1 /* conversations_table.c
2 * conversations_table 2003 Ronnie Sahlberg
3 * Helper routines common to all endpoint conversations tap.
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include "packet_info.h"
30 #include "conversation_table.h"
31 #include "addr_resolv.h"
33 #include "stat_tap_ui.h"
36 gboolean hide_ports; /* hide TCP / UDP port columns */
37 int proto_id; /* protocol id (0-indexed) */
38 tap_packet_cb conv_func; /* function to be called for new incoming packets for conversation*/
39 tap_packet_cb host_func; /* function to be called for new incoming packets for hostlist */
40 conv_gui_init_cb conv_gui_init; /* GUI specific function to initialize conversation */
41 host_gui_init_cb host_gui_init; /* GUI specific function to initialize hostlist */
44 gboolean get_conversation_hide_ports(register_ct_t* ct)
46 return ct->hide_ports;
49 int get_conversation_proto_id(register_ct_t* ct)
57 tap_packet_cb get_conversation_packet_func(register_ct_t* ct)
62 tap_packet_cb get_hostlist_packet_func(register_ct_t* ct)
67 static GSList *registered_ct_tables = NULL;
70 dissector_conversation_init(const char *opt_arg, void* userdata)
72 register_ct_t *table = (register_ct_t*)userdata;
73 GString *cmd_str = g_string_new("conv,");
74 const char *filter=NULL;
76 g_string_append(cmd_str, proto_get_protocol_filter_name(table->proto_id));
77 if(!strncmp(opt_arg, cmd_str->str, cmd_str->len)){
78 if (opt_arg[cmd_str->len] == ',') {
79 filter = opt_arg + cmd_str->len + 1;
82 g_string_free(cmd_str, TRUE);
84 if (table->conv_gui_init)
85 table->conv_gui_init(table, filter);
89 dissector_hostlist_init(const char *opt_arg, void* userdata)
91 register_ct_t *table = (register_ct_t*)userdata;
92 GString *cmd_str = g_string_new("");
93 const char *filter=NULL;
95 g_string_printf(cmd_str, "%s,%s,", HOSTLIST_TAP_PREFIX, proto_get_protocol_filter_name(table->proto_id));
96 if(!strncmp(opt_arg, cmd_str->str, cmd_str->len)){
97 if (opt_arg[cmd_str->len] == ',') {
98 filter = opt_arg + cmd_str->len + 1;
104 g_string_free(cmd_str, TRUE);
106 if (table->host_gui_init)
107 table->host_gui_init(table, filter);
109 /** get conversation from protocol ID
111 * @param proto_id protocol ID
112 * @return tap function handler of conversation
114 register_ct_t* get_conversation_by_proto_id(int proto_id)
117 register_ct_t *table;
119 for(ct = registered_ct_tables; ct != NULL; ct = g_slist_next(ct)){
120 table = (register_ct_t*)ct->data;
121 if ((table) && (table->proto_id == proto_id))
129 insert_sorted_by_table_name(gconstpointer aparam, gconstpointer bparam)
131 const register_ct_t *a = (register_ct_t *)aparam;
132 const register_ct_t *b = (register_ct_t *)bparam;
134 return g_ascii_strcasecmp(proto_get_protocol_short_name(find_protocol_by_id(a->proto_id)), proto_get_protocol_short_name(find_protocol_by_id(b->proto_id)));
138 register_conversation_table(const int proto_id, gboolean hide_ports, tap_packet_cb conv_packet_func, tap_packet_cb hostlist_func)
140 register_ct_t *table;
142 table = g_new(register_ct_t,1);
144 table->hide_ports = hide_ports;
145 table->proto_id = proto_id;
146 table->conv_func = conv_packet_func;
147 table->host_func = hostlist_func;
148 table->conv_gui_init = NULL;
149 table->host_gui_init = NULL;
151 registered_ct_tables = g_slist_insert_sorted(registered_ct_tables, table, insert_sorted_by_table_name);
154 /* Set GUI fields for register_ct list */
156 set_conv_gui_data(gpointer data, gpointer user_data)
158 GString *conv_cmd_str = g_string_new("conv,");
160 register_ct_t *table = (register_ct_t*)data;
162 table->conv_gui_init = (conv_gui_init_cb)user_data;
164 g_string_append(conv_cmd_str, proto_get_protocol_filter_name(table->proto_id));
165 ui_info.group = REGISTER_STAT_GROUP_CONVERSATION_LIST;
166 ui_info.title = NULL; /* construct this from the protocol info? */
167 ui_info.cli_string = g_string_free(conv_cmd_str, FALSE);
168 ui_info.tap_init_cb = dissector_conversation_init;
170 ui_info.params = NULL;
171 register_stat_tap_ui(&ui_info, table);
174 void conversation_table_set_gui_info(conv_gui_init_cb init_cb)
176 g_slist_foreach(registered_ct_tables, set_conv_gui_data, init_cb);
180 set_host_gui_data(gpointer data, gpointer user_data)
182 GString *host_cmd_str = g_string_new("");
184 register_ct_t *table = (register_ct_t*)data;
186 table->host_gui_init = (host_gui_init_cb)user_data;
188 g_string_printf(host_cmd_str, "%s,%s", HOSTLIST_TAP_PREFIX, proto_get_protocol_filter_name(table->proto_id));
189 ui_info.group = REGISTER_STAT_GROUP_ENDPOINT_LIST;
190 ui_info.title = NULL; /* construct this from the protocol info? */
191 ui_info.cli_string = g_string_free(host_cmd_str, FALSE);
192 ui_info.tap_init_cb = dissector_hostlist_init;
194 ui_info.params = NULL;
195 register_stat_tap_ui(&ui_info, table);
198 void hostlist_table_set_gui_info(host_gui_init_cb init_cb)
200 g_slist_foreach(registered_ct_tables, set_host_gui_data, init_cb);
203 void conversation_table_iterate_tables(GFunc func, gpointer user_data)
205 g_slist_foreach(registered_ct_tables, func, user_data);
208 guint conversation_table_get_num(void)
210 return g_slist_length(registered_ct_tables);
214 register_ct_t *get_conversation_table_by_num(guint table_num)
216 return (register_ct_t *) g_slist_nth_data(registered_ct_tables, table_num);
219 /** Compute the hash value for two given address/port pairs.
220 * (Parameter type is gconstpointer for GHashTable compatibility.)
222 * @param v Conversation Key. MUST point to a conv_key_t struct.
223 * @return Computed key hash.
226 conversation_hash(gconstpointer v)
228 const conv_key_t *key = (const conv_key_t *)v;
232 add_address_to_hash(hash_val, &key->addr1);
233 hash_val += key->port1;
234 add_address_to_hash(hash_val, &key->addr2);
235 hash_val += key->port2;
236 hash_val ^= key->conv_id;
241 /** Compare two conversation keys for an exact match.
242 * (Parameter types are gconstpointer for GHashTable compatibility.)
244 * @param key1 First conversation. MUST point to a conv_key_t struct.
245 * @param key2 Second conversation. MUST point to a conv_key_t struct.
246 * @return TRUE if conversations are equal, FALSE otherwise.
249 conversation_equal(gconstpointer key1, gconstpointer key2)
251 const conv_key_t *ck1 = (const conv_key_t *)key1;
252 const conv_key_t *ck2 = (const conv_key_t *)key2;
254 if (ck1->conv_id == ck2->conv_id)
256 if (ck1->port1 == ck2->port1 &&
257 ck1->port2 == ck2->port2 &&
258 addresses_equal(&ck1->addr1, &ck2->addr1) &&
259 addresses_equal(&ck1->addr2, &ck2->addr2)) {
263 if (ck1->port2 == ck2->port1 &&
264 ck1->port1 == ck2->port2 &&
265 addresses_equal(&ck1->addr2, &ck2->addr1) &&
266 addresses_equal(&ck1->addr1, &ck2->addr2)) {
272 * The addresses, ports, or conversation IDs don't match.
278 reset_conversation_table_data(conv_hash_t *ch)
284 if (ch->conv_array != NULL) {
286 for(i = 0; i < ch->conv_array->len; i++){
287 conv_item_t *conv = &g_array_index(ch->conv_array, conv_item_t, i);
288 g_free((gpointer)conv->src_address.data);
289 g_free((gpointer)conv->dst_address.data);
292 g_array_free(ch->conv_array, TRUE);
295 if (ch->hashtable != NULL) {
296 g_hash_table_destroy(ch->hashtable);
303 void reset_hostlist_table_data(conv_hash_t *ch)
309 if (ch->conv_array != NULL) {
311 for(i = 0; i < ch->conv_array->len; i++){
312 hostlist_talker_t *host = &g_array_index(ch->conv_array, hostlist_talker_t, i);
313 g_free((gpointer)host->myaddress.data);
316 g_array_free(ch->conv_array, TRUE);
319 if (ch->hashtable != NULL) {
320 g_hash_table_destroy(ch->hashtable);
327 const char *get_conversation_address(wmem_allocator_t *allocator, address *addr, gboolean resolve_names)
330 return address_to_display(allocator, addr);
332 return address_to_str(allocator, addr);
336 const char *get_conversation_port(wmem_allocator_t *allocator, guint32 port, port_type ptype, gboolean resolve_names)
339 if(!resolve_names) ptype = PT_NONE;
343 return tcp_port_to_display(allocator, port);
345 return udp_port_to_display(allocator, port);
347 return sctp_port_to_display(allocator, port);
349 return wmem_strdup_printf(allocator, "%d", port);
353 /* given an address (to distinguish between ipv4 and ipv6 for tcp/udp),
354 a port_type and a name_type (FN_...)
355 return a string for the filter name.
357 Some addresses, like AT_ETHER may actually be any of multiple types
358 of protocols, either ethernet, tokenring, fddi, wlan etc so we must be
359 more specific there; that's why we need specific_addr_type.
362 conversation_get_filter_name(conv_item_t *conv_item, conv_filter_type_e filter_type)
365 if ((conv_item == NULL) || (conv_item->dissector_info == NULL) || (conv_item->dissector_info->get_filter_type == NULL)) {
366 return CONV_FILTER_INVALID;
369 return conv_item->dissector_info->get_filter_type(conv_item, filter_type);
373 hostlist_get_filter_name(hostlist_talker_t *host, conv_filter_type_e filter_type)
376 if ((host == NULL) || (host->dissector_info == NULL) || (host->dissector_info->get_filter_type == NULL)) {
377 return CONV_FILTER_INVALID;
380 return host->dissector_info->get_filter_type(host, filter_type);
383 /* Convert a port number into a string or NULL */
385 ct_port_to_str(port_type ptype, guint32 port)
392 return g_strdup_printf("%d", port);
399 const char *get_conversation_filter(conv_item_t *conv_item, conv_direction_e direction)
401 char *sport, *dport, *src_addr, *dst_addr;
402 const char *str = "INVALID";
404 sport = ct_port_to_str(conv_item->ptype, conv_item->src_port);
405 dport = ct_port_to_str(conv_item->ptype, conv_item->dst_port);
406 src_addr = address_to_str(NULL, &conv_item->src_address);
407 dst_addr = address_to_str(NULL, &conv_item->dst_address);
409 if (conv_item->src_address.type == AT_STRINGZ || conv_item->src_address.type == AT_USB) {
412 new_addr = wmem_strdup_printf(NULL, "\"%s\"", src_addr);
413 wmem_free(NULL, src_addr);
416 if (conv_item->dst_address.type == AT_STRINGZ || conv_item->dst_address.type == AT_USB) {
419 new_addr = wmem_strdup_printf(NULL, "\"%s\"", dst_addr);
420 wmem_free(NULL, dst_addr);
425 case CONV_DIR_A_TO_FROM_B:
427 str = wmem_strdup_printf(NULL, "%s==%s%s%s%s%s && %s==%s%s%s%s%s",
428 conversation_get_filter_name(conv_item, CONV_FT_ANY_ADDRESS),
431 sport?conversation_get_filter_name(conv_item, CONV_FT_ANY_PORT):"",
434 conversation_get_filter_name(conv_item, CONV_FT_ANY_ADDRESS),
437 dport?conversation_get_filter_name(conv_item, CONV_FT_ANY_PORT):"",
442 case CONV_DIR_A_TO_B:
444 str = wmem_strdup_printf(NULL, "%s==%s%s%s%s%s && %s==%s%s%s%s%s",
445 conversation_get_filter_name(conv_item, CONV_FT_SRC_ADDRESS),
448 sport?conversation_get_filter_name(conv_item, CONV_FT_SRC_PORT):"",
451 conversation_get_filter_name(conv_item, CONV_FT_DST_ADDRESS),
454 dport?conversation_get_filter_name(conv_item, CONV_FT_DST_PORT):"",
459 case CONV_DIR_A_FROM_B:
461 str = wmem_strdup_printf(NULL, "%s==%s%s%s%s%s && %s==%s%s%s%s%s",
462 conversation_get_filter_name(conv_item, CONV_FT_DST_ADDRESS),
465 sport?conversation_get_filter_name(conv_item, CONV_FT_DST_PORT):"",
468 conversation_get_filter_name(conv_item, CONV_FT_SRC_ADDRESS),
471 dport?conversation_get_filter_name(conv_item, CONV_FT_SRC_PORT):"",
476 case CONV_DIR_A_TO_FROM_ANY:
478 str = wmem_strdup_printf(NULL, "%s==%s%s%s%s%s",
479 conversation_get_filter_name(conv_item, CONV_FT_ANY_ADDRESS),
482 sport?conversation_get_filter_name(conv_item, CONV_FT_ANY_PORT):"",
487 case CONV_DIR_A_TO_ANY:
489 str = wmem_strdup_printf(NULL, "%s==%s%s%s%s%s",
490 conversation_get_filter_name(conv_item, CONV_FT_SRC_ADDRESS),
493 sport?conversation_get_filter_name(conv_item, CONV_FT_SRC_PORT):"",
498 case CONV_DIR_A_FROM_ANY:
500 str = wmem_strdup_printf(NULL, "%s==%s%s%s%s%s",
501 conversation_get_filter_name(conv_item, CONV_FT_DST_ADDRESS),
504 sport?conversation_get_filter_name(conv_item, CONV_FT_DST_PORT):"",
509 case CONV_DIR_ANY_TO_FROM_B:
511 str = wmem_strdup_printf(NULL, "%s==%s%s%s%s%s",
512 conversation_get_filter_name(conv_item, CONV_FT_ANY_ADDRESS),
515 dport?conversation_get_filter_name(conv_item, CONV_FT_ANY_PORT):"",
520 case CONV_DIR_ANY_FROM_B:
522 str = wmem_strdup_printf(NULL, "%s==%s%s%s%s%s",
523 conversation_get_filter_name(conv_item, CONV_FT_SRC_ADDRESS),
526 dport?conversation_get_filter_name(conv_item, CONV_FT_SRC_PORT):"",
531 case CONV_DIR_ANY_TO_B:
533 str = wmem_strdup_printf(NULL, "%s==%s%s%s%s%s",
534 conversation_get_filter_name(conv_item, CONV_FT_DST_ADDRESS),
537 dport?conversation_get_filter_name(conv_item, CONV_FT_DST_PORT):"",
547 wmem_free(NULL, src_addr);
548 wmem_free(NULL, dst_addr);
552 const char *get_hostlist_filter(hostlist_talker_t *host)
554 char *sport, *src_addr;
557 sport=ct_port_to_str(host->ptype, host->port);
558 src_addr = address_to_str(NULL, &host->myaddress);
559 if (host->myaddress.type == AT_STRINGZ || host->myaddress.type == AT_USB) {
562 new_addr = wmem_strdup_printf(NULL, "\"%s\"", src_addr);
563 wmem_free(NULL, src_addr);
567 str = g_strdup_printf("%s==%s%s%s%s%s",
568 hostlist_get_filter_name(host, CONV_FT_ANY_ADDRESS),
571 sport?hostlist_get_filter_name(host, CONV_FT_ANY_PORT):"",
576 wmem_free(NULL, src_addr);
581 add_conversation_table_data(conv_hash_t *ch, const address *src, const address *dst, guint32 src_port, guint32 dst_port, int num_frames, int num_bytes,
582 nstime_t *ts, nstime_t *abs_ts, ct_dissector_info_t *ct_info, port_type ptype)
584 add_conversation_table_data_with_conv_id(ch, src, dst, src_port, dst_port, CONV_ID_UNSET, num_frames, num_bytes, ts, abs_ts, ct_info, ptype);
588 add_conversation_table_data_with_conv_id(
599 ct_dissector_info_t *ct_info,
602 const address *addr1, *addr2;
603 guint32 port1, port2;
604 conv_item_t *conv_item = NULL;
605 unsigned int conversation_idx = 0;
607 if (src_port > dst_port) {
612 } else if (src_port < dst_port) {
617 } else if (cmp_address(src, dst) < 0) {
629 /* if we don't have any entries at all yet */
630 if (ch->conv_array == NULL) {
631 ch->conv_array = g_array_sized_new(FALSE, FALSE, sizeof(conv_item_t), 10000);
633 ch->hashtable = g_hash_table_new_full(conversation_hash,
634 conversation_equal, /* key_equal_func */
635 g_free, /* key_destroy_func */
636 NULL); /* value_destroy_func */
639 /* try to find it among the existing known conversations */
640 conv_key_t existing_key;
641 gpointer conversation_idx_hash_val;
643 existing_key.addr1 = *addr1;
644 existing_key.addr2 = *addr2;
645 existing_key.port1 = port1;
646 existing_key.port2 = port2;
647 existing_key.conv_id = conv_id;
648 if (g_hash_table_lookup_extended(ch->hashtable, &existing_key, NULL, &conversation_idx_hash_val)) {
649 conv_item = &g_array_index(ch->conv_array, conv_item_t, GPOINTER_TO_UINT(conversation_idx_hash_val));
653 /* if we still don't know what conversation this is it has to be a new one
654 and we have to allocate it and append it to the end of the list */
655 if (conv_item == NULL) {
657 conv_item_t new_conv_item;
659 copy_address(&new_conv_item.src_address, addr1);
660 copy_address(&new_conv_item.dst_address, addr2);
661 new_conv_item.dissector_info = ct_info;
662 new_conv_item.ptype = ptype;
663 new_conv_item.src_port = port1;
664 new_conv_item.dst_port = port2;
665 new_conv_item.conv_id = conv_id;
666 new_conv_item.rx_frames = 0;
667 new_conv_item.tx_frames = 0;
668 new_conv_item.rx_bytes = 0;
669 new_conv_item.tx_bytes = 0;
670 new_conv_item.modified = TRUE;
673 memcpy(&new_conv_item.start_time, ts, sizeof(new_conv_item.start_time));
674 memcpy(&new_conv_item.stop_time, ts, sizeof(new_conv_item.stop_time));
675 memcpy(&new_conv_item.start_abs_time, abs_ts, sizeof(new_conv_item.start_abs_time));
677 nstime_set_unset(&new_conv_item.start_abs_time);
678 nstime_set_unset(&new_conv_item.start_time);
679 nstime_set_unset(&new_conv_item.stop_time);
681 g_array_append_val(ch->conv_array, new_conv_item);
682 conversation_idx = ch->conv_array->len - 1;
683 conv_item = &g_array_index(ch->conv_array, conv_item_t, conversation_idx);
685 /* ct->conversations address is not a constant but src/dst_address.data are */
686 new_key = g_new(conv_key_t, 1);
687 set_address(&new_key->addr1, conv_item->src_address.type, conv_item->src_address.len, conv_item->src_address.data);
688 set_address(&new_key->addr2, conv_item->dst_address.type, conv_item->dst_address.len, conv_item->dst_address.data);
689 new_key->port1 = port1;
690 new_key->port2 = port2;
691 new_key->conv_id = conv_id;
692 g_hash_table_insert(ch->hashtable, new_key, GUINT_TO_POINTER(conversation_idx));
695 /* update the conversation struct */
696 conv_item->modified = TRUE;
697 if ( (!cmp_address(src, addr1)) && (!cmp_address(dst, addr2)) && (src_port==port1) && (dst_port==port2) ) {
698 conv_item->tx_frames += num_frames;
699 conv_item->tx_bytes += num_bytes;
701 conv_item->rx_frames += num_frames;
702 conv_item->rx_bytes += num_bytes;
706 if (nstime_cmp(ts, &conv_item->stop_time) > 0) {
707 memcpy(&conv_item->stop_time, ts, sizeof(conv_item->stop_time));
708 } else if (nstime_cmp(ts, &conv_item->start_time) < 0) {
709 memcpy(&conv_item->start_time, ts, sizeof(conv_item->start_time));
710 memcpy(&conv_item->start_abs_time, abs_ts, sizeof(conv_item->start_abs_time));
716 * Compute the hash value for a given address/port pairs if the match
720 host_hash(gconstpointer v)
722 const host_key_t *key = (const host_key_t *)v;
726 add_address_to_hash(hash_val, &key->myaddress);
727 hash_val += key->port;
732 * Compare two host keys for an exact match.
735 host_match(gconstpointer v, gconstpointer w)
737 const host_key_t *v1 = (const host_key_t *)v;
738 const host_key_t *v2 = (const host_key_t *)w;
740 if (v1->port == v2->port &&
741 addresses_equal(&v1->myaddress, &v2->myaddress)) {
745 * The addresses or the ports don't match.
751 add_hostlist_table_data(conv_hash_t *ch, const address *addr, guint32 port, gboolean sender, int num_frames, int num_bytes, hostlist_dissector_info_t *host_info, port_type port_type_val)
753 hostlist_talker_t *talker=NULL;
756 /* XXX should be optimized to allocate n extra entries at a time
757 instead of just one */
758 /* if we don't have any entries at all yet */
759 if(ch->conv_array==NULL){
760 ch->conv_array=g_array_sized_new(FALSE, FALSE, sizeof(hostlist_talker_t), 10000);
761 ch->hashtable = g_hash_table_new_full(host_hash,
762 host_match, /* key_equal_func */
763 g_free, /* key_destroy_func */
764 NULL); /* value_destroy_func */
767 /* try to find it among the existing known conversations */
768 host_key_t existing_key;
769 gpointer talker_idx_hash_val;
771 existing_key.myaddress = *addr;
772 existing_key.port = port;
774 if (g_hash_table_lookup_extended(ch->hashtable, &existing_key, NULL, &talker_idx_hash_val)) {
775 talker = &g_array_index(ch->conv_array, hostlist_talker_t, GPOINTER_TO_UINT(talker_idx_hash_val));
779 /* if we still don't know what talker this is it has to be a new one
780 and we have to allocate it and append it to the end of the list */
783 hostlist_talker_t host;
785 copy_address(&host.myaddress, addr);
786 host.dissector_info = host_info;
787 host.ptype=port_type_val;
793 host.modified = TRUE;
795 g_array_append_val(ch->conv_array, host);
796 talker_idx= ch->conv_array->len - 1;
797 talker=&g_array_index(ch->conv_array, hostlist_talker_t, talker_idx);
799 /* hl->hosts address is not a constant but address.data is */
800 new_key = g_new(host_key_t,1);
801 set_address(&new_key->myaddress, talker->myaddress.type, talker->myaddress.len, talker->myaddress.data);
802 new_key->port = port;
803 g_hash_table_insert(ch->hashtable, new_key, GUINT_TO_POINTER(talker_idx));
806 /* if this is a new talker we need to initialize the struct */
807 talker->modified = TRUE;
809 /* update the talker struct */
811 talker->tx_frames+=num_frames;
812 talker->tx_bytes+=num_bytes;
814 talker->rx_frames+=num_frames;
815 talker->rx_bytes+=num_bytes;
825 * indent-tabs-mode: nil
828 * ex: set shiftwidth=4 tabstop=8 expandtab:
829 * :indentSize=4:tabSize=8:noTabs=true: