gtk/follow_udp.c

   1 /* follow_udp.c
   2  * UDP specific routines for following traffic streams
   3  *
   4  * $Id$
   5  *
   6  * Wireshark - Network traffic analyzer
   7  * By Gerald Combs <gerald@wireshark.org>
   8  * Copyright 1998 Gerald Combs
   9  *
  10  * This program is free software; you can redistribute it and/or
  11  * modify it under the terms of the GNU General Public License
  12  * as published by the Free Software Foundation; either version 2
  13  * of the License, or (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  * GNU General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU General Public License
  21  * along with this program; if not, write to the Free Software
  22  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
  23  * USA.
  24  */
  25
  26 #ifdef HAVE_CONFIG_H
  27 # include "config.h"
  28 #endif
  29 #include <string.h>
  30
  31 #include <gtk/gtk.h>
  32
  33 #include <epan/addr_resolv.h>
  34 #include <epan/epan_dissect.h>
  35 #include <epan/follow.h>
  36 #include <epan/ipproto.h>
  37 #include <epan/strutil.h>
  38 #include <epan/tap.h>
  39
  40 #include <../globals.h>
  41 #include <../simple_dialog.h>
  42
  43 #include "gtk/follow_stream.h"
  44 #include <gtk/keys.h>
  45 #include <gtk/main.h>
  46 #include "gtk/follow_udp.h"
  47
  48
  49 static int
  50 udp_queue_packet_data(void *tapdata, packet_info *pinfo,
  51                       epan_dissect_t *edt _U_, const void *data)
  52 {
  53         follow_record_t *follow_record;
  54         follow_info_t *follow_info = tapdata;
  55         const tvbuff_t *next_tvb = data;
  56
  57         follow_record = g_malloc(sizeof(follow_record_t));
  58
  59         follow_record->data = g_byte_array_sized_new(next_tvb->length);
  60         follow_record->data = g_byte_array_append(follow_record->data,
  61                                                   next_tvb->real_data,
  62                                                   next_tvb->length);
  63
  64         if (follow_info->client_port == 0) {
  65                 follow_info->client_port = pinfo->srcport;
  66                 COPY_ADDRESS(&follow_info->client_ip, &pinfo->src);
  67         }
  68
  69         if (ADDRESSES_EQUAL(&follow_info->client_ip, &pinfo->src) &&
  70             follow_info->client_port == pinfo->srcport)
  71                 follow_record->is_server = FALSE;
  72         else
  73                 follow_record->is_server = TRUE;
  74
  75         /* update stream counter */
  76         follow_info->bytes_written[follow_record->is_server] +=
  77                 follow_record->data->len;
  78
  79         follow_info->payload = g_list_append(follow_info->payload,
  80                                              follow_record);
  81         return 0;
  82 }
  83
  84
  85 /* Follow the UDP stream, if any, to which the last packet that we called
  86    a dissection routine on belongs (this might be the most recently
  87    selected packet, or it might be the last packet in the file). */
  88 void
  89 follow_udp_stream_cb(GtkWidget *w, gpointer data _U_)
  90 {
  91         GtkWidget *filter_te;
  92         gchar *follow_filter;
  93         const gchar *previous_filter;
  94         int filter_out_filter_len, previous_filter_len;
  95         const char *hostname0, *hostname1;
  96         char *port0, *port1;
  97         gchar *server_to_client_string = NULL;
  98         gchar *client_to_server_string = NULL;
  99         gchar *both_directions_string = NULL;
 100         follow_stats_t stats;
 101         follow_info_t *follow_info;
 102         GString *msg;
 103
 104         /* we got udp so we can follow */
 105         if(cfile.edt->pi.ipproto != IP_PROTO_UDP) {
 106                 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
 107                               "Error following stream.  Please make\n"
 108                               "sure you have a UDP packet selected.");
 109                 return;
 110         }
 111
 112         follow_info = g_new0(follow_info_t, 1);
 113         follow_info->follow_type = FOLLOW_UDP;
 114
 115         /* Create a new filter that matches all packets in the UDP stream,
 116            and set the display filter entry accordingly */
 117         follow_filter = build_follow_filter(&cfile.edt->pi);
 118         if (!follow_filter)
 119                 {
 120                         simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
 121                                       "Error creating filter for this stream.\n"
 122                                       "A network layer header is needed");
 123                         g_free(follow_info);
 124                         return;
 125                 }
 126
 127         /* Set the display filter entry accordingly */
 128         filter_te = g_object_get_data(G_OBJECT(w), E_DFILTER_TE_KEY);
 129
 130         /* needed in follow_filter_out_stream(), is there a better way? */
 131         follow_info->filter_te = filter_te;
 132
 133         /* save previous filter, const since we're not supposed to alter */
 134         previous_filter =
 135                 (const gchar *)gtk_entry_get_text(GTK_ENTRY(filter_te));
 136
 137         /* allocate our new filter. API claims g_malloc terminates program on failure */
 138         /* my calc for max alloc needed is really +10 but when did a few extra bytes hurt ? */
 139         previous_filter_len = previous_filter?strlen(previous_filter):0;
 140         filter_out_filter_len = strlen(follow_filter) + previous_filter_len + 16;
 141         follow_info->filter_out_filter = (gchar *)g_malloc(filter_out_filter_len);
 142
 143         /* append the negation */
 144         if(previous_filter_len) {
 145                 g_snprintf(follow_info->filter_out_filter, filter_out_filter_len,
 146                            "%s and !(%s)", previous_filter, follow_filter);
 147         } else {
 148                 g_snprintf(follow_info->filter_out_filter, filter_out_filter_len,
 149                            "!(%s)", follow_filter);
 150         }
 151
 152         /* data will be passed via tap callback*/
 153         msg = register_tap_listener("udp_follow", follow_info, follow_filter,
 154                                     NULL, udp_queue_packet_data, NULL);
 155         if (msg) {
 156                 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
 157                               "Can't register udp_follow tap: %s\n",
 158                               msg->str);
 159                 g_free(follow_info->filter_out_filter);
 160                 g_free(follow_info);
 161                 g_free(follow_filter);
 162                 return;
 163         }
 164
 165         gtk_entry_set_text(GTK_ENTRY(filter_te), follow_filter);
 166
 167         /* Run the display filter so it goes in effect - even if it's the
 168            same as the previous display filter. */
 169         main_filter_packets(&cfile, follow_filter, TRUE);
 170
 171         /* Free the filter string, as we're done with it. */
 172         g_free(follow_filter);
 173
 174         remove_tap_listener(follow_info);
 175
 176         /* Stream to show */
 177         follow_stats(&stats);
 178
 179         if (stats.is_ipv6) {
 180                 struct e_in6_addr ipaddr;
 181                 memcpy(&ipaddr, stats.ip_address[0], 16);
 182                 hostname0 = get_hostname6(&ipaddr);
 183                 memcpy(&ipaddr, stats.ip_address[0], 16);
 184                 hostname1 = get_hostname6(&ipaddr);
 185         } else {
 186                 guint32 ipaddr;
 187                 memcpy(&ipaddr, stats.ip_address[0], 4);
 188                 hostname0 = get_hostname(ipaddr);
 189                 memcpy(&ipaddr, stats.ip_address[1], 4);
 190                 hostname1 = get_hostname(ipaddr);
 191         }
 192
 193         port0 = get_udp_port(stats.port[0]);
 194         port1 = get_udp_port(stats.port[1]);
 195
 196         follow_info->is_ipv6 = stats.is_ipv6;
 197
 198         /* Both Stream Directions */
 199         both_directions_string = g_strdup_printf("Entire conversation (%u bytes)", follow_info->bytes_written[0] + follow_info->bytes_written[1]);
 200
 201         if(follow_info->client_port == stats.port[0]) {
 202                 server_to_client_string =
 203                         g_strdup_printf("%s:%s --> %s:%s (%u bytes)",
 204                                         hostname0, port0,
 205                                         hostname1, port1,
 206                                         follow_info->bytes_written[0]);
 207
 208                 client_to_server_string =
 209                         g_strdup_printf("%s:%s --> %s:%s (%u bytes)",
 210                                         hostname1, port1,
 211                                         hostname0, port0,
 212                                         follow_info->bytes_written[1]);
 213         } else {
 214                 server_to_client_string =
 215                         g_strdup_printf("%s:%s --> %s:%s (%u bytes)",
 216                                         hostname1, port1,
 217                                         hostname0, port0,
 218                                         follow_info->bytes_written[0]);
 219
 220                 client_to_server_string =
 221                         g_strdup_printf("%s:%s --> %s:%s (%u bytes)",
 222                                         hostname0, port0,
 223                                         hostname1, port1,
 224                                         follow_info->bytes_written[1]);
 225         }
 226
 227         follow_stream("Follow UDP Stream", follow_info, both_directions_string,
 228                       server_to_client_string, client_to_server_string);
 229
 230         g_free(both_directions_string);
 231         g_free(server_to_client_string);
 232         g_free(client_to_server_string);
 233 }
 234
 235 #define FLT_BUF_SIZE 1024
 236
 237 /*
 238  * XXX - the routine pointed to by "print_line" doesn't get handed lines,
 239  * it gets handed bufferfuls.  That's fine for "follow_write_raw()"
 240  * and "follow_add_to_gtk_text()", but, as "follow_print_text()" calls
 241  * the "print_line()" routine from "print.c", and as that routine might
 242  * genuinely expect to be handed a line (if, for example, it's using
 243  * some OS or desktop environment's printing API, and that API expects
 244  * to be handed lines), "follow_print_text()" should probably accumulate
 245  * lines in a buffer and hand them "print_line()".  (If there's a
 246  * complete line in a buffer - i.e., there's nothing of the line in
 247  * the previous buffer or the next buffer - it can just hand that to
 248  * "print_line()" after filtering out non-printables, as an
 249  * optimization.)
 250  *
 251  * This might or might not be the reason why C arrays display
 252  * correctly but get extra blank lines very other line when printed.
 253  */
 254 frs_return_t
 255 follow_read_udp_stream(follow_info_t *follow_info,
 256                        gboolean (*print_line)(char *, size_t, gboolean, void *),
 257                        void *arg)
 258 {
 259         int iplen;
 260         guint32 global_client_pos = 0, global_server_pos = 0;
 261         guint32 server_packet_count = 0;
 262         guint32 client_packet_count = 0;
 263         guint32 *global_pos;
 264         gboolean skip;
 265         GList* cur;
 266         frs_return_t frs_return;
 267         follow_record_t *follow_record;
 268         char *buffer;
 269
 270         iplen = (follow_info->is_ipv6) ? 16 : 4;
 271
 272         for (cur = follow_info->payload; cur; cur = g_list_next(cur)) {
 273                 follow_record = cur->data;
 274                 skip = FALSE;
 275                 if (!follow_record->is_server) {
 276                         global_pos = &global_client_pos;
 277                         if(follow_info->show_stream == FROM_SERVER) {
 278                                 skip = TRUE;
 279                         }
 280                 } else {
 281                         global_pos = &global_server_pos;
 282                         if (follow_info->show_stream == FROM_CLIENT) {
 283                                 skip = TRUE;
 284                         }
 285                 }
 286
 287                 if (!skip) {
 288                         buffer = g_memdup(follow_record->data->data,
 289                                           follow_record->data->len);
 290
 291                         frs_return = follow_show(follow_info, print_line,
 292                                                  buffer,
 293                                                  follow_record->data->len,
 294                                                  follow_record->is_server, arg,
 295                                                  global_pos,
 296                                                  &server_packet_count,
 297                                                  &client_packet_count);
 298                         g_free(buffer);
 299                         if(frs_return == FRS_PRINT_ERROR)
 300                                 return frs_return;
 301                 }
 302         }
 303
 304         return FRS_OK;
 305 }