_packet_func(table))
282 printf("%s{", (*pi) ? "," : "");
283 printf("\"name\":\"Endpoint/%s\"", label);
284 printf(",\"tap\":\"endpt:%s\"", label);
293 sharkd_session_seq_analysis_cb(const void *key, void *value, void *userdata)
295 register_analysis_t *analysis = (register_analysis_t *) value;
296 int *pi = (int *) userdata;
298 printf("%s{", (*pi) ? "," : "");
299 printf("\"name\":\"%s\"", sequence_analysis_get_ui_name(analysis));
300 printf(",\"tap\":\"seqa:%s\"", (const char *) key);
308 sharkd_export_object_visit_cb(const void *key _U_, void *value, void *user_data)
310 register_eo_t *eo = (register_eo_t *) value;
311 int *pi = (int *) user_data;
313 const int proto_id = get_eo_proto_id(eo);
314 const char *filter = proto_get_protocol_filter_name(proto_id);
315 const char *label = proto_get_protocol_short_name(find_protocol_by_id(proto_id));
317 printf("%s{", (*pi) ? "," : "");
318 printf("\"name\":\"Export Object/%s\"", label);
319 printf(",\"tap\":\"eo:%s\"", filter);
327 sharkd_srt_visit_cb(const void *key _U_, void *value, void *user_data)
329 register_srt_t *srt = (register_srt_t *) value;
330 int *pi = (int *) user_data;
332 const int proto_id = get_srt_proto_id(srt);
333 const char *filter = proto_get_protocol_filter_name(proto_id);
334 const char *label = proto_get_protocol_short_name(find_protocol_by_id(proto_id));
336 printf("%s{", (*pi) ? "," : "");
337 printf("\"name\":\"Service Response Time/%s\"", label);
338 printf(",\"tap\":\"srt:%s\"", filter);
346 sharkd_rtd_visit_cb(const void *key _U_, void *value, void *user_data)
348 register_rtd_t *rtd = (register_rtd_t *) value;
349 int *pi = (int *) user_data;
351 const int proto_id = get_rtd_proto_id(rtd);
352 const char *filter = proto_get_protocol_filter_name(proto_id);
353 const char *label = proto_get_protocol_short_name(find_protocol_by_id(proto_id));
355 printf("%s{", (*pi) ? "," : "");
356 printf("\"name\":\"Response Time Delay/%s\"", label);
357 printf(",\"tap\":\"rtd:%s\"", filter);
365 sharkd_follower_visit_cb(const void *key _U_, void *value, void *user_data)
367 register_follow_t *follower = (register_follow_t *) value;
368 int *pi = (int *) user_data;
370 const int proto_id = get_follow_proto_id(follower);
371 const char *label = proto_get_protocol_short_name(find_protocol_by_id(proto_id));
372 const char *filter = label; /* correct: get_follow_by_name() is registered by short name */
374 printf("%s{", (*pi) ? "," : "");
375 printf("\"name\":\"Follow/%s\"", label);
376 printf(",\"tap\":\"follow:%s\"", filter);
384 * sharkd_session_process_info()
386 * Process info request
388 * Output object with attributes:
389 * (m) columns - available column formats, array of object with attributes:
390 * 'name' - column name
391 * 'format' - column format-name
393 * (m) stats - available statistics, array of object with attributes:
394 * 'name' - statistic name
395 * 'tap' - sharkd tap-name for statistic
397 * (m) convs - available conversation list, array of object with attributes:
398 * 'name' - conversation name
399 * 'tap' - sharkd tap-name for conversation
401 * (m) eo - available export object list, array of object with attributes:
402 * 'name' - export object name
403 * 'tap' - sharkd tap-name for eo
405 * (m) srt - available service response time list, array of object with attributes:
406 * 'name' - service response time name
407 * 'tap' - sharkd tap-name for srt
409 * (m) rtd - available response time delay list, array of object with attributes:
410 * 'name' - response time delay name
411 * 'tap' - sharkd tap-name for rtd
413 * (m) seqa - available sequence analysis (flow) list, array of object with attributes:
414 * 'name' - sequence analysis name
415 * 'tap' - sharkd tap-name
417 * (m) taps - available taps, array of object with attributes:
419 * 'tap' - sharkd tap-name
421 * (m) follow - available followers, array of object with attributes:
423 * 'tap' - sharkd tap-name
425 * (m) ftypes - conversation table for FT_ number to string
428 sharkd_session_process_info(void)
432 printf("{\"columns\":[");
433 for (i = 0; i < NUM_COL_FMTS; i++)
435 const char *col_format = col_format_to_string(i);
436 const char *col_descr = col_format_desc(i);
438 printf("%s{", (i) ? "," : "");
439 printf("\"name\":\"%s\"", col_descr);
440 printf(",\"format\":\"%s\"", col_format);
445 printf(",\"stats\":[");
447 GList *cfg_list = stats_tree_get_cfg_list();
449 const char *sepa = "";
451 for (l = cfg_list; l; l = l->next)
453 stats_tree_cfg *cfg = (stats_tree_cfg *) l->data;
456 printf("\"name\":\"%s\"", cfg->name);
457 printf(",\"tap\":\"stat:%s\"", cfg->abbr);
462 g_list_free(cfg_list);
466 printf(",\"ftypes\":[");
467 for (i = 0; i < FT_NUM_TYPES; i++)
471 json_puts_string(ftype_name((ftenum_t) i));
475 printf(",\"version\":");
476 json_puts_string(sharkd_version());
478 printf(",\"nstat\":[");
480 stat_tap_iterate_tables(sharkd_session_process_info_nstat_cb, &i);
483 printf(",\"convs\":[");
485 conversation_table_iterate_tables(sharkd_session_process_info_conv_cb, &i);
488 printf(",\"seqa\":[");
490 sequence_analysis_table_iterate_tables(sharkd_session_seq_analysis_cb, &i);
493 printf(",\"taps\":[");
495 printf("{\"name\":\"%s\",\"tap\":\"%s\"}", "RTP streams", "rtp-streams");
496 printf(",{\"name\":\"%s\",\"tap\":\"%s\"}", "Expert Information", "expert");
502 eo_iterate_tables(sharkd_export_object_visit_cb, &i);
505 printf(",\"srt\":[");
507 srt_table_iterate_tables(sharkd_srt_visit_cb, &i);
510 printf(",\"rtd\":[");
512 rtd_table_iterate_tables(sharkd_rtd_visit_cb, &i);
515 printf(",\"follow\":[");
517 follow_iterate_followers(sharkd_follower_visit_cb, &i);
524 * sharkd_session_process_load()
526 * Process load request
529 * (m) file - file to be loaded
531 * Output object with attributes:
532 * (m) err - error code
535 sharkd_session_process_load(const char *buf, const jsmntok_t *tokens, int count)
537 const char *tok_file = json_find_attr(buf, tokens, count, "file");
540 fprintf(stderr, "load: filename=%s\n", tok_file);
545 if (sharkd_cf_open(tok_file, WTAP_TYPE_AUTO, FALSE, &err) != CF_OK)
547 printf("{\"err\":%d}\n", err);
553 err = sharkd_load_cap_file();
555 CATCH(OutOfMemoryError)
557 fprintf(stderr, "load: OutOfMemoryError\n");
562 printf("{\"err\":%d}\n", err);
566 * sharkd_session_process_status()
568 * Process status request
570 * Output object with attributes:
571 * (m) frames - count of currently loaded frames
572 * (m) duration - time difference between time of first frame, and last loaded frame
573 * (o) filename - capture filename
574 * (o) filesize - capture filesize
577 sharkd_session_process_status(void)
579 printf("{\"frames\":%u", cfile.count);
581 printf(",\"duration\":%.9f", nstime_to_sec(&cfile.elapsed_time));
585 char *name = g_path_get_basename(cfile.filename);
587 printf(",\"filename\":");
588 json_puts_string(name);
592 if (cfile.provider.wth)
594 gint64 file_size = wtap_file_size(cfile.provider.wth, NULL);
597 printf(",\"filesize\":%" G_GINT64_FORMAT, file_size);
603 struct sharkd_analyse_data
605 GHashTable *protocols_set;
606 nstime_t *first_time;
611 sharkd_session_process_analyse_cb(epan_dissect_t *edt, proto_tree *tree, struct epan_column_info *cinfo, const GSList *data_src, void *data)
613 struct sharkd_analyse_data *analyser = (struct sharkd_analyse_data *) data;
614 packet_info *pi = &edt->pi;
615 frame_data *fdata = pi->fd;
621 if (analyser->first_time == NULL || nstime_cmp(&fdata->abs_ts, analyser->first_time) < 0)
622 analyser->first_time = &fdata->abs_ts;
624 if (analyser->last_time == NULL || nstime_cmp(&fdata->abs_ts, analyser->last_time) > 0)
625 analyser->last_time = &fdata->abs_ts;
629 wmem_list_frame_t *frame;
631 for (frame = wmem_list_head(pi->layers); frame; frame = wmem_list_frame_next(frame))
633 int proto_id = GPOINTER_TO_UINT(wmem_list_frame_data(frame));
635 if (!g_hash_table_lookup_extended(analyser->protocols_set, GUINT_TO_POINTER(proto_id), NULL, NULL))
637 g_hash_table_insert(analyser->protocols_set, GUINT_TO_POINTER(proto_id), GUINT_TO_POINTER(proto_id));
639 if (g_hash_table_size(analyser->protocols_set) != 1)
641 json_puts_string(proto_get_protocol_filter_name(proto_id));
649 * sharkd_session_process_status()
651 * Process analyse request
653 * Output object with attributes:
654 * (m) frames - count of currently loaded frames
655 * (m) protocols - protocol list
656 * (m) first - earliest frame time
657 * (m) last - latest frame time
660 sharkd_session_process_analyse(void)
662 unsigned int framenum;
663 struct sharkd_analyse_data analyser;
665 analyser.first_time = NULL;
666 analyser.last_time = NULL;
667 analyser.protocols_set = g_hash_table_new(NULL /* g_direct_hash() */, NULL /* g_direct_equal */);
669 printf("{\"frames\":%u", cfile.count);
671 printf(",\"protocols\":[");
672 for (framenum = 1; framenum <= cfile.count; framenum++)
673 sharkd_dissect_request(framenum, (framenum != 1) ? 1 : 0, framenum - 1, &sharkd_session_process_analyse_cb, SHARKD_DISSECT_FLAG_NULL, &analyser);
676 if (analyser.first_time)
677 printf(",\"first\":%.9f", nstime_to_sec(analyser.first_time));
679 if (analyser.last_time)
680 printf(",\"last\":%.9f", nstime_to_sec(analyser.last_time));
684 g_hash_table_destroy(analyser.protocols_set);
688 sharkd_session_create_columns(column_info *cinfo, const char *buf, const jsmntok_t *tokens, int count)
690 const char *columns_custom[32];
691 guint16 columns_fmt[32];
692 gint16 columns_occur[32];
696 for (i = 0; i < 32; i++)
698 const char *tok_column;
699 char tok_column_name[64];
702 ws_snprintf(tok_column_name, sizeof(tok_column_name), "column%d", i);
703 tok_column = json_find_attr(buf, tokens, count, tok_column_name);
704 if (tok_column == NULL)
707 columns_custom[i] = NULL;
708 columns_occur[i] = 0;
710 if ((custom_sepa = strchr(tok_column, ':')))
712 *custom_sepa = '\0'; /* XXX, C abuse: discarding-const */
714 columns_fmt[i] = COL_CUSTOM;
715 columns_custom[i] = tok_column;
717 if (!ws_strtoi16(custom_sepa + 1, NULL, &columns_occur[i]))
722 if (!ws_strtou16(tok_column, NULL, &columns_fmt[i]))
725 if (columns_fmt[i] >= NUM_COL_FMTS)
728 /* if custom, that it shouldn't be just custom number -> error */
729 if (columns_fmt[i] == COL_CUSTOM)
736 col_setup(cinfo, cols);
738 for (i = 0; i < cols; i++)
740 col_item_t *col_item = &cinfo->columns[i];
742 col_item->col_fmt = columns_fmt[i];
743 col_item->col_title = NULL; /* no need for title */
745 if (col_item->col_fmt == COL_CUSTOM)
747 col_item->col_custom_fields = g_strdup(columns_custom[i]);
748 col_item->col_custom_occurrence = columns_occur[i];
751 col_item->col_fence = 0;
760 * sharkd_session_process_frames()
762 * Process frames request
765 * (o) column0...columnXX - requested columns either number in range [0..NUM_COL_FMTS), or custom (syntax <dfilter>:<occurence>).
766 * If column0 is not specified default column set will be used.
767 * (o) filter - filter to be used
768 * (o) skip=N - skip N frames
769 * (o) limit=N - show only N frames
770 * (o) refs - list (comma separated) with sorted time reference frame numbers.
772 * Output array of frames with attributes:
773 * (m) c - array of column data
774 * (m) num - frame number
775 * (o) i - if frame is ignored
776 * (o) m - if frame is marked
777 * (o) ct - if frame is commented
778 * (o) bg - color filter - background color in hex
779 * (o) fg - color filter - foreground color in hex
782 sharkd_session_process_frames(const char *buf, const jsmntok_t *tokens, int count)
784 const char *tok_filter = json_find_attr(buf, tokens, count, "filter");
785 const char *tok_column = json_find_attr(buf, tokens, count, "column0");
786 const char *tok_skip = json_find_attr(buf, tokens, count, "skip");
787 const char *tok_limit = json_find_attr(buf, tokens, count, "limit");
788 const char *tok_refs = json_find_attr(buf, tokens, count, "refs");
790 const guint8 *filter_data = NULL;
792 const char *frame_sepa = "";
795 guint32 framenum, prev_dis_num = 0;
796 guint32 current_ref_frame = 0, next_ref_frame = G_MAXUINT32;
800 column_info *cinfo = &cfile.cinfo;
801 column_info user_cinfo;
805 memset(&user_cinfo, 0, sizeof(user_cinfo));
806 cinfo = sharkd_session_create_columns(&user_cinfo, buf, tokens, count);
813 const struct sharkd_filter_item *filter_item;
815 filter_item = sharkd_session_filter_data(tok_filter);
818 filter_data = filter_item->filtered;
824 if (!ws_strtou32(tok_skip, NULL, &skip))
831 if (!ws_strtou32(tok_limit, NULL, &limit))
837 if (!ws_strtou32(tok_refs, &tok_refs, &next_ref_frame))
842 for (framenum = 1; framenum <= cfile.count; framenum++)
845 guint32 ref_frame = (framenum != 1) ? 1 : 0;
847 if (filter_data && !(filter_data[framenum / 8] & (1 << (framenum % 8))))
853 prev_dis_num = framenum;
859 if (framenum >= next_ref_frame)
861 current_ref_frame = next_ref_frame;
863 if (*tok_refs != ',')
864 next_ref_frame = G_MAXUINT32;
866 while (*tok_refs == ',' && framenum >= next_ref_frame)
868 current_ref_frame = next_ref_frame;
870 if (!ws_strtou32(tok_refs + 1, &tok_refs, &next_ref_frame))
872 fprintf(stderr, "sharkd_session_process_frames() wrong format for refs: %s\n", tok_refs);
878 if (current_ref_frame)
879 ref_frame = current_ref_frame;
882 fdata = sharkd_get_frame(framenum);
883 sharkd_dissect_columns(fdata, ref_frame, prev_dis_num, cinfo, (fdata->color_filter == NULL));
885 printf("%s{\"c\":[", frame_sepa);
886 for (col = 0; col < cinfo->num_cols; ++col)
888 const col_item_t *col_item = &cinfo->columns[col];
893 json_puts_string(col_item->col_data);
895 printf("],\"num\":%u", framenum);
897 if (fdata->flags.has_user_comment || fdata->flags.has_phdr_comment)
899 if (!fdata->flags.has_user_comment || sharkd_get_user_comment(fdata) != NULL)
900 printf(",\"ct\":true");
903 if (fdata->flags.ignored)
904 printf(",\"i\":true");
906 if (fdata->flags.marked)
907 printf(",\"m\":true");
909 if (fdata->color_filter)
911 printf(",\"bg\":\"%x\"", color_t_to_rgb(&fdata->color_filter->bg_color));
912 printf(",\"fg\":\"%x\"", color_t_to_rgb(&fdata->color_filter->fg_color));
917 prev_dis_num = framenum;
919 if (limit && --limit == 0)
924 if (cinfo != &cfile.cinfo)
929 sharkd_session_process_tap_stats_node_cb(const stat_node *n)
932 const char *sepa = "";
935 for (node = n->children; node; node = node->next)
937 /* code based on stats_tree_get_values_from_node() */
938 printf("%s{\"name\":\"%s\"", sepa, node->name);
939 printf(",\"count\":%d", node->counter);
940 if (node->counter && ((node->st_flags & ST_FLG_AVERAGE) || node->rng))
942 printf(",\"avg\":%.2f", ((float)node->total) / node->counter);
943 printf(",\"min\":%d", node->minvalue);
944 printf(",\"max\":%d", node->maxvalue);
947 if (node->st->elapsed)
948 printf(",\"rate\":%.4f",((float)node->counter) / node->st->elapsed);
950 if (node->parent && node->parent->counter)
951 printf(",\"perc\":%.2f", (node->counter * 100.0) / node->parent->counter);
952 else if (node->parent == &(node->st->root))
953 printf(",\"perc\":100");
955 if (prefs.st_enable_burstinfo && node->max_burst)
957 if (prefs.st_burst_showcount)
958 printf(",\"burstcount\":%d", node->max_burst);
960 printf(",\"burstrate\":%.4f", ((double)node->max_burst) / prefs.st_burst_windowlen);
962 printf(",\"bursttime\":%.3f", ((double)node->burst_time / 1000.0));
968 sharkd_session_process_tap_stats_node_cb(node);
977 * sharkd_session_process_tap_stats_cb()
982 * (m) type:stats - tap output type
983 * (m) name - stat name
984 * (m) stats - array of object with attributes:
985 * (m) name - stat item name
986 * (m) count - stat item counter
987 * (o) avg - stat item averange value
988 * (o) min - stat item min value
989 * (o) max - stat item max value
990 * (o) rate - stat item rate value (ms)
991 * (o) perc - stat item percentage
992 * (o) burstrate - stat item burst rate
993 * (o) burstcount - stat item burst count
994 * (o) burstttme - stat item burst start
995 * (o) sub - array of object with attributes like in stats node.
998 sharkd_session_process_tap_stats_cb(void *psp)
1000 stats_tree *st = (stats_tree *) psp;
1002 printf("{\"tap\":\"stats:%s\",\"type\":\"stats\"", st->cfg->abbr);
1004 printf(",\"name\":\"%s\",\"stats\":", st->cfg->name);
1005 sharkd_session_process_tap_stats_node_cb(&st->root);
1010 sharkd_session_free_tap_stats_cb(void *psp)
1012 stats_tree *st = (stats_tree *) psp;
1014 stats_tree_free(st);
1017 struct sharkd_expert_tap
1024 * sharkd_session_process_tap_expert_cb()
1026 * Output expert tap:
1028 * (m) tap - tap name
1029 * (m) type:expert - tap output type
1030 * (m) details - array of object with attributes:
1031 * (m) f - frame number, which generated expert information
1034 * (m) m - expert message
1038 sharkd_session_process_tap_expert_cb(void *tapdata)
1040 struct sharkd_expert_tap *etd = (struct sharkd_expert_tap *) tapdata;
1042 const char *sepa = "";
1044 printf("{\"tap\":\"%s\",\"type\":\"%s\"", "expert", "expert");
1046 printf(",\"details\":[");
1047 for (list = etd->details; list; list = list->next)
1049 expert_info_t *ei = (expert_info_t *) list->data;
1052 printf("%s{", sepa);
1054 printf("\"f\":%u,", ei->packet_num);
1056 tmp = try_val_to_str(ei->severity, expert_severity_vals);
1058 printf("\"s\":\"%s\",", tmp);
1060 tmp = try_val_to_str(ei->group, expert_group_vals);
1062 printf("\"g\":\"%s\",", tmp);
1065 json_puts_string(ei->summary);
1071 json_puts_string(ei->protocol);
1083 sharkd_session_packet_tap_expert_cb(void *tapdata, packet_info *pinfo _U_, epan_dissect_t *edt _U_, const void *pointer)
1085 struct sharkd_expert_tap *etd = (struct sharkd_expert_tap *) tapdata;
1086 const expert_info_t *ei = (const expert_info_t *) pointer;
1087 expert_info_t *ei_copy;
1092 ei_copy = g_new(expert_info_t, 1);
1093 /* Note: this is a shallow copy */
1096 /* ei->protocol, ei->summary might be allocated in packet scope, make a copy. */
1097 ei_copy->protocol = g_string_chunk_insert_const(etd->text, ei_copy->protocol);
1098 ei_copy->summary = g_string_chunk_insert_const(etd->text, ei_copy->summary);
1100 etd->details = g_slist_prepend(etd->details, ei_copy);
1106 sharkd_session_free_tap_expert_cb(void *tapdata)
1108 struct sharkd_expert_tap *etd = (struct sharkd_expert_tap *) tapdata;
1110 g_slist_free_full(etd->details, g_free);
1111 g_string_chunk_free(etd->text);
1116 * sharkd_session_process_tap_flow_cb()
1119 * (m) tap - tap name
1120 * (m) type:flow - tap output type
1121 * (m) nodes - array of strings with node address
1122 * (m) flows - array of object with attributes:
1123 * (m) t - frame time string
1124 * (m) n - array of two numbers with source node index and destination node index
1125 * (m) pn - array of two numbers with source and destination port
1129 sharkd_session_process_tap_flow_cb(void *tapdata)
1131 seq_analysis_info_t *graph_analysis = (seq_analysis_info_t *) tapdata;
1135 const char *sepa = "";
1137 sequence_analysis_get_nodes(graph_analysis);
1139 printf("{\"tap\":\"seqa:%s\",\"type\":\"%s\"", graph_analysis->name, "flow");
1141 printf(",\"nodes\":[");
1142 for (i = 0; i < graph_analysis->num_nodes; i++)
1149 addr_str = address_to_display(NULL, &(graph_analysis->nodes[i]));
1150 json_puts_string(addr_str);
1151 wmem_free(NULL, addr_str);
1155 printf(",\"flows\":[");
1157 flow_list = g_queue_peek_nth_link(graph_analysis->items, 0);
1160 seq_analysis_item_t *sai = (seq_analysis_item_t *) flow_list->data;
1162 flow_list = g_list_next(flow_list);
1167 printf("%s{", sepa);
1169 printf("\"t\":\"%s\"", sai->time_str);
1170 printf(",\"n\":[%u,%u]", sai->src_node, sai->dst_node);
1171 printf(",\"pn\":[%u,%u]", sai->port_src, sai->port_dst);
1176 json_puts_string(sai->comment);
1189 sharkd_session_free_tap_flow_cb(void *tapdata)
1191 seq_analysis_info_t *graph_analysis = (seq_analysis_info_t *) tapdata;
1193 sequence_analysis_info_free(graph_analysis);
1196 struct sharkd_conv_tap_data
1200 gboolean resolve_name;
1201 gboolean resolve_port;
1205 sharkd_session_geoip_addr(address *addr, const char *suffix)
1207 const mmdb_lookup_t *lookup = NULL;
1208 gboolean with_geoip = FALSE;
1210 if (addr->type == AT_IPv4)
1214 memcpy(&ip, addr->data, 4);
1215 lookup = maxmind_db_lookup_ipv4(ip);
1217 else if (addr->type == AT_IPv6)
1219 const ws_in6_addr *ip6 = (const ws_in6_addr *) addr->data;
1221 lookup = maxmind_db_lookup_ipv6(ip6);
1224 if (!lookup || !lookup->found)
1227 if (lookup->country)
1229 printf(",\"geoip_country%s\":", suffix);
1230 json_puts_string(lookup->country);
1234 if (lookup->country_iso)
1236 printf(",\"geoip_country_iso%s\":", suffix);
1237 json_puts_string(lookup->country_iso);
1243 printf(",\"geoip_city%s\":", suffix);
1244 json_puts_string(lookup->city);
1250 printf(",\"geoip_as_org%s\":", suffix);
1251 json_puts_string(lookup->as_org);
1255 if (lookup->as_number > 0)
1257 printf(",\"geoip_as%s\":%u", suffix, lookup->as_number);
1261 if (lookup->latitude >= -90.0 && lookup->latitude <= 90.0)
1263 printf(",\"geoip_lat%s\":%f", suffix, lookup->latitude);
1267 if (lookup->longitude >= -180.0 && lookup->longitude <= 180.0)
1269 printf(",\"geoip_lon%s\":%f", suffix, lookup->longitude);
1276 struct sharkd_analyse_rtp_items
1279 guint32 sequence_num;
1287 double arrive_offset;
1289 /* from tap_rtp_stat_t */
1294 struct sharkd_analyse_rtp
1296 const char *tap_name;
1301 tap_rtp_stat_t statinfo;
1305 sharkd_session_process_tap_rtp_free_cb(void *tapdata)
1307 struct sharkd_analyse_rtp *rtp_req = (struct sharkd_analyse_rtp *) tapdata;
1309 g_slist_free_full(rtp_req->packets, g_free);
1314 sharkd_session_packet_tap_rtp_analyse_cb(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_, const void *pointer)
1316 struct sharkd_analyse_rtp *rtp_req = (struct sharkd_analyse_rtp *) tapdata;
1317 const struct _rtp_info *rtp_info = (const struct _rtp_info *) pointer;
1319 if (rtpstream_id_equal_pinfo_rtp_info(&rtp_req->id, pinfo, rtp_info))
1321 tap_rtp_stat_t *statinfo = &(rtp_req->statinfo);
1322 struct sharkd_analyse_rtp_items *item;
1324 rtppacket_analyse(statinfo, pinfo, rtp_info);
1326 item = (struct sharkd_analyse_rtp_items *) g_malloc(sizeof(struct sharkd_analyse_rtp_items));
1328 if (!rtp_req->packets)
1329 rtp_req->start_time = nstime_to_sec(&pinfo->abs_ts);
1331 item->frame_num = pinfo->num;
1332 item->sequence_num = rtp_info->info_seq_num;
1333 item->delta = (statinfo->flags & STAT_FLAG_FIRST) ? 0.0 : statinfo->delta;
1334 item->jitter = (statinfo->flags & STAT_FLAG_FIRST) ? 0.0 : statinfo->jitter;
1335 item->skew = (statinfo->flags & STAT_FLAG_FIRST) ? 0.0 : statinfo->skew;
1336 item->bandwidth = statinfo->bandwidth;
1337 item->marker = rtp_info->info_marker_set ? TRUE : FALSE;
1338 item->arrive_offset= nstime_to_sec(&pinfo->abs_ts) - rtp_req->start_time;
1340 item->flags = statinfo->flags;
1341 item->pt = statinfo->pt;
1343 /* XXX, O(n) optimize */
1344 rtp_req->packets = g_slist_append(rtp_req->packets, item);
1351 * sharkd_session_process_tap_rtp_analyse_cb()
1353 * Output rtp analyse tap:
1354 * (m) tap - tap name
1355 * (m) type - tap output type
1356 * (m) ssrc - RTP SSRC
1357 * (m) max_delta - Max delta (ms)
1358 * (m) max_delta_nr - Max delta packet #
1359 * (m) max_jitter - Max jitter (ms)
1360 * (m) mean_jitter - Mean jitter (ms)
1361 * (m) max_skew - Max skew (ms)
1362 * (m) total_nr - Total number of RTP packets
1363 * (m) seq_err - Number of sequence errors
1364 * (m) duration - Duration (ms)
1365 * (m) items - array of object with attributes:
1366 * (m) f - frame number
1367 * (m) o - arrive offset
1368 * (m) sn - sequence number
1372 * (m) bw - bandwidth
1373 * (o) s - status string
1374 * (o) t - status type
1375 * (o) mark - rtp mark
1378 sharkd_session_process_tap_rtp_analyse_cb(void *tapdata)
1380 const int RTP_TYPE_CN = 1;
1381 const int RTP_TYPE_ERROR = 2;
1382 const int RTP_TYPE_WARN = 3;
1383 const int RTP_TYPE_PT_EVENT = 4;
1385 const struct sharkd_analyse_rtp *rtp_req = (struct sharkd_analyse_rtp *) tapdata;
1386 const tap_rtp_stat_t *statinfo = &rtp_req->statinfo;
1388 const char *sepa = "";
1391 printf("{\"tap\":\"%s\",\"type\":\"rtp-analyse\"", rtp_req->tap_name);
1393 printf(",\"ssrc\":%u", rtp_req->id.ssrc);
1395 printf(",\"max_delta\":%f", statinfo->max_delta);
1396 printf(",\"max_delta_nr\":%u", statinfo->max_nr);
1397 printf(",\"max_jitter\":%f", statinfo->max_jitter);
1398 printf(",\"mean_jitter\":%f", statinfo->mean_jitter);
1399 printf(",\"max_skew\":%f", statinfo->max_skew);
1400 printf(",\"total_nr\":%u", statinfo->total_nr);
1401 printf(",\"seq_err\":%u", statinfo->sequence);
1402 printf(",\"duration\":%f", statinfo->time - statinfo->start_time);
1404 printf(",\"items\":[");
1405 for (l = rtp_req->packets; l; l = l->next)
1407 struct sharkd_analyse_rtp_items *item = (struct sharkd_analyse_rtp_items *) l->data;
1409 printf("%s{", sepa);
1411 printf("\"f\":%u", item->frame_num);
1412 printf(",\"o\":%.9f", item->arrive_offset);
1413 printf(",\"sn\":%u", item->sequence_num);
1414 printf(",\"d\":%.2f", item->delta);
1415 printf(",\"j\":%.2f", item->jitter);
1416 printf(",\"sk\":%.2f", item->skew);
1417 printf(",\"bw\":%.2f", item->bandwidth);
1419 if (item->pt == PT_CN)
1420 printf(",\"s\":\"%s\",\"t\":%d", "Comfort noise (PT=13, RFC 3389)", RTP_TYPE_CN);
1421 else if (item->pt == PT_CN_OLD)
1422 printf(",\"s\":\"%s\",\"t\":%d", "Comfort noise (PT=19, reserved)", RTP_TYPE_CN);
1423 else if (item->flags & STAT_FLAG_WRONG_SEQ)
1424 printf(",\"s\":\"%s\",\"t\":%d", "Wrong sequence number", RTP_TYPE_ERROR);
1425 else if (item->flags & STAT_FLAG_DUP_PKT)
1426 printf(",\"s\":\"%s\",\"t\":%d", "Suspected duplicate (MAC address) only delta time calculated", RTP_TYPE_WARN);
1427 else if (item->flags & STAT_FLAG_REG_PT_CHANGE)
1428 printf(",\"s\":\"Payload changed to PT=%u%s\",\"t\":%d",
1430 (item->flags & STAT_FLAG_PT_T_EVENT) ? " telephone/event" : "",
1432 else if (item->flags & STAT_FLAG_WRONG_TIMESTAMP)
1433 printf(",\"s\":\"%s\",\"t\":%d", "Incorrect timestamp", RTP_TYPE_WARN);
1434 else if ((item->flags & STAT_FLAG_PT_CHANGE)
1435 && !(item->flags & STAT_FLAG_FIRST)
1436 && !(item->flags & STAT_FLAG_PT_CN)
1437 && (item->flags & STAT_FLAG_FOLLOW_PT_CN)
1438 && !(item->flags & STAT_FLAG_MARKER))
1440 printf(",\"s\":\"%s\",\"t\":%d", "Marker missing?", RTP_TYPE_WARN);
1442 else if (item->flags & STAT_FLAG_PT_T_EVENT)
1443 printf(",\"s\":\"PT=%u telephone/event\",\"t\":%d", item->pt, RTP_TYPE_PT_EVENT);
1444 else if (item->flags & STAT_FLAG_MARKER)
1445 printf(",\"t\":%d", RTP_TYPE_WARN);
1448 printf(",\"mark\":1");
1459 * sharkd_session_process_tap_conv_cb()
1462 * (m) tap - tap name
1463 * (m) type - tap output type
1464 * (m) proto - protocol short name
1465 * (o) filter - filter string
1467 * (o) convs - array of object with attributes:
1468 * (m) saddr - source address
1469 * (m) daddr - destination address
1470 * (o) sport - source port
1471 * (o) dport - destination port
1472 * (m) txf - TX frame count
1473 * (m) txb - TX bytes
1474 * (m) rxf - RX frame count
1475 * (m) rxb - RX bytes
1476 * (m) start - (relative) first packet time
1477 * (m) stop - (relative) last packet time
1479 * (o) hosts - array of object with attributes:
1480 * (m) host - host address
1481 * (o) port - host port
1482 * (m) txf - TX frame count
1483 * (m) txb - TX bytes
1484 * (m) rxf - RX frame count
1485 * (m) rxb - RX bytes
1488 sharkd_session_process_tap_conv_cb(void *arg)
1490 conv_hash_t *hash = (conv_hash_t *) arg;
1491 const struct sharkd_conv_tap_data *iu = (struct sharkd_conv_tap_data *) hash->user_data;
1493 int proto_with_port;
1498 if (!strncmp(iu->type, "conv:", 5))
1500 printf("{\"tap\":\"%s\",\"type\":\"conv\"", iu->type);
1501 printf(",\"convs\":[");
1502 proto = iu->type + 5;
1504 else if (!strncmp(iu->type, "endpt:", 6))
1506 printf("{\"tap\":\"%s\",\"type\":\"host\"", iu->type);
1507 printf(",\"hosts\":[");
1508 proto = iu->type + 6;
1512 printf("{\"tap\":\"%s\",\"type\":\"err\"", iu->type);
1516 proto_with_port = (!strcmp(proto, "TCP") || !strcmp(proto, "UDP") || !strcmp(proto, "SCTP"));
1518 if (iu->hash.conv_array != NULL && !strncmp(iu->type, "conv:", 5))
1520 for (i = 0; i < iu->hash.conv_array->len; i++)
1522 conv_item_t *iui = &g_array_index(iu->hash.conv_array, conv_item_t, i);
1523 char *src_addr, *dst_addr;
1524 char *src_port, *dst_port;
1527 printf("%s{", i ? "," : "");
1529 printf("\"saddr\":\"%s\"", (src_addr = get_conversation_address(NULL, &iui->src_address, iu->resolve_name)));
1530 printf(",\"daddr\":\"%s\"", (dst_addr = get_conversation_address(NULL, &iui->dst_address, iu->resolve_name)));
1532 if (proto_with_port)
1534 printf(",\"sport\":\"%s\"", (src_port = get_conversation_port(NULL, iui->src_port, iui->etype, iu->resolve_port)));
1535 printf(",\"dport\":\"%s\"", (dst_port = get_conversation_port(NULL, iui->dst_port, iui->etype, iu->resolve_port)));
1537 wmem_free(NULL, src_port);
1538 wmem_free(NULL, dst_port);
1541 printf(",\"rxf\":%" G_GUINT64_FORMAT, iui->rx_frames);
1542 printf(",\"rxb\":%" G_GUINT64_FORMAT, iui->rx_bytes);
1544 printf(",\"txf\":%" G_GUINT64_FORMAT, iui->tx_frames);
1545 printf(",\"txb\":%" G_GUINT64_FORMAT, iui->tx_bytes);
1547 printf(",\"start\":%.9f", nstime_to_sec(&iui->start_time));
1548 printf(",\"stop\":%.9f", nstime_to_sec(&iui->stop_time));
1550 filter_str = get_conversation_filter(iui, CONV_DIR_A_TO_FROM_B);
1553 printf(",\"filter\":\"%s\"", filter_str);
1557 wmem_free(NULL, src_addr);
1558 wmem_free(NULL, dst_addr);
1560 if (sharkd_session_geoip_addr(&(iui->src_address), "1"))
1562 if (sharkd_session_geoip_addr(&(iui->dst_address), "2"))
1568 else if (iu->hash.conv_array != NULL && !strncmp(iu->type, "endpt:", 6))
1570 for (i = 0; i < iu->hash.conv_array->len; i++)
1572 hostlist_talker_t *host = &g_array_index(iu->hash.conv_array, hostlist_talker_t, i);
1573 char *host_str, *port_str;
1576 printf("%s{", i ? "," : "");
1578 printf("\"host\":\"%s\"", (host_str = get_conversation_address(NULL, &host->myaddress, iu->resolve_name)));
1580 if (proto_with_port)
1582 printf(",\"port\":\"%s\"", (port_str = get_conversation_port(NULL, host->port, host->etype, iu->resolve_port)));
1584 wmem_free(NULL, port_str);
1587 printf(",\"rxf\":%" G_GUINT64_FORMAT, host->rx_frames);
1588 printf(",\"rxb\":%" G_GUINT64_FORMAT, host->rx_bytes);
1590 printf(",\"txf\":%" G_GUINT64_FORMAT, host->tx_frames);
1591 printf(",\"txb\":%" G_GUINT64_FORMAT, host->tx_bytes);
1593 filter_str = get_hostlist_filter(host);
1596 printf(",\"filter\":\"%s\"", filter_str);
1600 wmem_free(NULL, host_str);
1602 if (sharkd_session_geoip_addr(&(host->myaddress), ""))
1608 printf("],\"proto\":\"%s\",\"geoip\":%s},", proto, with_geoip ? "true" : "false");
1612 sharkd_session_free_tap_conv_cb(void *arg)
1614 conv_hash_t *hash = (conv_hash_t *) arg;
1615 struct sharkd_conv_tap_data *iu = (struct sharkd_conv_tap_data *) hash->user_data;
1617 if (!strncmp(iu->type, "conv:", 5))
1619 reset_conversation_table_data(hash);
1621 else if (!strncmp(iu->type, "endpt:", 6))
1623 reset_hostlist_table_data(hash);
1630 * sharkd_session_process_tap_nstat_cb()
1633 * (m) tap - tap name
1634 * (m) type - tap output type
1635 * (m) fields: array of objects with attributes:
1638 * (m) tables: array of object with attributes:
1639 * (m) t - table title
1640 * (m) i - array of items
1643 sharkd_session_process_tap_nstat_cb(void *arg)
1645 stat_data_t *stat_data = (stat_data_t *) arg;
1648 printf("{\"tap\":\"nstat:%s\",\"type\":\"nstat\"", stat_data->stat_tap_data->cli_string);
1650 printf(",\"fields\":[");
1651 for (i = 0; i < stat_data->stat_tap_data->nfields; i++)
1653 stat_tap_table_item *field = &(stat_data->stat_tap_data->fields[i]);
1661 json_puts_string(field->column_name);
1667 printf(",\"tables\":[");
1668 for (i = 0; i < stat_data->stat_tap_data->tables->len; i++)
1670 stat_tap_table *table = g_array_index(stat_data->stat_tap_data->tables, stat_tap_table *, i);
1671 const char *sepa = "";
1679 printf("\"%s\"", table->title);
1682 for (j = 0; j < table->num_elements; j++)
1684 stat_tap_table_item_type *field_data;
1686 field_data = stat_tap_get_field_data(table, j, 0);
1687 if (field_data == NULL || field_data->type == TABLE_ITEM_NONE) /* Nothing for us here */
1690 printf("%s[", sepa);
1691 for (k = 0; k < table->num_fields; k++)
1693 field_data = stat_tap_get_field_data(table, j, k);
1698 switch (field_data->type)
1700 case TABLE_ITEM_UINT:
1701 printf("%u", field_data->value.uint_value);
1704 case TABLE_ITEM_INT:
1705 printf("%d", field_data->value.int_value);
1708 case TABLE_ITEM_STRING:
1709 json_puts_string(field_data->value.string_value);
1712 case TABLE_ITEM_FLOAT:
1713 printf("%f", field_data->value.float_value);
1716 case TABLE_ITEM_ENUM:
1717 printf("%d", field_data->value.enum_value);
1720 case TABLE_ITEM_NONE:
1737 sharkd_session_free_tap_nstat_cb(void *arg)
1739 stat_data_t *stat_data = (stat_data_t *) arg;
1741 free_stat_tables(stat_data->stat_tap_data);
1745 * sharkd_session_process_tap_rtd_cb()
1748 * (m) tap - tap name
1749 * (m) type - tap output type
1750 * (m) stats - statistics rows - array object with attributes:
1751 * (m) type - statistic name
1752 * (m) num - number of messages
1753 * (m) min - minimum SRT time
1754 * (m) max - maximum SRT time
1755 * (m) tot - total SRT time
1756 * (m) min_frame - minimal SRT
1757 * (m) max_frame - maximum SRT
1758 * (o) open_req - Open Requests
1759 * (o) disc_rsp - Discarded Responses
1760 * (o) req_dup - Duplicated Requests
1761 * (o) rsp_dup - Duplicated Responses
1762 * (o) open_req - Open Requests
1763 * (o) disc_rsp - Discarded Responses
1764 * (o) req_dup - Duplicated Requests
1765 * (o) rsp_dup - Duplicated Responses
1768 sharkd_session_process_tap_rtd_cb(void *arg)
1770 rtd_data_t *rtd_data = (rtd_data_t *) arg;
1771 register_rtd_t *rtd = (register_rtd_t *) rtd_data->user_data;
1775 const char *filter = proto_get_protocol_filter_name(get_rtd_proto_id(rtd));
1777 /* XXX, some dissectors are having single table and multiple timestats (mgcp, megaco),
1778 * some multiple table and single timestat (radius, h225)
1779 * and it seems that value_string is used one for timestamp-ID, other one for table-ID
1780 * I wonder how it will gonna work with multiple timestats and multiple tables...
1781 * (for usage grep for: register_rtd_table)
1783 const value_string *vs = get_rtd_value_string(rtd);
1784 const char *sepa = "";
1786 printf("{\"tap\":\"rtd:%s\",\"type\":\"rtd\"", filter);
1788 if (rtd_data->stat_table.num_rtds == 1)
1790 const rtd_timestat *ms = &rtd_data->stat_table.time_stats[0];
1792 printf(",\"open_req\":%u", ms->open_req_num);
1793 printf(",\"disc_rsp\":%u", ms->disc_rsp_num);
1794 printf(",\"req_dup\":%u", ms->req_dup_num);
1795 printf(",\"rsp_dup\":%u", ms->rsp_dup_num);
1798 printf(",\"stats\":[");
1799 for (i = 0; i < rtd_data->stat_table.num_rtds; i++)
1801 const rtd_timestat *ms = &rtd_data->stat_table.time_stats[i];
1803 for (j = 0; j < ms->num_timestat; j++)
1805 const char *type_str;
1807 if (ms->rtd[j].num == 0)
1810 printf("%s{", sepa);
1812 if (rtd_data->stat_table.num_rtds == 1)
1813 type_str = val_to_str_const(j, vs, "Other"); /* 1 table - description per row */
1815 type_str = val_to_str_const(i, vs, "Other"); /* multiple table - description per table */
1816 printf("\"type\":");
1817 json_puts_string(type_str);
1819 printf(",\"num\":%u", ms->rtd[j].num);
1820 printf(",\"min\":%.9f", nstime_to_sec(&(ms->rtd[j].min)));
1821 printf(",\"max\":%.9f", nstime_to_sec(&(ms->rtd[j].max)));
1822 printf(",\"tot\":%.9f", nstime_to_sec(&(ms->rtd[j].tot)));
1823 printf(",\"min_frame\":%u", ms->rtd[j].min_num);
1824 printf(",\"max_frame\":%u", ms->rtd[j].max_num);
1826 if (rtd_data->stat_table.num_rtds != 1)
1828 /* like in tshark, display it on every row */
1829 printf(",\"open_req\":%u", ms->open_req_num);
1830 printf(",\"disc_rsp\":%u", ms->disc_rsp_num);
1831 printf(",\"req_dup\":%u", ms->req_dup_num);
1832 printf(",\"rsp_dup\":%u", ms->rsp_dup_num);
1843 sharkd_session_free_tap_rtd_cb(void *arg)
1845 rtd_data_t *rtd_data = (rtd_data_t *) arg;
1847 free_rtd_table(&rtd_data->stat_table);
1852 * sharkd_session_process_tap_srt_cb()
1855 * (m) tap - tap name
1856 * (m) type - tap output type
1858 * (m) tables - array of object with attributes:
1859 * (m) n - table name
1860 * (m) f - table filter
1861 * (o) c - table column name
1862 * (m) r - table rows - array object with attributes:
1864 * (m) idx - procedure index
1865 * (m) num - number of events
1866 * (m) min - minimum SRT time
1867 * (m) max - maximum SRT time
1868 * (m) tot - total SRT time
1871 sharkd_session_process_tap_srt_cb(void *arg)
1873 srt_data_t *srt_data = (srt_data_t *) arg;
1874 register_srt_t *srt = (register_srt_t *) srt_data->user_data;
1876 const char *filter = proto_get_protocol_filter_name(get_srt_proto_id(srt));
1880 printf("{\"tap\":\"srt:%s\",\"type\":\"srt\"", filter);
1882 printf(",\"tables\":[");
1883 for (i = 0; i < srt_data->srt_array->len; i++)
1886 srt_stat_table *rst = g_array_index(srt_data->srt_array, srt_stat_table *, i);
1887 const char *sepa = "";
1897 json_puts_string(rst->name);
1898 else if (rst->short_name)
1899 json_puts_string(rst->short_name);
1901 printf("\"table%u\"", i);
1903 if (rst->filter_string)
1906 json_puts_string(rst->filter_string);
1909 if (rst->proc_column_name)
1912 json_puts_string(rst->proc_column_name);
1916 for (j = 0; j < rst->num_procs; j++)
1919 srt_procedure_t *proc = &rst->procedures[j];
1921 if (proc->stats.num == 0)
1924 printf("%s{", sepa);
1927 json_puts_string(proc->procedure);
1929 if (rst->filter_string)
1930 printf(",\"idx\":%d", proc->proc_index);
1932 printf(",\"num\":%u", proc->stats.num);
1934 printf(",\"min\":%.9f", nstime_to_sec(&proc->stats.min));
1935 printf(",\"max\":%.9f", nstime_to_sec(&proc->stats.max));
1936 printf(",\"tot\":%.9f", nstime_to_sec(&proc->stats.tot));
1948 sharkd_session_free_tap_srt_cb(void *arg)
1950 srt_data_t *srt_data = (srt_data_t *) arg;
1951 register_srt_t *srt = (register_srt_t *) srt_data->user_data;
1953 free_srt_table(srt, srt_data->srt_array);
1954 g_array_free(srt_data->srt_array, TRUE);
1958 struct sharkd_export_object_list
1960 struct sharkd_export_object_list *next;
1967 static struct sharkd_export_object_list *sharkd_eo_list;
1970 * sharkd_session_process_tap_eo_cb()
1973 * (m) tap - tap name
1974 * (m) type - tap output type
1975 * (m) proto - protocol short name
1976 * (m) objects - array of object with attributes:
1977 * (m) pkt - packet number
1978 * (o) hostname - hostname
1979 * (o) type - content type
1980 * (o) filename - filename
1981 * (m) len - object length
1984 sharkd_session_process_tap_eo_cb(void *tapdata)
1986 export_object_list_t *tap_object = (export_object_list_t *) tapdata;
1987 struct sharkd_export_object_list *object_list = (struct sharkd_export_object_list *) tap_object->gui_data;
1991 printf("{\"tap\":\"%s\",\"type\":\"eo\"", object_list->type);
1992 printf(",\"proto\":\"%s\"", object_list->proto);
1993 printf(",\"objects\":[");
1995 for (slist = object_list->entries; slist; slist = slist->next)
1997 const export_object_entry_t *eo_entry = (export_object_entry_t *) slist->data;
1999 printf("%s{", i ? "," : "");
2001 printf("\"pkt\":%u", eo_entry->pkt_num);
2003 if (eo_entry->hostname)
2005 printf(",\"hostname\":");
2006 json_puts_string(eo_entry->hostname);
2009 if (eo_entry->content_type)
2011 printf(",\"type\":");
2012 json_puts_string(eo_entry->content_type);
2015 if (eo_entry->filename)
2017 printf(",\"filename\":");
2018 json_puts_string(eo_entry->filename);
2021 printf(",\"_download\":\"%s_%d\"", object_list->type, i);
2023 printf(",\"len\":%" G_GINT64_FORMAT, eo_entry->payload_len);
2034 sharkd_eo_object_list_add_entry(void *gui_data, export_object_entry_t *entry)
2036 struct sharkd_export_object_list *object_list = (struct sharkd_export_object_list *) gui_data;
2038 object_list->entries = g_slist_append(object_list->entries, entry);
2041 static export_object_entry_t *
2042 sharkd_eo_object_list_get_entry(void *gui_data, int row)
2044 struct sharkd_export_object_list *object_list = (struct sharkd_export_object_list *) gui_data;
2046 return (export_object_entry_t *) g_slist_nth_data(object_list->entries, row);
2050 * sharkd_session_process_tap_rtp_cb()
2052 * Output RTP streams tap:
2053 * (m) tap - tap name
2054 * (m) type - tap output type
2055 * (m) streams - array of object with attributes:
2056 * (m) ssrc - RTP synchronization source identifier
2057 * (m) payload - stream payload
2058 * (m) saddr - source address
2059 * (m) sport - source port
2060 * (m) daddr - destination address
2061 * (m) dport - destination port
2062 * (m) pkts - packets count
2063 * (m) max_delta - max delta (ms)
2064 * (m) max_jitter - max jitter (ms)
2065 * (m) mean_jitter - mean jitter (ms)
2068 * (m) problem - if analyser found the problem
2069 * (m) ipver - address IP version (4 or 6)
2072 sharkd_session_process_tap_rtp_cb(void *arg)
2074 rtpstream_tapinfo_t *rtp_tapinfo = (rtpstream_tapinfo_t *) arg;
2077 const char *sepa = "";
2079 printf("{\"tap\":\"%s\",\"type\":\"%s\"", "rtp-streams", "rtp-streams");
2081 printf(",\"streams\":[");
2082 for (listx = g_list_first(rtp_tapinfo->strinfo_list); listx; listx = listx->next)
2084 rtpstream_info_t *streaminfo = (rtpstream_info_t *) listx->data;
2085 rtpstream_info_calc_t calc;
2087 rtpstream_info_calculate(streaminfo, &calc);
2089 printf("%s{\"ssrc\":%u", sepa, calc.ssrc);
2090 printf(",\"payload\":\"%s\"", calc.all_payload_type_names);
2092 printf(",\"saddr\":\"%s\"", calc.src_addr_str);
2093 printf(",\"sport\":%u", calc.src_port);
2095 printf(",\"daddr\":\"%s\"", calc.dst_addr_str);
2096 printf(",\"dport\":%u", calc.dst_port);
2098 printf(",\"pkts\":%u", calc.packet_count);
2100 printf(",\"max_delta\":%f",calc.max_delta);
2101 printf(",\"max_jitter\":%f", calc.max_jitter);
2102 printf(",\"mean_jitter\":%f", calc.mean_jitter);
2104 printf(",\"expectednr\":%u", calc.packet_expected);
2105 printf(",\"totalnr\":%u", calc.total_nr);
2107 printf(",\"problem\":%s", calc.problem? "true" : "false");
2110 printf(",\"ipver\":%d", (streaminfo->id.src_addr.type == AT_IPv6) ? 6 : 4);
2112 rtpstream_info_calc_free(&calc);
2121 * sharkd_session_process_tap()
2123 * Process tap request
2126 * (m) tap0 - First tap request
2127 * (o) tap1...tap15 - Other tap requests
2129 * Output object with attributes:
2130 * (m) taps - array of object with attributes:
2131 * (m) tap - tap name
2132 * (m) type - tap output type
2134 * for type:stats see sharkd_session_process_tap_stats_cb()
2135 * for type:nstat see sharkd_session_process_tap_nstat_cb()
2136 * for type:conv see sharkd_session_process_tap_conv_cb()
2137 * for type:host see sharkd_session_process_tap_conv_cb()
2138 * for type:rtp-streams see sharkd_session_process_tap_rtp_cb()
2139 * for type:rtp-analyse see sharkd_session_process_tap_rtp_analyse_cb()
2140 * for type:eo see sharkd_session_process_tap_eo_cb()
2141 * for type:expert see sharkd_session_process_tap_expert_cb()
2142 * for type:rtd see sharkd_session_process_tap_rtd_cb()
2143 * for type:srt see sharkd_session_process_tap_srt_cb()
2144 * for type:flow see sharkd_session_process_tap_flow_cb()
2146 * (m) err - error code
2149 sharkd_session_process_tap(char *buf, const jsmntok_t *tokens, int count)
2151 void *taps_data[16];
2152 GFreeFunc taps_free[16];
2156 rtpstream_tapinfo_t rtp_tapinfo =
2157 { NULL, NULL, NULL, NULL, 0, NULL, 0, TAP_ANALYSE, NULL, NULL, NULL, FALSE };
2159 for (i = 0; i < 16; i++)
2162 const char *tok_tap;
2164 void *tap_data = NULL;
2165 GFreeFunc tap_free = NULL;
2166 const char *tap_filter = "";
2167 GString *tap_error = NULL;
2169 ws_snprintf(tapbuf, sizeof(tapbuf), "tap%d", i);
2170 tok_tap = json_find_attr(buf, tokens, count, tapbuf);
2174 if (!strncmp(tok_tap, "stat:", 5))
2176 stats_tree_cfg *cfg = stats_tree_get_cfg_by_abbr(tok_tap + 5);
2181 fprintf(stderr, "sharkd_session_process_tap() stat %s not found\n", tok_tap + 5);
2185 st = stats_tree_new(cfg, NULL, tap_filter);
2187 tap_error = register_tap_listener(st->cfg->tapname, st, st->filter, st->cfg->flags, stats_tree_reset, stats_tree_packet, sharkd_session_process_tap_stats_cb, NULL);
2189 if (!tap_error && cfg->init)
2193 tap_free = sharkd_session_free_tap_stats_cb;
2195 else if (!strcmp(tok_tap, "expert"))
2197 struct sharkd_expert_tap *expert_tap;
2199 expert_tap = g_new0(struct sharkd_expert_tap, 1);
2200 expert_tap->text = g_string_chunk_new(100);
2202 tap_error = register_tap_listener("expert", expert_tap, NULL, 0, NULL, sharkd_session_packet_tap_expert_cb, sharkd_session_process_tap_expert_cb, NULL);
2204 tap_data = expert_tap;
2205 tap_free = sharkd_session_free_tap_expert_cb;
2207 else if (!strncmp(tok_tap, "seqa:", 5))
2209 seq_analysis_info_t *graph_analysis;
2210 register_analysis_t *analysis;
2211 const char *tap_name;
2212 tap_packet_cb tap_func;
2215 analysis = sequence_analysis_find_by_name(tok_tap + 5);
2218 fprintf(stderr, "sharkd_session_process_tap() seq analysis %s not found\n", tok_tap + 5);
2222 graph_analysis = sequence_analysis_info_new();
2223 graph_analysis->name = tok_tap + 5;
2224 /* TODO, make configurable */
2225 graph_analysis->any_addr = FALSE;
2227 tap_name = sequence_analysis_get_tap_listener_name(analysis);
2228 tap_flags = sequence_analysis_get_tap_flags(analysis);
2229 tap_func = sequence_analysis_get_packet_func(analysis);
2231 tap_error = register_tap_listener(tap_name, graph_analysis, NULL, tap_flags, NULL, tap_func, sharkd_session_process_tap_flow_cb, NULL);
2233 tap_data = graph_analysis;
2234 tap_free = sharkd_session_free_tap_flow_cb;
2236 else if (!strncmp(tok_tap, "conv:", 5) || !strncmp(tok_tap, "endpt:", 6))
2238 struct register_ct *ct = NULL;
2239 const char *ct_tapname;
2240 struct sharkd_conv_tap_data *ct_data;
2241 tap_packet_cb tap_func = NULL;
2243 if (!strncmp(tok_tap, "conv:", 5))
2245 ct = get_conversation_by_proto_id(proto_get_id_by_short_name(tok_tap + 5));
2247 if (!ct || !(tap_func = get_conversation_packet_func(ct)))
2249 fprintf(stderr, "sharkd_session_process_tap() conv %s not found\n", tok_tap + 5);
2253 else if (!strncmp(tok_tap, "endpt:", 6))
2255 ct = get_conversation_by_proto_id(proto_get_id_by_short_name(tok_tap + 6));
2257 if (!ct || !(tap_func = get_hostlist_packet_func(ct)))
2259 fprintf(stderr, "sharkd_session_process_tap() endpt %s not found\n", tok_tap + 6);
2265 fprintf(stderr, "sharkd_session_process_tap() conv/endpt(?): %s not found\n", tok_tap);
2269 ct_tapname = proto_get_protocol_filter_name(get_conversation_proto_id(ct));
2271 ct_data = (struct sharkd_conv_tap_data *) g_malloc0(sizeof(struct sharkd_conv_tap_data));
2272 ct_data->type = tok_tap;
2273 ct_data->hash.user_data = ct_data;
2275 /* XXX: make configurable */
2276 ct_data->resolve_name = TRUE;
2277 ct_data->resolve_port = TRUE;
2279 tap_error = register_tap_listener(ct_tapname, &ct_data->hash, tap_filter, 0, NULL, tap_func, sharkd_session_process_tap_conv_cb, NULL);
2281 tap_data = &ct_data->hash;
2282 tap_free = sharkd_session_free_tap_conv_cb;
2284 else if (!strncmp(tok_tap, "nstat:", 6))
2286 stat_tap_table_ui *stat_tap = stat_tap_by_name(tok_tap + 6);
2287 stat_data_t *stat_data;
2291 fprintf(stderr, "sharkd_session_process_tap() nstat=%s not found\n", tok_tap + 6);
2295 stat_tap->stat_tap_init_cb(stat_tap);
2297 stat_data = g_new0(stat_data_t, 1);
2298 stat_data->stat_tap_data = stat_tap;
2299 stat_data->user_data = NULL;
2301 tap_error = register_tap_listener(stat_tap->tap_name, stat_data, tap_filter, 0, NULL, stat_tap->packet_func, sharkd_session_process_tap_nstat_cb, NULL);
2303 tap_data = stat_data;
2304 tap_free = sharkd_session_free_tap_nstat_cb;
2306 else if (!strncmp(tok_tap, "rtd:", 4))
2308 register_rtd_t *rtd = get_rtd_table_by_name(tok_tap + 4);
2309 rtd_data_t *rtd_data;
2314 fprintf(stderr, "sharkd_session_process_tap() rtd=%s not found\n", tok_tap + 4);
2318 rtd_table_get_filter(rtd, "", &tap_filter, &err);
2321 fprintf(stderr, "sharkd_session_process_tap() rtd=%s err=%s\n", tok_tap + 4, err);
2326 rtd_data = g_new0(rtd_data_t, 1);
2327 rtd_data->user_data = rtd;
2328 rtd_table_dissector_init(rtd, &rtd_data->stat_table, NULL, NULL);
2330 tap_error = register_tap_listener(get_rtd_tap_listener_name(rtd), rtd_data, tap_filter, 0, NULL, get_rtd_packet_func(rtd), sharkd_session_process_tap_rtd_cb, NULL);
2332 tap_data = rtd_data;
2333 tap_free = sharkd_session_free_tap_rtd_cb;
2335 else if (!strncmp(tok_tap, "srt:", 4))
2337 register_srt_t *srt = get_srt_table_by_name(tok_tap + 4);
2338 srt_data_t *srt_data;
2343 fprintf(stderr, "sharkd_session_process_tap() srt=%s not found\n", tok_tap + 4);
2347 srt_table_get_filter(srt, "", &tap_filter, &err);
2350 fprintf(stderr, "sharkd_session_process_tap() srt=%s err=%s\n", tok_tap + 4, err);
2355 srt_data = g_new0(srt_data_t, 1);
2356 srt_data->srt_array = g_array_new(FALSE, TRUE, sizeof(srt_stat_table *));
2357 srt_data->user_data = srt;
2358 srt_table_dissector_init(srt, srt_data->srt_array);
2360 tap_error = register_tap_listener(get_srt_tap_listener_name(srt), srt_data, tap_filter, 0, NULL, get_srt_packet_func(srt), sharkd_session_process_tap_srt_cb, NULL);
2362 tap_data = srt_data;
2363 tap_free = sharkd_session_free_tap_srt_cb;
2365 else if (!strncmp(tok_tap, "eo:", 3))
2367 register_eo_t *eo = get_eo_by_name(tok_tap + 3);
2368 export_object_list_t *eo_object;
2369 struct sharkd_export_object_list *object_list;
2373 fprintf(stderr, "sharkd_session_process_tap() eo=%s not found\n", tok_tap + 3);
2377 for (object_list = sharkd_eo_list; object_list; object_list = object_list->next)
2379 if (!strcmp(object_list->type, tok_tap))
2381 g_slist_free_full(object_list->entries, (GDestroyNotify) eo_free_entry);
2382 object_list->entries = NULL;
2389 object_list = g_new(struct sharkd_export_object_list, 1);
2390 object_list->type = g_strdup(tok_tap);
2391 object_list->proto = proto_get_protocol_short_name(find_protocol_by_id(get_eo_proto_id(eo)));
2392 object_list->entries = NULL;
2393 object_list->next = sharkd_eo_list;
2394 sharkd_eo_list = object_list;
2397 eo_object = g_new0(export_object_list_t, 1);
2398 eo_object->add_entry = sharkd_eo_object_list_add_entry;
2399 eo_object->get_entry = sharkd_eo_object_list_get_entry;
2400 eo_object->gui_data = (void *) object_list;
2402 tap_error = register_tap_listener(get_eo_tap_listener_name(eo), eo_object, NULL, 0, NULL, get_eo_packet_func(eo), sharkd_session_process_tap_eo_cb, NULL);
2404 tap_data = eo_object;
2405 tap_free = g_free; /* need to free only eo_object, object_list need to be kept for potential download */
2407 else if (!strcmp(tok_tap, "rtp-streams"))
2409 tap_error = register_tap_listener("rtp", &rtp_tapinfo, tap_filter, 0, rtpstream_reset_cb, rtpstream_packet_cb, sharkd_session_process_tap_rtp_cb, NULL);
2411 tap_data = &rtp_tapinfo;
2412 tap_free = rtpstream_reset_cb;
2414 else if (!strncmp(tok_tap, "rtp-analyse:", 12))
2416 struct sharkd_analyse_rtp *rtp_req;
2418 rtp_req = (struct sharkd_analyse_rtp *) g_malloc0(sizeof(*rtp_req));
2419 if (!sharkd_rtp_match_init(&rtp_req->id, tok_tap + 12))
2421 rtpstream_id_free(&rtp_req->id);
2426 rtp_req->tap_name = tok_tap;
2427 rtp_req->statinfo.first_packet = TRUE;
2428 rtp_req->statinfo.reg_pt = PT_UNDEFINED;
2430 tap_error = register_tap_listener("rtp", rtp_req, tap_filter, 0, NULL, sharkd_session_packet_tap_rtp_analyse_cb, sharkd_session_process_tap_rtp_analyse_cb, NULL);
2433 tap_free = sharkd_session_process_tap_rtp_free_cb;
2437 fprintf(stderr, "sharkd_session_process_tap() %s not recognized\n", tok_tap);
2443 fprintf(stderr, "sharkd_session_process_tap() name=%s error=%s", tok_tap, tap_error->str);
2444 g_string_free(tap_error, TRUE);
2450 taps_data[taps_count] = tap_data;
2451 taps_free[taps_count] = tap_free;
2455 fprintf(stderr, "sharkd_session_process_tap() count=%d\n", taps_count);
2456 if (taps_count == 0)
2459 printf("{\"taps\":[");
2461 printf("null],\"err\":0}\n");
2463 for (i = 0; i < taps_count; i++)
2466 remove_tap_listener(taps_data[i]);
2469 taps_free[i](taps_data[i]);
2474 * sharkd_session_process_follow()
2476 * Process follow request
2479 * (m) follow - follow protocol request (e.g. HTTP)
2480 * (m) filter - filter request (e.g. tcp.stream == 1)
2482 * Output object with attributes:
2484 * (m) err - error code
2485 * (m) shost - server host
2486 * (m) sport - server port
2487 * (m) sbytes - server send bytes count
2488 * (m) chost - client host
2489 * (m) cport - client port
2490 * (m) cbytes - client send bytes count
2491 * (o) payloads - array of object with attributes:
2492 * (o) s - set if server sent, else client
2493 * (m) n - packet number
2494 * (m) d - data base64 encoded
2497 sharkd_session_process_follow(char *buf, const jsmntok_t *tokens, int count)
2499 const char *tok_follow = json_find_attr(buf, tokens, count, "follow");
2500 const char *tok_filter = json_find_attr(buf, tokens, count, "filter");
2502 register_follow_t *follower;
2505 follow_info_t *follow_info;
2509 if (!tok_follow || !tok_filter)
2512 follower = get_follow_by_name(tok_follow);
2515 fprintf(stderr, "sharkd_session_process_follow() follower=%s not found\n", tok_follow);
2519 /* follow_reset_stream ? */
2520 follow_info = g_new0(follow_info_t, 1);
2521 /* gui_data, filter_out_filter not set, but not used by dissector */
2523 tap_error = register_tap_listener(get_follow_tap_string(follower), follow_info, tok_filter, 0, NULL, get_follow_tap_handler(follower), NULL, NULL);
2526 fprintf(stderr, "sharkd_session_process_follow() name=%s error=%s", tok_follow, tap_error->str);
2527 g_string_free(tap_error, TRUE);
2528 g_free(follow_info);
2536 printf("\"err\":0");
2538 /* Server information: hostname, port, bytes sent */
2539 host = address_to_name(&follow_info->server_ip);
2540 printf(",\"shost\":");
2541 json_puts_string(host);
2543 port = get_follow_port_to_display(follower)(NULL, follow_info->server_port);
2544 printf(",\"sport\":");
2545 json_puts_string(port);
2546 wmem_free(NULL, port);
2548 printf(",\"sbytes\":%u", follow_info->bytes_written[0]);
2550 /* Client information: hostname, port, bytes sent */
2551 host = address_to_name(&follow_info->client_ip);
2552 printf(",\"chost\":");
2553 json_puts_string(host);
2555 port = get_follow_port_to_display(follower)(NULL, follow_info->client_port);
2556 printf(",\"cport\":");
2557 json_puts_string(port);
2558 wmem_free(NULL, port);
2560 printf(",\"cbytes\":%u", follow_info->bytes_written[1]);
2562 if (follow_info->payload)
2564 follow_record_t *follow_record;
2566 const char *sepa = "";
2568 printf(",\"payloads\":[");
2570 for (cur = g_list_last(follow_info->payload); cur; cur = g_list_previous(cur))
2572 follow_record = (follow_record_t *) cur->data;
2574 printf("%s{", sepa);
2576 printf("\"n\":%u", follow_record->packet_num);
2579 json_print_base64(follow_record->data->data, follow_record->data->len);
2581 if (follow_record->is_server)
2582 printf(",\"s\":%d", 1);
2593 remove_tap_listener(follow_info);
2594 follow_info_free(follow_info);
2598 sharkd_session_process_frame_cb_tree(epan_dissect_t *edt, proto_tree *tree, tvbuff_t **tvbs, gboolean display_hidden)
2601 const char *sepa = "";
2604 for (node = tree->first_child; node; node = node->next)
2606 field_info *finfo = PNODE_FINFO(node);
2611 if (!display_hidden && FI_GET_FLAG(finfo, FI_HIDDEN))
2614 printf("%s{", sepa);
2619 char label_str[ITEM_LABEL_LENGTH];
2621 label_str[0] = '\0';
2622 proto_item_fill_label(finfo, label_str);
2623 json_puts_string(label_str);
2627 json_puts_string(finfo->rep->representation);
2630 if (finfo->ds_tvb && tvbs && tvbs[0] != finfo->ds_tvb)
2634 for (idx = 1; tvbs[idx]; idx++)
2636 if (tvbs[idx] == finfo->ds_tvb)
2638 printf(",\"ds\":%d", idx);
2644 if (finfo->start >= 0 && finfo->length > 0)
2645 printf(",\"h\":[%d,%d]", finfo->start, finfo->length);
2647 if (finfo->appendix_start >= 0 && finfo->appendix_length > 0)
2648 printf(",\"i\":[%d,%d]", finfo->appendix_start, finfo->appendix_length);
2655 if (finfo->hfinfo->type == FT_PROTOCOL)
2657 printf(",\"t\":\"proto\"");
2659 else if (finfo->hfinfo->type == FT_FRAMENUM)
2661 printf(",\"t\":\"framenum\",\"fnum\":%u", finfo->value.value.uinteger);
2663 else if (FI_GET_FLAG(finfo, FI_URL) && IS_FT_STRING(finfo->hfinfo->type))
2665 char *url = fvalue_to_string_repr(NULL, &finfo->value, FTREPR_DISPLAY, finfo->hfinfo->display);
2667 printf(",\"t\":\"url\",\"url\":");
2668 json_puts_string(url);
2669 wmem_free(NULL, url);
2672 filter = proto_construct_match_selected_string(finfo, edt);
2676 json_puts_string(filter);
2677 wmem_free(NULL, filter);
2681 if (FI_GET_FLAG(finfo, FI_GENERATED))
2682 printf(",\"g\":true");
2684 if (FI_GET_FLAG(finfo, FI_HIDDEN))
2685 printf(",\"v\":true");
2687 if (FI_GET_FLAG(finfo, PI_SEVERITY_MASK))
2689 const char *severity = try_val_to_str(FI_GET_FLAG(finfo, PI_SEVERITY_MASK), expert_severity_vals);
2691 g_assert(severity != NULL);
2693 printf(",\"s\":\"%s\"", severity);
2696 if (((proto_tree *) node)->first_child)
2698 if (finfo->tree_type != -1)
2699 printf(",\"e\":%d", finfo->tree_type);
2701 sharkd_session_process_frame_cb_tree(edt, (proto_tree *) node, tvbs, display_hidden);
2711 sharkd_follower_visit_layers_cb(const void *key _U_, void *value, void *user_data)
2713 register_follow_t *follower = (register_follow_t *) value;
2714 packet_info *pi = (packet_info *) user_data;
2716 const int proto_id = get_follow_proto_id(follower);
2718 guint32 ignore_stream;
2720 if (proto_is_frame_protocol(pi->layers, proto_get_protocol_filter_name(proto_id)))
2722 const char *layer_proto = proto_get_protocol_short_name(find_protocol_by_id(proto_id));
2723 char *follow_filter;
2725 follow_filter = get_follow_conv_func(follower)(pi, &ignore_stream);
2727 printf(",[\"%s\",", layer_proto);
2728 json_puts_string(follow_filter);
2731 g_free(follow_filter);
2737 struct sharkd_frame_request_data
2739 gboolean display_hidden;
2743 sharkd_session_process_frame_cb(epan_dissect_t *edt, proto_tree *tree, struct epan_column_info *cinfo, const GSList *data_src, void *data)
2745 packet_info *pi = &edt->pi;
2746 frame_data *fdata = pi->fd;
2747 const char *pkt_comment = NULL;
2749 const struct sharkd_frame_request_data * const req_data = (const struct sharkd_frame_request_data * const) data;
2750 const gboolean display_hidden = (req_data) ? req_data->display_hidden : FALSE;
2754 printf("\"err\":0");
2756 if (fdata->flags.has_user_comment)
2757 pkt_comment = sharkd_get_user_comment(fdata);
2758 else if (fdata->flags.has_phdr_comment)
2759 pkt_comment = pi->rec->opt_comment;
2763 printf(",\"comment\":");
2764 json_puts_string(pkt_comment);
2769 tvbuff_t **tvbs = NULL;
2771 printf(",\"tree\":");
2773 /* arrayize data src, to speedup searching for ds_tvb index */
2774 if (data_src && data_src->next /* only needed if there are more than one data source */)
2776 guint count = g_slist_length((GSList *) data_src);
2779 tvbs = (tvbuff_t **) g_malloc((count + 1) * sizeof(*tvbs));
2781 for (i = 0; i < count; i++)
2783 const struct data_source *src = (const struct data_source *) g_slist_nth_data((GSList *) data_src, i);
2785 tvbs[i] = get_data_source_tvb(src);
2791 sharkd_session_process_frame_cb_tree(edt, tree, tvbs, display_hidden);
2800 printf(",\"col\":[");
2801 for (col = 0; col < cinfo->num_cols; ++col)
2803 const col_item_t *col_item = &cinfo->columns[col];
2805 printf("%s\"%s\"", (col) ? "," : "", col_item->col_data);
2810 if (fdata->flags.ignored)
2811 printf(",\"i\":true");
2813 if (fdata->flags.marked)
2814 printf(",\"m\":true");
2816 if (fdata->color_filter)
2818 printf(",\"bg\":\"%x\"", color_t_to_rgb(&fdata->color_filter->bg_color));
2819 printf(",\"fg\":\"%x\"", color_t_to_rgb(&fdata->color_filter->fg_color));
2824 struct data_source *src = (struct data_source *) data_src->data;
2825 const char *ds_sepa = NULL;
2830 tvb = get_data_source_tvb(src);
2831 length = tvb_captured_length(tvb);
2833 printf(",\"bytes\":");
2836 const guchar *cp = tvb_get_ptr(tvb, 0, length);
2838 /* XXX pi.fd->flags.encoding */
2839 json_print_base64(cp, length);
2843 json_print_base64("", 0);
2846 data_src = data_src->next;
2849 printf(",\"ds\":[");
2855 src = (struct data_source *) data_src->data;
2858 char *src_name = get_data_source_name(src);
2860 printf("%s{\"name\":", ds_sepa);
2861 json_puts_string(src_name);
2862 wmem_free(NULL, src_name);
2865 tvb = get_data_source_tvb(src);
2866 length = tvb_captured_length(tvb);
2868 printf(",\"bytes\":");
2871 const guchar *cp = tvb_get_ptr(tvb, 0, length);
2873 /* XXX pi.fd->flags.encoding */
2874 json_print_base64(cp, length);
2878 json_print_base64("", 0);
2884 data_src = data_src->next;
2887 /* close ds, only if was opened */
2888 if (ds_sepa != NULL)
2892 printf(",\"fol\":[0");
2893 follow_iterate_followers(sharkd_follower_visit_layers_cb, pi);
2899 #define SHARKD_IOGRAPH_MAX_ITEMS 250000 /* 250k limit of items is taken from wireshark-qt, on x86_64 sizeof(io_graph_item_t) is 152, so single graph can take max 36 MB */
2901 struct sharkd_iograph
2905 io_graph_item_unit_t calc_type;
2911 io_graph_item_t *items;
2916 sharkd_iograph_packet(void *g, packet_info *pinfo, epan_dissect_t *edt, const void *dummy _U_)
2918 struct sharkd_iograph *graph = (struct sharkd_iograph *) g;
2921 idx = get_io_graph_index(pinfo, graph->interval);
2922 if (idx < 0 || idx >= SHARKD_IOGRAPH_MAX_ITEMS)
2925 if (idx + 1 > graph->num_items)
2927 if (idx + 1 > graph->space_items)
2929 int new_size = idx + 1024;
2931 graph->items = (io_graph_item_t *) g_realloc(graph->items, sizeof(io_graph_item_t) * new_size);
2932 reset_io_graph_items(&graph->items[graph->space_items], new_size - graph->space_items);
2934 graph->space_items = new_size;
2936 else if (graph->items == NULL)
2938 graph->items = (io_graph_item_t *) g_malloc(sizeof(io_graph_item_t) * graph->space_items);
2939 reset_io_graph_items(graph->items, graph->space_items);
2942 graph->num_items = idx + 1;
2945 return update_io_graph_item(graph->items, idx, pinfo, edt, graph->hf_index, graph->calc_type, graph->interval);
2949 * sharkd_session_process_iograph()
2951 * Process iograph request
2954 * (o) interval - interval time in ms, if not specified: 1000ms
2955 * (m) graph0 - First graph request
2956 * (o) graph1...graph9 - Other graph requests
2957 * (o) filter0 - First graph filter
2958 * (o) filter1...filter9 - Other graph filters
2960 * Graph requests can be one of: "packets", "bytes", "bits", "sum:<field>", "frames:<field>", "max:<field>", "min:<field>", "avg:<field>", "load:<field>",
2961 * if you use variant with <field>, you need to pass field name in filter request.
2963 * Output object with attributes:
2964 * (m) iograph - array of graph results with attributes:
2965 * errmsg - graph cannot be constructed
2966 * items - graph values, zeros are skipped, if value is not a number it's next index encoded as hex string
2969 sharkd_session_process_iograph(char *buf, const jsmntok_t *tokens, int count)
2971 const char *tok_interval = json_find_attr(buf, tokens, count, "interval");
2972 struct sharkd_iograph graphs[10];
2973 gboolean is_any_ok = FALSE;
2976 guint32 interval_ms = 1000; /* default: one per second */
2981 if (!ws_strtou32(tok_interval, NULL, &interval_ms) || interval_ms == 0)
2983 fprintf(stderr, "Invalid interval parameter: %s.\n", tok_interval);
2988 for (i = graph_count = 0; i < (int) G_N_ELEMENTS(graphs); i++)
2990 struct sharkd_iograph *graph = &graphs[graph_count];
2992 const char *tok_graph;
2993 const char *tok_filter;
2994 char tok_format_buf[32];
2995 const char *field_name;
2997 snprintf(tok_format_buf, sizeof(tok_format_buf), "graph%d", i);
2998 tok_graph = json_find_attr(buf, tokens, count, tok_format_buf);
3002 snprintf(tok_format_buf, sizeof(tok_format_buf), "filter%d", i);
3003 tok_filter = json_find_attr(buf, tokens, count, tok_format_buf);
3005 if (!strcmp(tok_graph, "packets"))
3006 graph->calc_type = IOG_ITEM_UNIT_PACKETS;
3007 else if (!strcmp(tok_graph, "bytes"))
3008 graph->calc_type = IOG_ITEM_UNIT_BYTES;
3009 else if (!strcmp(tok_graph, "bits"))
3010 graph->calc_type = IOG_ITEM_UNIT_BITS;
3011 else if (g_str_has_prefix(tok_graph, "sum:"))
3012 graph->calc_type = IOG_ITEM_UNIT_CALC_SUM;
3013 else if (g_str_has_prefix(tok_graph, "frames:"))
3014 graph->calc_type = IOG_ITEM_UNIT_CALC_FRAMES;
3015 else if (g_str_has_prefix(tok_graph, "fields:"))
3016 graph->calc_type = IOG_ITEM_UNIT_CALC_FIELDS;
3017 else if (g_str_has_prefix(tok_graph, "max:"))
3018 graph->calc_type = IOG_ITEM_UNIT_CALC_MAX;
3019 else if (g_str_has_prefix(tok_graph, "min:"))
3020 graph->calc_type = IOG_ITEM_UNIT_CALC_MIN;
3021 else if (g_str_has_prefix(tok_graph, "avg:"))
3022 graph->calc_type = IOG_ITEM_UNIT_CALC_AVERAGE;
3023 else if (g_str_has_prefix(tok_graph, "load:"))
3024 graph->calc_type = IOG_ITEM_UNIT_CALC_LOAD;
3028 field_name = strchr(tok_graph, ':');
3030 field_name = field_name + 1;
3032 graph->interval = interval_ms;
3034 graph->hf_index = -1;
3035 graph->error = check_field_unit(field_name, &graph->hf_index, graph->calc_type);
3037 graph->space_items = 0; /* TODO, can avoid realloc()s in sharkd_iograph_packet() by calculating: capture_time / interval */
3038 graph->num_items = 0;
3039 graph->items = NULL;
3042 graph->error = register_tap_listener("frame", graph, tok_filter, TL_REQUIRES_PROTO_TREE, NULL, sharkd_iograph_packet, NULL, NULL);
3046 if (graph->error == NULL)
3050 /* retap only if we have at least one ok */
3054 printf("{\"iograph\":[");
3056 for (i = 0; i < graph_count; i++)
3058 struct sharkd_iograph *graph = &graphs[i];
3066 printf("\"errmsg\":");
3067 json_puts_string(graph->error->str);
3068 g_string_free(graph->error, TRUE);
3074 const char *sepa = "";
3076 printf("\"items\":[");
3077 for (idx = 0; idx < graph->num_items; idx++)
3081 val = get_io_graph_item(graph->items, graph->calc_type, idx, graph->hf_index, &cfile, graph->interval, graph->num_items);
3083 /* if it's zero, don't display */
3089 /* cause zeros are not printed, need to output index */
3090 if (next_idx != idx)
3091 printf("\"%x\",", idx);
3101 remove_tap_listener(graph);
3102 g_free(graph->items);
3109 * sharkd_session_process_intervals()
3111 * Process intervals request - generate basic capture file statistics per requested interval.
3114 * (o) interval - interval time in ms, if not specified: 1000ms
3115 * (o) filter - filter for generating interval request
3117 * Output object with attributes:
3118 * (m) intervals - array of intervals, with indexes:
3119 * [0] - index of interval,
3120 * [1] - number of frames during interval,
3121 * [2] - number of bytes during interval.
3123 * (m) last - last interval number.
3124 * (m) frames - total number of frames
3125 * (m) bytes - total number of bytes
3127 * NOTE: If frames are not in order, there might be items with same interval index, or even negative one.
3130 sharkd_session_process_intervals(char *buf, const jsmntok_t *tokens, int count)
3132 const char *tok_interval = json_find_attr(buf, tokens, count, "interval");
3133 const char *tok_filter = json_find_attr(buf, tokens, count, "filter");
3135 const guint8 *filter_data = NULL;
3139 unsigned int frames;
3145 guint32 interval_ms = 1000; /* default: one per second */
3147 const char *sepa = "";
3148 unsigned int framenum;
3154 if (!ws_strtou32(tok_interval, NULL, &interval_ms) || interval_ms == 0)
3156 fprintf(stderr, "Invalid interval parameter: %s.\n", tok_interval);
3163 const struct sharkd_filter_item *filter_item;
3165 filter_item = sharkd_session_filter_data(tok_filter);
3168 filter_data = filter_item->filtered;
3171 st_total.frames = 0;
3179 printf("{\"intervals\":[");
3181 start_ts = (cfile.count >= 1) ? &(sharkd_get_frame(1)->abs_ts) : NULL;
3183 for (framenum = 1; framenum <= cfile.count; framenum++)
3189 if (filter_data && !(filter_data[framenum / 8] & (1 << (framenum % 8))))
3192 fdata = sharkd_get_frame(framenum);
3194 msec_rel = (fdata->abs_ts.secs - start_ts->secs) * (gint64) 1000 + (fdata->abs_ts.nsecs - start_ts->nsecs) / 1000000;
3195 new_idx = msec_rel / interval_ms;
3201 printf("%s[%" G_GINT64_FORMAT ",%u,%" G_GUINT64_FORMAT "]", sepa, idx, st.frames, st.bytes);
3214 st.bytes += fdata->pkt_len;
3216 st_total.frames += 1;
3217 st_total.bytes += fdata->pkt_len;
3222 printf("%s[%" G_GINT64_FORMAT ",%u,%" G_GUINT64_FORMAT "]", sepa, idx, st.frames, st.bytes);
3226 printf("],\"last\":%" G_GINT64_FORMAT ",\"frames\":%u,\"bytes\":%" G_GUINT64_FORMAT "}\n", max_idx, st_total.frames, st_total.bytes);
3230 * sharkd_session_process_frame()
3232 * Process frame request
3235 * (m) frame - requested frame number
3236 * (o) ref_frame - time reference frame number
3237 * (o) prev_frame - previously displayed frame number
3238 * (o) proto - set if output frame tree
3239 * (o) columns - set if output frame columns
3240 * (o) color - set if output color-filter bg/fg
3241 * (o) bytes - set if output frame bytes
3242 * (o) hidden - set if output hidden tree fields
3244 * Output object with attributes:
3245 * (m) err - 0 if succeed
3246 * (o) tree - array of frame nodes with attributes:
3248 * t: 'proto', 'framenum', 'url' - type of node
3251 * e - subtree ett index
3252 * n - array of subtree nodes
3253 * h - two item array: (item start, item length)
3254 * i - two item array: (appendix start, appendix length)
3255 * p - [RESERVED] two item array: (protocol start, protocol length)
3256 * ds- data src index
3257 * url - only for t:'url', url
3258 * fnum - only for t:'framenum', frame number
3259 * g - if field is generated by Wireshark
3260 * v - if field is hidden
3262 * (o) col - array of column data
3263 * (o) bytes - base64 of frame bytes
3264 * (o) ds - array of other data srcs
3265 * (o) comment - frame comment
3266 * (o) fol - array of follow filters:
3268 * [1] - filter string
3269 * (o) i - if frame is ignored
3270 * (o) m - if frame is marked
3271 * (o) bg - color filter - background color in hex
3272 * (o) fg - color filter - foreground color in hex
3275 sharkd_session_process_frame(char *buf, const jsmntok_t *tokens, int count)
3277 const char *tok_frame = json_find_attr(buf, tokens, count, "frame");
3278 const char *tok_ref_frame = json_find_attr(buf, tokens, count, "ref_frame");
3279 const char *tok_prev_frame = json_find_attr(buf, tokens, count, "prev_frame");
3281 guint32 framenum, ref_frame_num, prev_dis_num;
3282 guint32 dissect_flags = SHARKD_DISSECT_FLAG_NULL;
3283 struct sharkd_frame_request_data req_data;
3285 if (!tok_frame || !ws_strtou32(tok_frame, NULL, &framenum) || framenum == 0)
3288 ref_frame_num = (framenum != 1) ? 1 : 0;
3289 if (tok_ref_frame && (!ws_strtou32(tok_ref_frame, NULL, &ref_frame_num) || ref_frame_num > framenum))
3292 prev_dis_num = framenum - 1;
3293 if (tok_prev_frame && (!ws_strtou32(tok_prev_frame, NULL, &prev_dis_num) || prev_dis_num >= framenum))
3296 if (json_find_attr(buf, tokens, count, "proto") != NULL)
3297 dissect_flags |= SHARKD_DISSECT_FLAG_PROTO_TREE;
3298 if (json_find_attr(buf, tokens, count, "bytes") != NULL)
3299 dissect_flags |= SHARKD_DISSECT_FLAG_BYTES;
3300 if (json_find_attr(buf, tokens, count, "columns") != NULL)
3301 dissect_flags |= SHARKD_DISSECT_FLAG_COLUMNS;
3302 if (json_find_attr(buf, tokens, count, "color") != NULL)
3303 dissect_flags |= SHARKD_DISSECT_FLAG_COLOR;
3305 req_data.display_hidden = (json_find_attr(buf, tokens, count, "v") != NULL);
3307 sharkd_dissect_request(framenum, ref_frame_num, prev_dis_num, &sharkd_session_process_frame_cb, dissect_flags, &req_data);
3311 * sharkd_session_process_check()
3313 * Process check request.
3316 * (o) filter - filter to be checked
3318 * Output object with attributes:
3319 * (m) err - always 0
3320 * (o) filter - 'ok', 'warn' or error message
3323 sharkd_session_process_check(char *buf, const jsmntok_t *tokens, int count)
3325 const char *tok_filter = json_find_attr(buf, tokens, count, "filter");
3327 printf("{\"err\":0");
3328 if (tok_filter != NULL)
3330 char *err_msg = NULL;
3333 if (dfilter_compile(tok_filter, &dfp, &err_msg))
3335 const char *s = "ok";
3337 if (dfp && dfilter_deprecated_tokens(dfp))
3340 printf(",\"filter\":\"%s\"", s);
3345 printf(",\"filter\":");
3346 json_puts_string(err_msg);
3355 struct sharkd_session_process_complete_pref_data
3363 sharkd_session_process_complete_pref_cb(module_t *module, gpointer d)
3365 struct sharkd_session_process_complete_pref_data *data = (struct sharkd_session_process_complete_pref_data *) d;
3367 if (strncmp(data->pref, module->name, strlen(data->pref)) != 0)
3370 printf("%s{\"f\":\"%s\",\"d\":\"%s\"}", data->sepa, module->name, module->title);
3377 sharkd_session_process_complete_pref_option_cb(pref_t *pref, gpointer d)
3379 struct sharkd_session_process_complete_pref_data *data = (struct sharkd_session_process_complete_pref_data *) d;
3380 const char *pref_name = prefs_get_name(pref);
3381 const char *pref_title = prefs_get_title(pref);
3383 if (strncmp(data->pref, pref_name, strlen(data->pref)) != 0)
3386 printf("%s{\"f\":\"%s.%s\",\"d\":\"%s\"}", data->sepa, data->module, pref_name, pref_title);
3389 return 0; /* continue */
3393 * sharkd_session_process_complete()
3395 * Process complete request
3398 * (o) field - field to be completed
3399 * (o) pref - preference to be completed
3401 * Output object with attributes:
3402 * (m) err - always 0
3403 * (o) field - array of object with attributes:
3404 * (m) f - field text
3405 * (o) t - field type (FT_ number)
3406 * (o) n - field name
3407 * (o) pref - array of object with attributes:
3409 * (o) d - pref description
3412 sharkd_session_process_complete(char *buf, const jsmntok_t *tokens, int count)
3414 const char *tok_field = json_find_attr(buf, tokens, count, "field");
3415 const char *tok_pref = json_find_attr(buf, tokens, count, "pref");
3417 printf("{\"err\":0");
3418 if (tok_field != NULL && tok_field[0])
3420 const size_t filter_length = strlen(tok_field);
3421 const int filter_with_dot = !!strchr(tok_field, '.');
3426 const char *sepa = "";
3428 printf(",\"field\":[");
3430 for (proto_id = proto_get_first_protocol(&proto_cookie); proto_id != -1; proto_id = proto_get_next_protocol(&proto_cookie))
3432 protocol_t *protocol = find_protocol_by_id(proto_id);
3433 const char *protocol_filter;
3434 const char *protocol_name;
3435 header_field_info *hfinfo;
3437 if (!proto_is_protocol_enabled(protocol))
3440 protocol_name = proto_get_protocol_long_name(protocol);
3441 protocol_filter = proto_get_protocol_filter_name(proto_id);
3443 if (strlen(protocol_filter) >= filter_length && !g_ascii_strncasecmp(tok_field, protocol_filter, filter_length))
3445 printf("%s{", sepa);
3448 json_puts_string(protocol_filter);
3449 printf(",\"t\":%d", FT_PROTOCOL);
3451 json_puts_string(protocol_name);
3457 if (!filter_with_dot)
3460 for (hfinfo = proto_get_first_protocol_field(proto_id, &field_cookie); hfinfo != NULL; hfinfo = proto_get_next_protocol_field(proto_id, &field_cookie))
3462 if (hfinfo->same_name_prev_id != -1) /* ignore duplicate names */
3465 if (strlen(hfinfo->abbrev) >= filter_length && !g_ascii_strncasecmp(tok_field, hfinfo->abbrev, filter_length))
3467 printf("%s{", sepa);
3470 json_puts_string(hfinfo->abbrev);
3472 /* XXX, skip displaying name, if there are multiple (to not confuse user) */
3473 if (hfinfo->same_name_next == NULL)
3475 printf(",\"t\":%d", hfinfo->type);
3477 json_puts_string(hfinfo->name);
3489 if (tok_pref != NULL && tok_pref[0])
3491 struct sharkd_session_process_complete_pref_data data;
3494 data.module = tok_pref;
3495 data.pref = tok_pref;
3498 printf(",\"pref\":[");
3500 if ((dot_sepa = strchr(tok_pref, '.')))
3504 *dot_sepa = '\0'; /* XXX, C abuse: discarding-const */
3505 data.pref = dot_sepa + 1;
3507 pref_mod = prefs_find_module(data.module);
3509 prefs_pref_foreach(pref_mod, sharkd_session_process_complete_pref_option_cb, &data);
3515 prefs_modules_foreach(sharkd_session_process_complete_pref_cb, &data);
3527 * sharkd_session_process_setcomment()
3529 * Process setcomment request
3532 * (m) frame - frame number
3533 * (o) comment - user comment
3535 * Output object with attributes:
3536 * (m) err - error code: 0 succeed
3539 sharkd_session_process_setcomment(char *buf, const jsmntok_t *tokens, int count)
3541 const char *tok_frame = json_find_attr(buf, tokens, count, "frame");
3542 const char *tok_comment = json_find_attr(buf, tokens, count, "comment");
3548 if (!tok_frame || !ws_strtou32(tok_frame, NULL, &framenum) || framenum == 0)
3551 fdata = sharkd_get_frame(framenum);
3555 ret = sharkd_set_user_comment(fdata, tok_comment);
3556 printf("{\"err\":%d}\n", ret);
3560 * sharkd_session_process_setconf()
3562 * Process setconf request
3565 * (m) name - preference name
3566 * (m) value - preference value
3568 * Output object with attributes:
3569 * (m) err - error code: 0 succeed
3572 sharkd_session_process_setconf(char *buf, const jsmntok_t *tokens, int count)
3574 const char *tok_name = json_find_attr(buf, tokens, count, "name");
3575 const char *tok_value = json_find_attr(buf, tokens, count, "value");
3577 char *errmsg = NULL;
3579 prefs_set_pref_e ret;
3581 if (!tok_name || tok_name[0] == '\0' || !tok_value)
3584 ws_snprintf(pref, sizeof(pref), "%s:%s", tok_name, tok_value);
3586 ret = prefs_set_pref(pref, &errmsg);
3587 printf("{\"err\":%d", ret);
3590 /* Add error message for some syntax errors. */
3591 printf(",\"errmsg\":");
3592 json_puts_string(errmsg);
3598 struct sharkd_session_process_dumpconf_data
3605 sharkd_session_process_dumpconf_cb(pref_t *pref, gpointer d)
3607 struct sharkd_session_process_dumpconf_data *data = (struct sharkd_session_process_dumpconf_data *) d;
3608 const char *pref_name = prefs_get_name(pref);
3610 printf("%s\"%s.%s\":{", data->sepa, data->module->name, pref_name);
3612 switch (prefs_get_type(pref))
3615 case PREF_DECODE_AS_UINT:
3616 printf("\"u\":%u", prefs_get_uint_value_real(pref, pref_current));
3617 if (prefs_get_uint_base(pref) != 10)
3618 printf(",\"ub\":%u", prefs_get_uint_base(pref));
3622 printf("\"b\":%s", prefs_get_bool_value(pref, pref_current) ? "1" : "0");
3626 case PREF_SAVE_FILENAME:
3627 case PREF_OPEN_FILENAME:
3630 json_puts_string(prefs_get_string_value(pref, pref_current));
3635 const enum_val_t *enums;
3636 const char *enum_sepa = "";
3639 for (enums = prefs_get_enumvals(pref); enums->name; enums++)
3641 printf("%s{\"v\":%d", enum_sepa, enums->value);
3643 if (enums->value == prefs_get_enum_value(pref, pref_current))
3647 json_puts_string(enums->description);
3657 case PREF_DECODE_AS_RANGE:
3659 char *range_str = range_convert_range(NULL, prefs_get_range_value_real(pref, pref_current));
3660 printf("\"r\":\"%s\"", range_str);
3661 wmem_free(NULL, range_str);
3667 uat_t *uat = prefs_get_uat_value(pref);
3671 for (idx = 0; idx < uat->raw_data->len; idx++)
3673 void *rec = UAT_INDEX_PTR(uat, idx);
3680 for (colnum = 0; colnum < uat->ncols; colnum++)
3682 char *str = uat_fld_tostr(rec, &(uat->fields[colnum]));
3687 json_puts_string(str);
3700 case PREF_STATIC_TEXT:
3708 json_puts_string(prefs_get_title(pref));
3714 return 0; /* continue */
3718 sharkd_session_process_dumpconf_mod_cb(module_t *module, gpointer d)
3720 struct sharkd_session_process_dumpconf_data *data = (struct sharkd_session_process_dumpconf_data *) d;
3722 data->module = module;
3723 prefs_pref_foreach(module, sharkd_session_process_dumpconf_cb, data);
3729 * sharkd_session_process_dumpconf()
3731 * Process dumpconf request
3734 * (o) pref - module, or preference, NULL for all
3736 * Output object with attributes:
3737 * (o) prefs - object with module preferences
3738 * (m) [KEY] - preference name
3739 * (o) u - preference value (for PREF_UINT, PREF_DECODE_AS_UINT)
3740 * (o) ub - preference value suggested base for display (for PREF_UINT, PREF_DECODE_AS_UINT) and if different than 10
3741 * (o) b - preference value (only for PREF_BOOL) (1 true, 0 false)
3742 * (o) s - preference value (for PREF_STRING, PREF_SAVE_FILENAME, PREF_OPEN_FILENAME, PREF_DIRNAME)
3743 * (o) e - preference possible values (only for PREF_ENUM)
3744 * (o) r - preference value (for PREF_RANGE, PREF_DECODE_AS_RANGE)
3745 * (o) t - preference value (only for PREF_UAT)
3748 sharkd_session_process_dumpconf(char *buf, const jsmntok_t *tokens, int count)
3750 const char *tok_pref = json_find_attr(buf, tokens, count, "pref");
3756 struct sharkd_session_process_dumpconf_data data;
3761 printf("{\"prefs\":{");
3762 prefs_modules_foreach(sharkd_session_process_dumpconf_mod_cb, &data);
3767 if ((dot_sepa = strchr(tok_pref, '.')))
3769 pref_t *pref = NULL;
3771 *dot_sepa = '\0'; /* XXX, C abuse: discarding-const */
3772 pref_mod = prefs_find_module(tok_pref);
3774 pref = prefs_find_preference(pref_mod, dot_sepa + 1);
3779 struct sharkd_session_process_dumpconf_data data;
3781 data.module = pref_mod;
3784 printf("{\"prefs\":{");
3785 sharkd_session_process_dumpconf_cb(pref, &data);
3792 pref_mod = prefs_find_module(tok_pref);
3795 struct sharkd_session_process_dumpconf_data data;
3797 data.module = pref_mod;
3800 printf("{\"prefs\":{");
3801 prefs_pref_foreach(pref_mod, sharkd_session_process_dumpconf_cb, &data);
3806 struct sharkd_download_rtp
3814 sharkd_rtp_download_free_items(void *ptr)
3816 rtp_packet_t *rtp_packet = (rtp_packet_t *) ptr;
3818 g_free(rtp_packet->info);
3819 g_free(rtp_packet->payload_data);
3824 sharkd_rtp_download_decode(struct sharkd_download_rtp *req)
3826 /* based on RtpAudioStream::decode() 6e29d874f8b5e6ebc59f661a0bb0dab8e56f122a */
3827 /* TODO, for now only without silence (timing_mode_ = Uninterrupted) */
3829 static const int sample_bytes_ = sizeof(SAMPLE) / sizeof(char);
3831 guint32 audio_out_rate_ = 0;
3832 struct _GHashTable *decoders_hash_ = rtp_decoder_hash_table_new();
3833 struct SpeexResamplerState_ *audio_resampler_ = NULL;
3835 gsize resample_buff_len = 0x1000;
3836 SAMPLE *resample_buff = (SAMPLE *) g_malloc(resample_buff_len);
3837 spx_uint32_t cur_in_rate = 0;
3838 char *write_buff = NULL;
3839 gint64 write_bytes = 0;
3840 unsigned channels = 0;
3841 unsigned sample_rate = 0;
3844 int base64_state1 = 0;
3845 int base64_state2 = 0;
3849 for (l = req->packets; l; l = l->next)
3851 rtp_packet_t *rtp_packet = (rtp_packet_t *) l->data;
3853 SAMPLE *decode_buff = NULL;
3854 size_t decoded_bytes;
3856 decoded_bytes = decode_rtp_packet(rtp_packet, &decode_buff, decoders_hash_, &channels, &sample_rate);
3857 if (decoded_bytes == 0 || sample_rate == 0)
3859 /* We didn't decode anything. Clean up and prep for the next packet. */
3860 g_free(decode_buff);
3864 if (audio_out_rate_ == 0)
3870 /* First non-zero wins */
3871 audio_out_rate_ = sample_rate;
3873 RTP_STREAM_DEBUG("Audio sample rate is %u", audio_out_rate_);
3875 /* write WAVE header */
3876 memset(&wav_hdr, 0, sizeof(wav_hdr));
3877 memcpy(&wav_hdr[0], "RIFF", 4);
3878 memcpy(&wav_hdr[4], "\xFF\xFF\xFF\xFF", 4); /* XXX, unknown */
3879 memcpy(&wav_hdr[8], "WAVE", 4);
3881 memcpy(&wav_hdr[12], "fmt ", 4);
3882 memcpy(&wav_hdr[16], "\x10\x00\x00\x00", 4); /* PCM */
3883 memcpy(&wav_hdr[20], "\x01\x00", 2); /* PCM */
3886 memcpy(&wav_hdr[22], &tmp16, 2);
3888 tmp32 = sample_rate;
3889 memcpy(&wav_hdr[24], &tmp32, 4);
3891 tmp32 = sample_rate * channels * sample_bytes_;
3892 memcpy(&wav_hdr[28], &tmp32, 4);
3894 tmp16 = channels * sample_bytes_;
3895 memcpy(&wav_hdr[32], &tmp16, 2);
3896 /* bits per sample */
3897 tmp16 = 8 * sample_bytes_;
3898 memcpy(&wav_hdr[34], &tmp16, 2);
3900 memcpy(&wav_hdr[36], "data", 4);
3901 memcpy(&wav_hdr[40], "\xFF\xFF\xFF\xFF", 4); /* XXX, unknown */
3903 for (i = 0; i < (int) sizeof(wav_hdr); i++)
3904 json_print_base64_step(&wav_hdr[i], &base64_state1, &base64_state2);
3907 // Write samples to our file.
3908 write_buff = (char *) decode_buff;
3909 write_bytes = decoded_bytes;
3911 if (audio_out_rate_ != sample_rate)
3913 spx_uint32_t in_len, out_len;
3915 /* Resample the audio to match our previous output rate. */
3916 if (!audio_resampler_)
3918 audio_resampler_ = speex_resampler_init(1, sample_rate, audio_out_rate_, 10, NULL);
3919 speex_resampler_skip_zeros(audio_resampler_);
3920 RTP_STREAM_DEBUG("Started resampling from %u to (out) %u Hz.", sample_rate, audio_out_rate_);
3924 spx_uint32_t audio_out_rate;
3925 speex_resampler_get_rate(audio_resampler_, &cur_in_rate, &audio_out_rate);
3927 if (sample_rate != cur_in_rate)
3929 speex_resampler_set_rate(audio_resampler_, sample_rate, audio_out_rate);
3930 RTP_STREAM_DEBUG("Changed input rate from %u to %u Hz. Out is %u.", cur_in_rate, sample_rate, audio_out_rate_);
3933 in_len = (spx_uint32_t)rtp_packet->info->info_payload_len;
3934 out_len = (audio_out_rate_ * (spx_uint32_t)rtp_packet->info->info_payload_len / sample_rate) + (audio_out_rate_ % sample_rate != 0);
3935 if (out_len * sample_bytes_ > resample_buff_len)
3937 while ((out_len * sample_bytes_ > resample_buff_len))
3938 resample_buff_len *= 2;
3939 resample_buff = (SAMPLE *) g_realloc(resample_buff, resample_buff_len);
3942 speex_resampler_process_int(audio_resampler_, 0, decode_buff, &in_len, resample_buff, &out_len);
3943 write_buff = (char *) resample_buff;
3944 write_bytes = out_len * sample_bytes_;
3947 /* Write the decoded, possibly-resampled audio */
3948 for (i = 0; i < write_bytes; i++)
3949 json_print_base64_step(&write_buff[i], &base64_state1, &base64_state2);
3951 g_free(decode_buff);
3954 json_print_base64_step(NULL, &base64_state1, &base64_state2);
3956 g_free(resample_buff);
3957 g_hash_table_destroy(decoders_hash_);
3961 sharkd_session_packet_download_tap_rtp_cb(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_, const void *data)
3963 const struct _rtp_info *rtp_info = (const struct _rtp_info *) data;
3964 struct sharkd_download_rtp *req_rtp = (struct sharkd_download_rtp *) tapdata;
3966 /* do not consider RTP packets without a setup frame */
3967 if (rtp_info->info_setup_frame_num == 0)
3970 if (rtpstream_id_equal_pinfo_rtp_info(&req_rtp->id, pinfo, rtp_info))
3972 rtp_packet_t *rtp_packet;
3974 rtp_packet = g_new0(rtp_packet_t, 1);
3975 rtp_packet->info = (struct _rtp_info *) g_memdup(rtp_info, sizeof(struct _rtp_info));
3977 if (rtp_info->info_all_data_present && rtp_info->info_payload_len != 0)
3978 rtp_packet->payload_data = (guint8 *) g_memdup(&(rtp_info->info_data[rtp_info->info_payload_offset]), rtp_info->info_payload_len);
3980 if (!req_rtp->packets)
3981 req_rtp->start_time = nstime_to_sec(&pinfo->abs_ts);
3983 rtp_packet->frame_num = pinfo->num;
3984 rtp_packet->arrive_offset = nstime_to_sec(&pinfo->abs_ts) - req_rtp->start_time;
3986 /* XXX, O(n) optimize */
3987 req_rtp->packets = g_slist_append(req_rtp->packets, rtp_packet);
3994 * sharkd_session_process_download()
3996 * Process download request
3999 * (m) token - token to download
4001 * Output object with attributes:
4002 * (o) file - suggested name of file
4003 * (o) mime - suggested content type
4004 * (o) data - payload base64 encoded
4007 sharkd_session_process_download(char *buf, const jsmntok_t *tokens, int count)
4009 const char *tok_token = json_find_attr(buf, tokens, count, "token");
4014 if (!strncmp(tok_token, "eo:", 3))
4016 struct sharkd_export_object_list *object_list;
4017 const export_object_entry_t *eo_entry = NULL;
4019 for (object_list = sharkd_eo_list; object_list; object_list = object_list->next)
4021 size_t eo_type_len = strlen(object_list->type);
4023 if (!strncmp(tok_token, object_list->type, eo_type_len) && tok_token[eo_type_len] == '_')
4027 if (sscanf(&tok_token[eo_type_len + 1], "%d", &row) != 1)
4030 eo_entry = (export_object_entry_t *) g_slist_nth_data(object_list->entries, row);
4037 const char *mime = (eo_entry->content_type) ? eo_entry->content_type : "application/octet-stream";
4038 const char *filename = (eo_entry->filename) ? eo_entry->filename : tok_token;
4040 printf("{\"file\":");
4041 json_puts_string(filename);
4042 printf(",\"mime\":");
4043 json_puts_string(mime);
4044 printf(",\"data\":");
4045 json_print_base64(eo_entry->payload_data, (size_t) eo_entry->payload_len);
4049 else if (!strcmp(tok_token, "ssl-secrets"))
4051 char *str = ssl_export_sessions();
4055 const char *mime = "text/plain";
4056 const char *filename = "keylog.txt";
4058 printf("{\"file\":");
4059 json_puts_string(filename);
4060 printf(",\"mime\":");
4061 json_puts_string(mime);
4062 printf(",\"data\":");
4063 json_print_base64(str, strlen(str));
4068 else if (!strncmp(tok_token, "rtp:", 4))
4070 struct sharkd_download_rtp rtp_req;
4073 memset(&rtp_req, 0, sizeof(rtp_req));
4074 if (!sharkd_rtp_match_init(&rtp_req.id, tok_token + 4))
4076 fprintf(stderr, "sharkd_session_process_download() rtp tokenizing error %s\n", tok_token);
4080 tap_error = register_tap_listener("rtp", &rtp_req, NULL, 0, NULL, sharkd_session_packet_download_tap_rtp_cb, NULL, NULL);
4083 fprintf(stderr, "sharkd_session_process_download() rtp error=%s", tap_error->str);
4084 g_string_free(tap_error, TRUE);
4089 remove_tap_listener(&rtp_req);
4091 if (rtp_req.packets)
4093 const char *mime = "audio/x-wav";
4094 const char *filename = tok_token;
4096 printf("{\"file\":");
4097 json_puts_string(filename);
4098 printf(",\"mime\":");
4099 json_puts_string(mime);
4101 printf(",\"data\":");
4103 sharkd_rtp_download_decode(&rtp_req);
4108 g_slist_free_full(rtp_req.packets, sharkd_rtp_download_free_items);
4114 sharkd_session_process(char *buf, const jsmntok_t *tokens, int count)
4118 /* sanity check, and split strings */
4119 if (count < 1 || tokens[0].type != JSMN_OBJECT)
4121 fprintf(stderr, "sanity check(1): [0] not object\n");
4125 /* don't need [0] token */
4131 fprintf(stderr, "sanity check(2): %d not even\n", count);
4135 for (i = 0; i < count; i += 2)
4137 if (tokens[i].type != JSMN_STRING)
4139 fprintf(stderr, "sanity check(3): [%d] not string\n", i);
4143 if (tokens[i + 1].type != JSMN_STRING && tokens[i + 1].type != JSMN_PRIMITIVE)
4145 fprintf(stderr, "sanity check(3a): [%d] wrong type\n", i + 1);
4149 buf[tokens[i + 0].end] = '\0';
4150 buf[tokens[i + 1].end] = '\0';
4152 /* unescape only value, as keys are simple strings */
4153 if (tokens[i + 1].type == JSMN_STRING && !json_unescape_str(&buf[tokens[i + 1].start]))
4155 fprintf(stderr, "sanity check(3b): [%d] cannot unescape string\n", i + 1);
4161 const char *tok_req = json_find_attr(buf, tokens, count, "req");
4165 fprintf(stderr, "sanity check(4): no \"req\".\n");
4169 if (!strcmp(tok_req, "load"))
4170 sharkd_session_process_load(buf, tokens, count);
4171 else if (!strcmp(tok_req, "status"))
4172 sharkd_session_process_status();
4173 else if (!strcmp(tok_req, "analyse"))
4174 sharkd_session_process_analyse();
4175 else if (!strcmp(tok_req, "info"))
4176 sharkd_session_process_info();
4177 else if (!strcmp(tok_req, "check"))
4178 sharkd_session_process_check(buf, tokens, count);
4179 else if (!strcmp(tok_req, "complete"))
4180 sharkd_session_process_complete(buf, tokens, count);
4181 else if (!strcmp(tok_req, "frames"))
4182 sharkd_session_process_frames(buf, tokens, count);
4183 else if (!strcmp(tok_req, "tap"))
4184 sharkd_session_process_tap(buf, tokens, count);
4185 else if (!strcmp(tok_req, "follow"))
4186 sharkd_session_process_follow(buf, tokens, count);
4187 else if (!strcmp(tok_req, "iograph"))
4188 sharkd_session_process_iograph(buf, tokens, count);
4189 else if (!strcmp(tok_req, "intervals"))
4190 sharkd_session_process_intervals(buf, tokens, count);
4191 else if (!strcmp(tok_req, "frame"))
4192 sharkd_session_process_frame(buf, tokens, count);
4193 else if (!strcmp(tok_req, "setcomment"))
4194 sharkd_session_process_setcomment(buf, tokens, count);
4195 else if (!strcmp(tok_req, "setconf"))
4196 sharkd_session_process_setconf(buf, tokens, count);
4197 else if (!strcmp(tok_req, "dumpconf"))
4198 sharkd_session_process_dumpconf(buf, tokens, count);
4199 else if (!strcmp(tok_req, "download"))
4200 sharkd_session_process_download(buf, tokens, count);
4201 else if (!strcmp(tok_req, "bye"))
4204 fprintf(stderr, "::: req = %s\n", tok_req);
4206 /* reply for every command are 0+ lines of JSON reply (outputed above), finished by empty new line */
4210 * We do an explicit fflush after every line, because
4211 * we want output to be written to the socket as soon
4212 * as the line is complete.
4214 * The stream is fully-buffered by default, so it's
4215 * only flushed when the buffer fills or the FILE *
4216 * is closed. On UN*X, we could set it to be line
4217 * buffered, but the MSVC standard I/O routines don't
4218 * support line buffering - they only support *byte*
4219 * buffering, doing a write for every byte written,
4220 * which is too inefficient, and full buffering,
4221 * which is what you get if you request line buffering.
4228 sharkd_session_main(void)
4231 jsmntok_t *tokens = NULL;
4232 int tokens_max = -1;
4234 fprintf(stderr, "Hello in child.\n");
4236 filter_table = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, sharkd_session_filter_free);
4238 #ifdef HAVE_MAXMINDDB
4239 /* mmdbresolve was stopped before fork(), force starting it */
4240 uat_get_table_by_name("MaxMind Database Paths")->post_update_cb();
4243 while (fgets(buf, sizeof(buf), stdin))
4245 /* every command is line seperated JSON */
4248 ret = wsjson_parse(buf, NULL, 0);
4251 fprintf(stderr, "invalid JSON -> closing\n");
4255 /* fprintf(stderr, "JSON: %d tokens\n", ret); */
4258 if (tokens == NULL || tokens_max < ret)
4261 tokens = (jsmntok_t *) g_realloc(tokens, sizeof(jsmntok_t) * tokens_max);
4264 memset(tokens, 0, ret * sizeof(jsmntok_t));
4266 ret = wsjson_parse(buf, tokens, ret);
4269 fprintf(stderr, "invalid JSON(2) -> closing\n");
4273 #if defined(HAVE_C_ARES) || defined(HAVE_MAXMINDDB)
4274 host_name_lookup_process();
4277 sharkd_session_process(buf, tokens, ret);
4280 g_hash_table_destroy(filter_table);
4287 * Editor modelines - http://www.wireshark.org/tools/modelines.html
4292 * indent-tabs-mode: t
4295 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
4296 * :indentSize=8:tabSize=8:noTabs=false:
git.samba.org / gd / wireshark / .git / blob