2 * Routines for building lists of packets that are part of a "conversation"
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #ifndef __CONVERSATION_H__
24 #define __CONVERSATION_H__
26 #include "ws_symbol_export.h"
30 #endif /* __cplusplus */
36 * Flags to pass to "conversation_new()" to indicate that the address 2
37 * and/or port 2 values for the conversation should be wildcards.
38 * The CONVERSATION_TEMPLATE option tells that any of the other supplied
39 * port and / or address wildcards will be used to match an infinite number
40 * of new connections to the conversation(s) that have the CONVERSATION_-
41 * TEMPLATE flag set. Any conversation created without the CONVERSATION_-
42 * TEMPLATE flag will be altered once the first connections (connection
43 * oriented protocols only) to include the newly found information which
44 * matched the wildcard options.
48 #define NO_PORT2_FORCE 0x04
49 #define CONVERSATION_TEMPLATE 0x08
52 * Flags to pass to "find_conversation()" to indicate that the address B
53 * and/or port B search arguments are wildcards.
55 #define NO_ADDR_B 0x01
56 #define NO_PORT_B 0x02
58 /* Flags to handle endpoints */
59 #define USE_LAST_ENDPOINT 0x08 /* Use last endpoint created, regardless of type */
61 #include "packet.h" /* for conversation dissector type */
63 /* Types of port numbers Wireshark knows about. */
65 ENDPOINT_NONE, /* no endpoint */
66 ENDPOINT_SCTP, /* SCTP */
67 ENDPOINT_TCP, /* TCP */
68 ENDPOINT_UDP, /* UDP */
69 ENDPOINT_DCCP, /* DCCP */
70 ENDPOINT_IPX, /* IPX sockets */
71 ENDPOINT_NCP, /* NCP connection */
72 ENDPOINT_EXCHG, /* Fibre Channel exchange */
73 ENDPOINT_DDP, /* DDP AppleTalk connection */
74 ENDPOINT_SBCCS, /* FICON */
75 ENDPOINT_IDP, /* XNS IDP sockets */
76 ENDPOINT_TIPC, /* TIPC PORT */
77 ENDPOINT_USB, /* USB endpoint 0xffff means the host */
79 ENDPOINT_IBQP, /* Infiniband QP number */
84 ENDPOINT_ISDN, /* ISDN channel number */
85 ENDPOINT_H223, /* H.223 logical channel number */
86 ENDPOINT_X25, /* X.25 logical channel number */
87 ENDPOINT_IAX2, /* IAX2 call id */
88 ENDPOINT_DLCI, /* Frame Relay DLCI */
89 ENDPOINT_ISUP, /* ISDN User Part CIC */
90 ENDPOINT_BICC, /* BICC Circuit identifier */
96 * Data structure representing a conversation.
98 struct conversation_key;
99 typedef struct conversation_key* conversation_key_t;
101 typedef struct conversation {
102 struct conversation *next; /** pointer to next conversation on hash chain */
103 struct conversation *last; /** pointer to the last conversation on hash chain */
104 struct conversation *latest_found;
105 /** pointer to the last conversation on hash chain */
106 guint32 conv_index; /** unique ID for conversation */
107 guint32 setup_frame; /** frame number that setup this conversation */
108 /* Assume that setup_frame is also the lowest frame number for now. */
109 guint32 last_frame; /** highest frame number in this conversation */
110 wmem_tree_t *data_list; /** list of data associated with conversation */
111 wmem_tree_t *dissector_tree;
112 /** tree containing protocol dissector client associated with conversation */
113 guint options; /** wildcard flags */
114 conversation_key_t key_ptr; /** pointer to the key for this conversation */
119 typedef struct endpoint* endpoint_t;
121 WS_DLL_PUBLIC address* conversation_key_addr1(const conversation_key_t key);
122 WS_DLL_PUBLIC address* conversation_key_addr2(const conversation_key_t key);
123 WS_DLL_PUBLIC guint32 conversation_key_port1(const conversation_key_t key);
124 WS_DLL_PUBLIC guint32 conversation_key_port2(const conversation_key_t key);
127 * Create a new hash tables for conversations.
129 extern void conversation_init(void);
132 * Initialize some variables every time a file is loaded or re-loaded.
134 extern void conversation_epan_reset(void);
137 * Given two address/port pairs for a packet, create a new conversation
138 * to contain packets between those address/port pairs.
140 * The options field is used to specify whether the address 2 value
141 * and/or port 2 value are not given and any value is acceptable
142 * when searching for this conversation.
144 WS_DLL_PUBLIC conversation_t *conversation_new(const guint32 setup_frame, const address *addr1, const address *addr2,
145 const endpoint_type etype, const guint32 port1, const guint32 port2, const guint options);
147 WS_DLL_PUBLIC conversation_t *conversation_new_by_id(const guint32 setup_frame, const endpoint_type etype, const guint32 id, const guint options);
150 * Given two address/port pairs for a packet, search for a conversation
151 * containing packets between those address/port pairs. Returns NULL if
154 * We try to find the most exact match that we can, and then proceed to
155 * try wildcard matches on the "addr_b" and/or "port_b" argument if a more
156 * exact match failed.
158 * Either or both of the "addr_b" and "port_b" arguments may be specified as
159 * a wildcard by setting the NO_ADDR_B or NO_PORT_B flags in the "options"
160 * argument. We do only wildcard matches on addresses and ports specified
165 * if neither "addr_b" nor "port_b" were specified as wildcards, we
166 * do an exact match (addr_a/port_a and addr_b/port_b) and, if that
167 * succeeds, we return a pointer to the matched conversation;
169 * otherwise, if "port_b" wasn't specified as a wildcard, we try to
170 * match any address 2 with the specified port 2 (addr_a/port_a and
171 * {any}/addr_b) and, if that succeeds, we return a pointer to the
172 * matched conversation;
174 * otherwise, if "addr_b" wasn't specified as a wildcard, we try to
175 * match any port 2 with the specified address 2 (addr_a/port_a and
176 * addr_b/{any}) and, if that succeeds, we return a pointer to the
177 * matched conversation;
179 * otherwise, we try to match any address 2 and any port 2
180 * (addr_a/port_a and {any}/{any}) and, if that succeeds, we return
181 * a pointer to the matched conversation;
183 * otherwise, we found no matching conversation, and return NULL.
185 WS_DLL_PUBLIC conversation_t *find_conversation(const guint32 frame_num, const address *addr_a, const address *addr_b,
186 const endpoint_type etype, const guint32 port_a, const guint32 port_b, const guint options);
188 WS_DLL_PUBLIC conversation_t *find_conversation_by_id(const guint32 frame, const endpoint_type etype, const guint32 id, const guint options);
190 /** A helper function that calls find_conversation() using data from pinfo
191 * The frame number and addresses are taken from pinfo.
193 WS_DLL_PUBLIC conversation_t *find_conversation_pinfo(packet_info *pinfo, const guint options);
195 /** A helper function that calls find_conversation() and, if a conversation is
196 * not found, calls conversation_new().
197 * The frame number and addresses are taken from pinfo.
198 * No options are used, though we could extend this API to include an options
201 WS_DLL_PUBLIC conversation_t *find_or_create_conversation(packet_info *pinfo);
203 WS_DLL_PUBLIC void conversation_add_proto_data(conversation_t *conv, const int proto,
205 WS_DLL_PUBLIC void *conversation_get_proto_data(const conversation_t *conv, const int proto);
206 WS_DLL_PUBLIC void conversation_delete_proto_data(conversation_t *conv, const int proto);
208 WS_DLL_PUBLIC void conversation_set_dissector(conversation_t *conversation,
209 const dissector_handle_t handle);
211 WS_DLL_PUBLIC void conversation_set_dissector_from_frame_number(conversation_t *conversation,
212 const guint32 starting_frame_num, const dissector_handle_t handle);
214 WS_DLL_PUBLIC dissector_handle_t conversation_get_dissector(conversation_t *conversation,
215 const guint32 frame_num);
217 WS_DLL_PUBLIC void conversation_create_endpoint(struct _packet_info *pinfo, address* addr1, address* addr2,
218 endpoint_type etype, guint32 port1, guint32 port2, const guint options);
220 WS_DLL_PUBLIC void conversation_create_endpoint_by_id(struct _packet_info *pinfo,
221 endpoint_type etype, guint32 id, const guint options);
223 WS_DLL_PUBLIC guint32 conversation_get_endpoint_by_id(struct _packet_info *pinfo,
224 endpoint_type etype, const guint options);
227 * Given two address/port pairs for a packet, search for a matching
228 * conversation and, if found and it has a conversation dissector,
229 * call that dissector and return TRUE, otherwise return FALSE.
231 * This helper uses call_dissector_only which will NOT call the default
232 * "data" dissector if the packet was rejected.
233 * Our caller is responsible to call the data dissector explicitly in case
234 * this function returns FALSE.
237 try_conversation_dissector(const address *addr_a, const address *addr_b, const endpoint_type etype,
238 const guint32 port_a, const guint32 port_b, tvbuff_t *tvb, packet_info *pinfo,
239 proto_tree *tree, void* data);
242 try_conversation_dissector_by_id(const endpoint_type etype, const guint32 id, tvbuff_t *tvb,
243 packet_info *pinfo, proto_tree *tree, void* data);
245 /* These routines are used to set undefined values for a conversation */
247 extern void conversation_set_port2(conversation_t *conv, const guint32 port);
248 extern void conversation_set_addr2(conversation_t *conv, const address *addr);
251 wmem_map_t *get_conversation_hashtable_exact(void);
254 wmem_map_t *get_conversation_hashtable_no_addr2(void);
257 wmem_map_t * get_conversation_hashtable_no_port2(void);
260 wmem_map_t *get_conversation_hashtable_no_addr2_or_port2(void);
262 /* Temporary function to handle port_type to endpoint_type conversion
263 For now it's a 1-1 mapping, but the intention is to remove
264 many of the port_type instances in favor of endpoint_type
267 endpoint_type conversation_pt_to_endpoint_type(port_type pt);
270 conversation_hash_exact(gconstpointer v);
272 /* Provide a wmem_alloced (NULL scope) hash string using HTML tags */
274 conversation_get_html_hash(const conversation_key_t key);
278 #endif /* __cplusplus */
280 #endif /* conversation.h */