OBJECT_..._DATA --> g_object_..._data
[obnox/wireshark/wip.git] / gtk / follow_udp.c
1 /* follow_udp.c
2  * UDP specific routines for following traffic streams
3  *
4  * $Id$
5  *
6  * Wireshark - Network traffic analyzer
7  * By Gerald Combs <gerald@wireshark.org>
8  * Copyright 1998 Gerald Combs
9  *
10  * This program is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU General Public License
12  * as published by the Free Software Foundation; either version 2
13  * of the License, or (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with this program; if not, write to the Free Software
22  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
23  * USA.
24  */
25
26 #include "config.h"
27
28 #include <gtk/gtk.h>
29
30 #include <string.h>
31
32 #include <epan/addr_resolv.h>
33 #include <epan/epan_dissect.h>
34 #include <epan/follow.h>
35 #include <epan/ipproto.h>
36 #include <epan/strutil.h>
37 #include <epan/tap.h>
38 #include "follow_stream.h"
39 #include <globals.h>
40 #include <gtk/compat_macros.h>
41 #include <gtk/keys.h>
42 #include <gtk/main.h>
43 #include <simple_dialog.h>
44
45 #include "follow_udp.h"
46
47
48 static int
49 udp_queue_packet_data(void *tapdata, packet_info *pinfo,
50                       epan_dissect_t *edt _U_, const void *data)
51 {
52         follow_record_t *follow_record;
53         follow_info_t *follow_info = tapdata;
54         const tvbuff_t *next_tvb = data;
55         
56         follow_record = g_malloc(sizeof(follow_record_t));
57
58         follow_record->data = g_byte_array_sized_new(next_tvb->length);
59         follow_record->data = g_byte_array_append(follow_record->data,
60                                                   next_tvb->real_data,
61                                                   next_tvb->length);
62
63         if (follow_info->client_port == 0) {
64                 follow_info->client_port = pinfo->srcport;
65                 COPY_ADDRESS(&follow_info->client_ip, &pinfo->src);
66         }
67
68         if (ADDRESSES_EQUAL(&follow_info->client_ip, &pinfo->src) &&
69             follow_info->client_port == pinfo->srcport)
70                 follow_record->is_server = FALSE;
71         else 
72                 follow_record->is_server = TRUE;
73
74         /* update stream counter */
75         follow_info->bytes_written[follow_record->is_server] +=
76                 follow_record->data->len;
77
78         follow_info->payload = g_list_append(follow_info->payload,
79                                              follow_record);
80         return 0;
81 }
82
83
84 /* Follow the UDP stream, if any, to which the last packet that we called
85    a dissection routine on belongs (this might be the most recently
86    selected packet, or it might be the last packet in the file). */
87 void
88 follow_udp_stream_cb(GtkWidget *w, gpointer data _U_)
89 {
90         GtkWidget *filter_te;
91         gchar *follow_filter;
92         const gchar *previous_filter;
93         int filter_out_filter_len, previous_filter_len;
94         const char *hostname0, *hostname1;
95         char *port0, *port1;
96         gchar *server_to_client_string = NULL;
97         gchar *client_to_server_string = NULL;
98         gchar *both_directions_string = NULL;
99         follow_stats_t stats;
100         follow_info_t *follow_info;
101         GString *msg;
102
103         /* we got udp so we can follow */
104         if(cfile.edt->pi.ipproto != IP_PROTO_UDP) {
105                 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
106                               "Error following stream.  Please make\n"
107                               "sure you have a UDP packet selected.");
108                 return;
109         }
110         
111         follow_info = g_new0(follow_info_t, 1);
112         follow_info->follow_type = FOLLOW_UDP;
113
114         /* Create a new filter that matches all packets in the UDP stream,
115            and set the display filter entry accordingly */
116         follow_filter = build_follow_filter(&cfile.edt->pi);
117         if (!follow_filter)
118                 {
119                         simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
120                                       "Error creating filter for this stream.\n"
121                                       "A network layer header is needed");
122                         return;
123                 }
124
125         /* Set the display filter entry accordingly */
126         filter_te = g_object_get_data(G_OBJECT(w), E_DFILTER_TE_KEY);
127
128         /* needed in follow_filter_out_stream(), is there a better way? */
129         follow_info->filter_te = filter_te;
130
131         /* save previous filter, const since we're not supposed to alter */
132         previous_filter =
133                 (const gchar *)gtk_entry_get_text(GTK_ENTRY(filter_te));
134
135         /* allocate our new filter. API claims g_malloc terminates program on failure */
136         /* my calc for max alloc needed is really +10 but when did a few extra bytes hurt ? */
137         previous_filter_len = previous_filter?strlen(previous_filter):0;
138         filter_out_filter_len = strlen(follow_filter) + previous_filter_len + 16;
139         follow_info->filter_out_filter = (gchar *)g_malloc(filter_out_filter_len);
140
141         /* append the negation */
142         if(previous_filter_len) {
143                 g_snprintf(follow_info->filter_out_filter, filter_out_filter_len,
144                            "%s and !(%s)", previous_filter, follow_filter);
145         } else {
146                 g_snprintf(follow_info->filter_out_filter, filter_out_filter_len,
147                            "!(%s)", follow_filter);
148         }
149
150         /* data will be passed via tap callback*/
151         msg = register_tap_listener("udp_follow", follow_info, follow_filter,
152                                     NULL, udp_queue_packet_data, NULL);
153         if (msg) {
154                 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
155                               "Can't register udp_follow tap: %s\n",
156                               msg->str);
157                 return;
158         }
159
160         gtk_entry_set_text(GTK_ENTRY(filter_te), follow_filter);
161
162         /* Run the display filter so it goes in effect - even if it's the
163            same as the previous display filter. */
164         main_filter_packets(&cfile, follow_filter, TRUE);
165
166         /* Free the filter string, as we're done with it. */
167         g_free(follow_filter);
168
169         remove_tap_listener(follow_info);
170
171         /* Stream to show */
172         follow_stats(&stats);
173
174         if (stats.is_ipv6) {
175                 struct e_in6_addr ipaddr;
176                 memcpy(&ipaddr, stats.ip_address[0], 16);
177                 hostname0 = get_hostname6(&ipaddr);
178                 memcpy(&ipaddr, stats.ip_address[0], 16);
179                 hostname1 = get_hostname6(&ipaddr);
180         } else {
181                 guint32 ipaddr;
182                 memcpy(&ipaddr, stats.ip_address[0], 4);
183                 hostname0 = get_hostname(ipaddr);
184                 memcpy(&ipaddr, stats.ip_address[1], 4);
185                 hostname1 = get_hostname(ipaddr);
186         }
187     
188         port0 = get_udp_port(stats.port[0]);
189         port1 = get_udp_port(stats.port[1]);
190     
191         follow_info->is_ipv6 = stats.is_ipv6;
192
193         /* Both Stream Directions */
194         both_directions_string = g_strdup_printf("Entire conversation (%u bytes)", follow_info->bytes_written[0] + follow_info->bytes_written[1]);
195     
196         if(follow_info->client_port == stats.port[0]) {
197                 server_to_client_string =
198                         g_strdup_printf("%s:%s --> %s:%s (%u bytes)",
199                                         hostname0, port0,
200                                         hostname1, port1,
201                                         follow_info->bytes_written[0]);
202                 
203                 client_to_server_string =
204                         g_strdup_printf("%s:%s --> %s:%s (%u bytes)",
205                                         hostname1, port1,
206                                         hostname0, port0,
207                                         follow_info->bytes_written[1]);
208         } else {
209                 server_to_client_string =
210                         g_strdup_printf("%s:%s --> %s:%s (%u bytes)",
211                                         hostname1, port1,
212                                         hostname0, port0,
213                                         follow_info->bytes_written[0]);
214                 
215                 client_to_server_string =
216                         g_strdup_printf("%s:%s --> %s:%s (%u bytes)",
217                                         hostname0, port0,
218                                         hostname1, port1,
219                                         follow_info->bytes_written[1]);
220         }
221
222         follow_stream("Follow UDP Stream", follow_info, both_directions_string,
223                       server_to_client_string, client_to_server_string);
224
225         g_free(both_directions_string);
226         g_free(server_to_client_string);
227         g_free(client_to_server_string);
228 }
229
230 #define FLT_BUF_SIZE 1024
231
232 /*
233  * XXX - the routine pointed to by "print_line" doesn't get handed lines,
234  * it gets handed bufferfuls.  That's fine for "follow_write_raw()"
235  * and "follow_add_to_gtk_text()", but, as "follow_print_text()" calls
236  * the "print_line()" routine from "print.c", and as that routine might
237  * genuinely expect to be handed a line (if, for example, it's using
238  * some OS or desktop environment's printing API, and that API expects
239  * to be handed lines), "follow_print_text()" should probably accumulate
240  * lines in a buffer and hand them "print_line()".  (If there's a
241  * complete line in a buffer - i.e., there's nothing of the line in
242  * the previous buffer or the next buffer - it can just hand that to
243  * "print_line()" after filtering out non-printables, as an
244  * optimization.)
245  *
246  * This might or might not be the reason why C arrays display
247  * correctly but get extra blank lines very other line when printed.
248  */
249 frs_return_t
250 follow_read_udp_stream(follow_info_t *follow_info,
251                        gboolean (*print_line)(char *, size_t, gboolean, void *),
252                        void *arg)
253 {
254         int iplen;
255         guint32 global_client_pos = 0, global_server_pos = 0;
256         guint32 server_packet_count = 0;
257         guint32 client_packet_count = 0;
258         guint32 *global_pos;
259         gboolean skip;
260         GList* cur;
261         frs_return_t frs_return;
262         follow_record_t *follow_record;
263         char *buffer;
264
265         iplen = (follow_info->is_ipv6) ? 16 : 4;
266     
267         for (cur = follow_info->payload; cur; cur = g_list_next(cur)) {
268                 follow_record = cur->data;
269                 skip = FALSE;
270                 if (!follow_record->is_server) {
271                         global_pos = &global_client_pos;
272                         if(follow_info->show_stream == FROM_SERVER) {
273                                 skip = TRUE;
274                         }
275                 } else {
276                         global_pos = &global_server_pos;
277                         if (follow_info->show_stream == FROM_CLIENT) {
278                                 skip = TRUE;
279                         }
280                 }
281
282                 if (!skip) {
283                         buffer = g_memdup(follow_record->data->data,
284                                           follow_record->data->len);
285             
286                         frs_return = follow_show(follow_info, print_line,
287                                                  buffer,
288                                                  follow_record->data->len,
289                                                  follow_record->is_server, arg,
290                                                  global_pos, 
291                                                  &server_packet_count,
292                                                  &client_packet_count);
293                         g_free(buffer);
294                         if(frs_return == FRS_PRINT_ERROR)
295                                 return frs_return;
296                 }
297         }
298
299         return FRS_OK;
300 }