osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

New Plugin from Luis Ontanon: 

MATE -- Meta Analysis and Tracing Engine

Won't be compiled by default.

It is still not possible to link the plugin on Win32.

svn path=/trunk/; revision=12716
This commit is contained in:
Lars Roland 2004-12-11 01:00:17 +00:00
parent ea67e4cfab
commit 86d7ed9bae
32 changed files with 6268 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
plugins/mate/AUTHORS Normal file
View File

@ -0,0 +1,3 @@
Author:
Luis E. Garcia Ontanon <luis.ontanon [AT] gmail.com>

340
plugins/mate/COPYING Normal file
View File

@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

0
plugins/mate/INSTALL Normal file
View File

44
plugins/mate/Makefile.am Normal file
View File

@ -0,0 +1,44 @@
# Makefile.am
# Automake file for MATE Ethereal plugin
#
# $Id$
#
# Ethereal - Network traffic analyzer
# By Gerald Combs <gerald@ethereal.com>
# Copyright 1998 Gerald Combs
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
INCLUDES = -I$(top_srcdir)
plugindir = @plugindir@
plugin_LTLIBRARIES = mate.la
mate_la_SOURCES = moduleinfo.h mate.h mate_util.h packet-mate.c mate_runtime.c mate_setup.c mate_util.c mate_plugin.c
mate_la_LDFLAGS = -module -avoid-version
mate_la_LIBADD = @PLUGIN_LIBS@
# Libs must be cleared, or else libtool won't create a shared module.
# If your module needs to be linked against any particular libraries,
# add them here.
LIBS =
CLEANFILES = \
mate \
*~
EXTRA_DIST = \
Makefile.nmake

30
plugins/mate/Makefile.nmake Normal file
View File

@ -0,0 +1,30 @@
#
# $Id$
#
include ..\..\config.nmake
############### no need to modify below this line #########
CFLAGS=/DHAVE_CONFIG_H /I../.. /I../../wiretap $(GLIB_CFLAGS) \
/I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS)
LDFLAGS = /NOLOGO /INCREMENTAL:no /MACHINE:I386 $(LOCAL_LDFLAGS)
!IFDEF LINK_PLUGINS_WITH_LIBETHEREAL
LINK_PLUGIN_WITH=..\..\epan\libethereal.lib
CFLAGS=/DHAVE_WIN32_LIBETHEREAL_LIB /D_NEED_VAR_IMPORT_ $(CFLAGS)
!ELSE
LINK_PLUGIN_WITH=..\plugin_api.obj
!ENDIF
OBJECTS=packet-mate.obj mate_setup.obj mate_runtime.obj mate_util.obj mate_plugin.obj
mate.dll mate.exp mate.lib : $(OBJECTS) $(LINK_PLUGIN_WITH)
link -dll /out:mate.dll $(LDFLAGS) $(OBJECTS) $(LINK_PLUGIN_WITH) \
$(GLIB_LIBS)
clean:
rm -f $(OBJECTS) mate.dll mate.exp mate.lib *.pdb
distclean: clean

0
plugins/mate/NEWS Normal file
View File

4
plugins/mate/examples/call.thing Normal file
View File

@ -0,0 +1,4 @@
# call.thing
Action=Include; Filename=/Users/lego/things/call.mate;

78
plugins/mate/examples/cmplx_call.thing Normal file
View File

@ -0,0 +1,78 @@
# call_tracing.thing
#
# This config works with most of the ViG's call scenarios
#
# To work well with the Vig needs the following:
# a user to calling mapping to map emails to calling numbers (this only if calls begin towards an e-mail not a number)
# a opc:cic to term mapping to represent the MGw config (if you want to see megaco)
#
Action=PDU; Proto=sip; Transport=ip; addr=ip.addr; sip_method=sip.Method; sip_callid=sip.Call-ID; calling=sdp.owner.username;
Action=LegKey; On=sip; sip_callid; addr; addr;
Action=LegStart; On=sip; sip_method=INVITE;
Action=LegStop; On=sip; sip_method=BYE;
#Action=Include; Filename=users.thing;
# will contain:
Action=Transform; On=sip; Method=Every; calling=merlia;
Action=Transform; On=sip; Method=Insert; calling=1793900802;
Action=PDU; Proto=q931; Transport=ip; addr=ip.addr; call_ref=q931.call_ref; q931_msg=q931.message_type; guid=h225.guid; called=q931.called_party_number.digits; calling=q931.calling_party_number.digits; q931_cause=q931.cause_value; h225_cause=h225.ReleaseCompleteReason;
Action=LegKey; On=q931; call_ref; addr; addr;
Action=LegStart; On=q931; q931_msg=5;
Action=LegStop; On=q931; q931_msg=90;
Action=PDU; Proto=isup; Transport=mtp3; mtp3pc=mtp3.dpc; mtp3pc=mtp3.opc; cic=isup.cic; isup_msg=isup.message_type; called=isup.called; calling=isup.calling; isup_cause=isup.cause_indicator;
Action=LegKey; On=isup; cic; mtp3pc; mtp3pc;
Action=LegStart; On=isup; isup_msg=1;
Action=LegStop; On=isup; isup_msg=16;
Action=PDU; Proto=h225.RasMessage; Transport=ip; ras_msg=h225.RasMessage; addr=ip.addr; guid=h225.guid; seqnum=h225.RequestSeqNum;
Action=LegKey; On=h225.RasMessage; addr; addr; seqnum;
Action=LegStart; On=h225.RasMessage; ras_msg|0|3|6|9|12|15|18|21|26|30;
Action=LegStop; On=h225.RasMessage; ras_msg|1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31;
Action=PDU; Proto=megaco; Transport=ip; addr=ip.addr; megaco_ctx=megaco.context; megaco_trx=megaco.transid; megaco_msg=megaco.transaction; term=megaco.termid;
Action=LegKey; On=megaco; addr; addr; megaco_trx;
Action=LegStart; On=megaco; megaco_msg|Request|Notify;
Action=LegStop; On=megaco; megaco_msg=Reply;
#Action=Include; Filename=mgw.thing;
# will contain the whole list of dpc:cic -> ds1_term mappings like the following
Action=Transform; On=isup; Method=Every; mtp3pc=1921; cic=1;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/1;
Action=Transform; On=isup; Method=Every; mtp3pc=1921; cic=2;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/2;
Action=Transform; On=isup; Method=Every; mtp3pc=1921; cic=14;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/14;
Action=PDU; Proto=rtsp; Transport=ip; isup_msg=isup.message_type; calling=X_Vig_Msisdn; rtsp_method=rtsp.method; rtsp_ses=rtsp.session; addr=ip.addr; rtsp_url=rtsp.url;
Action=LegKey; On=rtsp; rtsp_ses;
Action=LegStart; On=rtsp; rtsp_method=SETUP;
Action=LegStop; On=rtsp; rtsp_method=TEARDOWN;
Action=PDU; Proto=radius; Transport=ip; radius_id=radius.id; radius_code=radius.code; class=radius.class; addr=ip.addr; calling=radius.calling; rad_sesid=radius.acct.sessionid;
Action=LegKey; On=radius; addr; addr; radius_id;
Action=LegStart; On=radius; radius_code|1|4;
Action=LegStop; On=radius; radius_code|2|3|5;
Action=LegExtra; On=radius; calling; rad_sesid;
Action=LegExtra; On=sip; calling!-;
Action=LegExtra; On=q931; called; calling; guid; q931_cause; h225_cause;
Action=LegExtra; On=h225.RasMessage; guid;
Action=LegExtra; On=isup; called; calling; isup_cause; term;
Action=LegExtra; On=megaco; term^DS1; megaco_ctx!Choose one;
Action=LegExtra; On=rtsp; rtsp_url; calling;
Action=LegExtra; On=radius; calling;
Action=SesKey; Name=call; On=sip; calling; sip_callid;
Action=SesKey; Name=call; On=isup; calling;
Action=SesKey; Name=call; On=q931; calling;
Action=SesKey; Name=call; On=megaco; term^DS1;
Action=SesKey; Name=call; On=megaco; megaco_ctx;
Action=SesKey; Name=call; On=rtsp; calling;
Action=SesKey; Name=call; On=h225.RasMessage; guid;
Action=SesExtra; On=call; called; term^DS1; megaco_ctx; guid; q931_cause; h225_cause; isup_cause; rtsp_url;

38
plugins/mate/examples/ftp.thing Normal file
View File

@ -0,0 +1,38 @@
# ftp.thing
Action=Settings; Debug_PDU=9;
# at every packet mate will try match the PDUS in order
# if Proto exists for the current frame a mate's PDU will be created.
# for attributes to be imported from the tree they must be inside
# either in the span of the the Proto
# or in that of any of the protocols in the Transport stack
#
# The PDU's AVPL will contain all the remaining attributes
Action=PDU; Name=FTP; Proto=ftp; Transport=tcp/ip; ftp_addr=ip.addr; tcp_port=tcp.port; addr=ftp.passive.ip; port=ftp.passive.port; ftp_cmd=ftp.request.command;
Action=PDU; Name=TCP; Proto=tcp; Transport=ip; addr=ip.addr; port=tcp.port; tcp_start=tcp.flags.syn; tcp_stop=tcp.flags.reset; tcp_stop=tcp.flags.fin;
# once all PDUs for a packet have being created
# they will be matched against their relative LegKeys
# the attribute On specifies for which type of PDU the leg will be created
# the remaining of the AVPL will be used to create the key of the leg
# the matched attributes will become attributes of the leg
Action=LegKey; On=FTP; ftp_addr; ftp_addr; tcp_port; tcp_port;
Action=LegKey; On=TCP; addr; addr; port; port;
# LegExtra is used to copy into the leg any other attributes from the PDU
# that may be usefull later in the analysis
Action=LegExtra; On=FTP; addr; port;
Action=LegExtra; On=TCP; tcp_start; tcp_stop;
# Legs are created when a PDU that belongs to them matches the LegStart AVPL
Action=LegStart; On=FTP; ftp_cmd=USER;
Action=LegStart; On=TCP; tcp_start=1;
# and stopped when the PDU matches the LegStop AVPL
Action=LegStop; On=FTP; ftp_cmd=QUIT;
Action=LegStop; On=TCP; tcp_stop=1;
Action=SesKey; Name=ftp_session; On=FTP; ftp_addr; ftp_addr; ftp_port; ftp_port;
Action=SesKey; Name=ftp_session; On=TCP; addr; port;
Action=SesExtra; On=ftp_session; addr; port;

261
plugins/mate/examples/mgw.thing Normal file
View File

@ -0,0 +1,261 @@
# the transformations example file
# the match (Method=extact|Method=loose|Method=Every)
# must precede the replace (Method=replace|Method=Insert)
# the list is going to be applied in order
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=1;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/1;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=2;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/2;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=3;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/3;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=4;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/4;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=5;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/5;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=6;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/6;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=7;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/7;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=8;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/8;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=9;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/9;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=10;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/10;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=11;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/11;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=12;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/12;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=13;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/13;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=14;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/14;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=15;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/15;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=16;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/16;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=17;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/17;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=18;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/18;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=19;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/19;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=20;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/20;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=21;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/21;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=22;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/22;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=23;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/23;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=24;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/24;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=25;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/25;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=26;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/26;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=27;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/27;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=28;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/28;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=29;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/29;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=30;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/30;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=31;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/31;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=32;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/0;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=33;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/1;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=34;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/2;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=35;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/3;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=36;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/4;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=37;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/5;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=38;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/6;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=39;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/7;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=40;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/8;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=41;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/9;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=42;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/10;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=43;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/11;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=44;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/12;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=45;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/13;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=46;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/14;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=47;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/15;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=48;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/16;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=49;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/17;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=50;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/18;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=51;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/19;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=52;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/20;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=53;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/21;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=54;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/22;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=55;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/23;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=56;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/24;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=57;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/25;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=58;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/26;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=59;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/27;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=60;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/28;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=61;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/29;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=62;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/30;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=1;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/1;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=2;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/2;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=3;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/3;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=4;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/4;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=5;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/5;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=6;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/6;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=7;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/7;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=8;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/8;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=9;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/9;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=10;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/10;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=11;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/11;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=12;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/12;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=13;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/13;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=14;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/14;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=15;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/15;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=16;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/16;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=17;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/17;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=18;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/18;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=19;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/19;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=20;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/20;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=21;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/21;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=22;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/22;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=23;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/23;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=24;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/24;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=25;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/25;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=26;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/26;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=27;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/27;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=28;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/28;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=29;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/29;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=30;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/30;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=31;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/31;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=32;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/0;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=33;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/1;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=34;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/2;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=35;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/3;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=36;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/4;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=37;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/5;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=38;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/6;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=39;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/7;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=40;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/8;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=41;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/9;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=42;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/10;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=43;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/11;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=44;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/12;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=45;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/13;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=46;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/14;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=47;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/15;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=48;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/16;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=49;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/17;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=50;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/18;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=51;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/19;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=52;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/20;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=53;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/21;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=54;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/22;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=55;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/23;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=56;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/24;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=57;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/25;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=58;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/26;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=59;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/27;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=60;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/28;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=61;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/29;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=62;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/30;

18
plugins/mate/examples/mgw2.thing Normal file
View File

@ -0,0 +1,18 @@
# the transformations example file
# the match (Method=extact|Method=loose|Method=Every)
# must precede the replace (Method=replace|Method=Insert)
# the list is going to be applied in order
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=49;
Action=Transform; On=isup; Method=Insert; term=DS1/3/2/1;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=61;
Action=Transform; On=isup; Method=Insert; term=DS1/2/2/29;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=61;
Action=Transform; On=isup; Method=Insert; term=DS1/2/2/29;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=63;
Action=Transform; On=isup; Method=Insert; term=DS1/2/2/31;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=109;
Action=Transform; On=isup; Method=Insert; term=DS1/2/3/13;

248
plugins/mate/examples/mgw_mi.thing Normal file
View File

@ -0,0 +1,248 @@
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=1;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/1;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=2;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/2;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=3;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/3;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=4;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/4;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=5;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/5;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=6;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/6;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=7;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/7;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=8;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/8;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=9;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/9;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=10;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/10;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=11;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/11;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=12;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/12;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=13;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/13;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=14;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/14;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=15;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/15;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=16;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/16;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=17;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/17;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=18;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/18;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=19;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/19;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=20;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/20;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=21;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/21;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=22;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/22;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=23;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/23;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=24;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/24;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=25;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/25;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=26;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/26;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=27;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/27;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=28;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/28;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=29;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/29;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=30;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/30;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=31;
Action=Transform; On=isup; Method=Insert; term=DS1/0/1/31;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=33;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/1;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=34;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/2;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=35;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/3;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=36;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/4;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=37;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/5;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=38;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/6;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=39;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/7;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=40;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/8;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=41;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/9;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=42;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/10;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=43;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/11;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=44;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/12;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=45;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/13;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=46;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/14;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=47;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/15;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=48;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/16;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=49;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/17;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=50;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/18;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=51;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/19;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=52;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/20;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=53;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/21;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=54;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/22;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=55;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/23;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=56;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/24;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=57;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/25;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=58;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/26;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=59;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/27;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=60;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/28;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=61;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/29;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=62;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/30;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=63;
Action=Transform; On=isup; Method=Insert; term=DS1/3/1/31;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=33;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/1;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=34;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/2;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=35;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/3;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=36;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/4;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=37;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/5;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=38;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/6;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=39;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/7;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=40;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/8;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=41;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/9;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=42;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/10;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=43;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/11;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=44;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/12;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=45;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/13;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=46;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/14;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=47;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/15;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=48;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/16;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=49;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/17;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=50;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/18;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=51;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/19;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=52;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/20;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=53;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/21;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=54;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/22;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=55;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/23;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=56;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/24;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=57;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/25;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=58;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/26;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=59;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/27;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=60;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/28;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=61;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/29;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=62;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/30;
Action=Transform; On=isup; Method=Every; mtp3pc=5378; cic=63;
Action=Transform; On=isup; Method=Insert; term=DS1/1/1/31;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=1;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/1;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=2;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/2;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=3;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/3;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=4;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/4;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=5;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/5;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=6;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/6;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=7;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/7;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=8;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/8;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=9;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/9;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=10;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/10;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=11;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/11;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=12;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/12;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=13;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/13;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=14;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/14;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=15;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/15;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=16;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/16;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=17;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/17;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=18;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/18;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=19;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/19;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=20;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/20;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=21;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/21;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=22;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/22;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=23;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/23;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=24;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/24;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=25;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/25;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=26;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/26;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=27;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/27;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=28;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/28;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=29;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/29;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=30;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/30;
Action=Transform; On=isup; Method=Every; mtp3pc=11522; cic=31;
Action=Transform; On=isup; Method=Insert; term=DS1/1/2/31;

22
plugins/mate/examples/newcall.mate Normal file
View File

@ -0,0 +1,22 @@
Action=Settings; Debug_Cfg=1; Debug_Leg=5;
#Debug_PDU=9;
Action=PDU; Name=Q931; Proto=q931; Transport=ip; addr=ip.addr; call_ref=q931.call_ref; q931_msg=q931.message_type; guid=h225.guid; called=q931.called_party_number.digits; calling=q931.calling_party_number.digits; q931_cause=q931.cause_value; h225_cause=h225.ReleaseCompleteReason;
Action=PDU; Name=ISUP; Proto=isup; Transport=mtp3; mtp3pc=mtp3.dpc; mtp3pc=mtp3.opc; cic=isup.cic; isup_msg=isup.message_type; called=isup.called; calling=isup.calling; isup_cause=isup.cause_indicator;
Action=PDU; Name=RAS; Proto=h225; Transport=ip; udp_port=udp.port; ras_msg=h225.RasMessage; addr=ip.addr; guid=h225.guid; seqnum=h225.RequestSeqNum;
Action=Grp; Grp=isup; On=ISUP; cic; mtp3pc; mtp3pc;
Action=GrpStart; Grp=isup; isup_msg=1;
Action=GrpStop; Grp=isup; isup_msg=16;
Action=GrpExtra; Grp=isup; called; calling; isup_cause;
Action=GrpKey; Name=q931; On=Q931; call_ref; addr; addr;
Action=GrpStart; Grp=q931; q931_msg=5;
Action=GrpStop; Grp=q931; q931_msg=90;
Action=GrpExtra; Grp=q931; guid; called; calling; q931_cause; h225_cause;
Action=GrpKey; Name=ras; On=RAS; seqnum; addr; addr;
Action=GrpStart; Grp=ras; ras_msg|0|3|6|9|12|15|18|21|26|30;
Action=GrpStop; Grp=ras; ras_msg|1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31;
Action=GrpExtra; Grp=ras; guid;

20
plugins/mate/examples/nrg_sms.thing Normal file
View File

@ -0,0 +1,20 @@
# nrg_sms.thing
# (c) 2004, Luis E. Garcia Ontanon
# Distributed under GPL see http://www.gno.org/gpl.html for licencing info
#Action=Settings; DiscardPduData=TRUE; Debug_Leak=3; Filename=/Users/lego/Desktop/call_thing.log;
Action=PDU; Proto=ucp; Transport=ip; addr=ip.addr; ucp_trn=ucp.hdr.TRN; ucp_ot=ucp.hdr.OT; ucp_type=ucp.hdr.O_R; e164=ucp.parm.AdC;
Action=LegKey; On=ucp; ucp_trn; addr; addr;
Action=LegStart; On=ucp; ucp_type=79;
Action=LegStop; On=ucp; ucp_type=82;
Action=LegExtra; On=ucp; e164; ucp_ot;
Action=PDU; Proto=giop; Transport=ip; addr=ip.addr; giop_id=giop.request_id; giop_op=giop.request_op; giop_type=giop.type;
Action=LegKey; On=giop; giop_id; addr; addr;
Action=LegStart; On=giop; giop_type=0;
Action=LegStop; On=giop; giop_type=1;
Action=LegExtra; On=giop; giop_op;

11
plugins/mate/examples/rad.thing Normal file
View File

@ -0,0 +1,11 @@
Action=Settings; SessionExpire=300;
Action=PDU; Proto=radius; Transport=ip; radius_id=radius.id; radius_code=radius.code; class=radius.class; addr=ip.addr; calling=radius.calling; rad_sesid=radius.acct.sessionid;
Action=LegKey; On=radius; addr; addr; radius_id;
Action=LegStart; On=radius; radius_code|1|4;
Action=LegStop; On=radius; radius_code|2|3|5;
Action=LegExtra; On=radius; calling; class; rad_sesid;
Action=SesExtra; On=radses; calling; class;
Action=SesKey; Name=radses; On=radius; rad_sesid;

295
plugins/mate/mate.h Normal file
View File

@ -0,0 +1,295 @@
/* mate.h
* MATE -- Meta Analysis and Tracing Engine
*
* Copyright 2004, Luis E. Garcia Ontanon <luis.ontanon@gmail.com>
*
* $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __MATE_H_
#define __MATE_H_
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include "plugins/plugin_api.h"
#include "moduleinfo.h"
#include <gmodule.h>
#include <epan/packet.h>
#include <epan/strutil.h>
#include <epan/prefs.h>
#include <stdio.h>
#include <string.h>
#include <epan/proto.h>
#include <epan/epan_dissect.h>
#include <epan/tap.h>
#include "mate_util.h"
#include "plugins/plugin_api_defs.h"
/* defaults */
#define DEFAULT_MAX_MATE_ITEMS 0
#define DEFAULT_GOG_EXPIRATION 2.0
#ifdef WIN32
#define DIR_SEP '\\'
#else
#define DIR_SEP '/'
#endif
#define DEFAULT_MATE_LIB_PATH "matelib"
#define MATE_ITEM_ID_SIZE 24
/* Config AVP Names */
#define KEYWORD_ACTION "Action"
#define KEYWORD_SETTINGS "Settings"
#define KEYWORD_INCLUDE "Include"
#define KEYWORD_TRANSFORM "Transform"
#define KEYWORD_PDU "PduDef"
#define KEYWORD_PDUCRITERIA "PduCriteria"
#define KEYWORD_PDUEXTRA "PduExtra"
#define KEYWORD_PDUTRANSFORM "PduTransform"
#define KEYWORD_GOP "GopDef"
#define KEYWORD_GOPSTART "GopStart"
#define KEYWORD_GOPSTOP "GopStop"
#define KEYWORD_GOPEXTRA "GopExtra"
#define KEYWORD_GOPTRANSFORM "GopTransform"
#define KEYWORD_GOGDEF "GogDef"
#define KEYWORD_GOGKEY "GogKey"
#define KEYWORD_GOGEXTRA "GogExtra"
#define KEYWORD_GOGTRANSFORM "GogTransform"
#define KEYWORD_NAME "Name"
#define KEYWORD_ON "On"
#define KEYWORD_FOR "For"
#define KEYWORD_FROM "From"
#define KEYWORD_TO "To"
#define KEYWORD_MATCH "Match"
#define KEYWORD_MODE "Mode"
#define KEYWORD_FILENAME "Filename"
#define KEYWORD_PROTO "Proto"
#define KEYWORD_METHOD "Method"
#define KEYWORD_TRANSPORT "Transport"
#define KEYWORD_STRICT "Strict"
#define KEYWORD_LOOSE "Loose"
#define KEYWORD_EVERY "Every"
#define KEYWORD_REPLACE "Replace"
#define KEYWORD_INSERT "Insert"
#define KEYWORD_MAP "Map"
#define KEYWORD_GOGEXPIRE "GogExpiration"
#define KEYWORD_DISCARDPDU "DiscardPduData"
#define KEYWORD_LIBPATH "ThingLibPath"
#define KEYWORD_SHOWPDUTREE "ShowPduTree"
#define KEYWORD_SHOWGOPTIMES "ShowGopTimes"
#define KEYWORD_STOP "Stop"
#define KEYWORD_DROPGOP "DiscardUnassignedGop"
#define KEYWORD_DROPPDU "DiscardUnassignedPdu"
#define KEYWORD_DEBUGFILENAME "Debug_File"
#define KEYWORD_DBG_GENERAL "Debug_General"
#define KEYWORD_DBG_CFG "Debug_Cfg"
#define KEYWORD_DBG_PDU "Debug_PDU"
#define KEYWORD_DBG_GOP "Debug_Gop"
#define KEYWORD_DBG_GOG "Debug_Gog"
#ifdef _AVP_DEBUGGING
#define KEYWORD_DBG_AVPLIB "Debug_AVP_Lib"
#define KEYWORD_DBG_AVP "Debug_AVP"
#define KEYWORD_DBG_AVP_OP "Debug_AVP_Op"
#define KEYWORD_DBG_AVPL "Debug_AVPL"
#define KEYWORD_DBG_AVPL_OP "Debug_AVPL_Op"
#endif
#define VALUE_TOO ((void*)1)
typedef enum _mate_item_type {
MATE_UNK_TYPE,
MATE_PDU_TYPE,
MATE_GOP_TYPE,
MATE_GOG_TYPE
} mate_item_type;
typedef struct _mate_cfg_item mate_cfg_pdu;
typedef struct _mate_cfg_item mate_cfg_gop;
typedef struct _mate_cfg_item mate_cfg_gog;
typedef struct _mate_item mate_item;
typedef struct _mate_item mate_pdu;
typedef struct _mate_item mate_gop;
typedef struct _mate_item mate_gog;
typedef struct _mate_cfg_item {
guint8* name;
mate_item_type type;
GPtrArray* transforms; /* transformations to be applied */
AVPL* extra; /* attributes to be added */
guint last_id; /* keeps the last id given to an item of this kind */
int hfid;
GHashTable* my_hfids; /* for creating register info */
/* pdu */
gboolean discard_pdu_attributes;
gboolean last_to_be_created;
int hfid_proto;
GPtrArray* hfid_ranges; /* hfids of candidate ranges from which to extract attributes */
GHashTable* hfids_attr; /* k=hfid v=avp_name */
gboolean drop_pdu;
avpl_match_mode criterium_match_mode;
AVPL* criterium; /* must match to be created */
int hfid_pdu_rel_time;
/* gop */
AVPL* start; /* start candidate avpl */
AVPL* stop; /* stop candidate avpl */
AVPL* key; /* key candidate avpl */
gboolean show_pdu_tree;
gboolean show_gop_times;
gboolean drop_gop;
int hfid_gop_pdu;
int hfid_gop_start_time;
int hfid_gop_stop_time;
int hfid_gop_last_time;
int hfid_gop_num_pdus;
/* gog */
LoAL* keys;
float expiration;
int hfid_gog_num_of_gops;
int hfid_gog_gop;
} mate_cfg_item;
typedef struct _mate_config {
/* current defaults */
float gog_expiration; /* default expirations for gogs if undefined in gog */
gboolean discard_pdu_attributes; /* destroy the pdu's avpl once analyzed */
gboolean drop_pdu; /* destroy the pdu if not assign to a gop */
gboolean drop_gop; /* destroy the gop if not assign to a gog */
guint8* mate_lib_path; /* where to look for "Include" files first */
gboolean show_pdu_tree;
gboolean show_gop_times;
gboolean last_to_be_created;
avpl_match_mode match_mode;
avpl_replace_mode replace_mode;
/* what to dbgprint */
int dbg_lvl;
int dbg_cfg_lvl;
int dbg_pdu_lvl;
int dbg_gop_lvl;
int dbg_gog_lvl;
guint8* mate_config_file; /* name of the config file */
GString* mate_attrs_filter; /* "ip.addr || dns.id || ... " for the tap */
GString* mate_protos_filter; /* "dns || ftp || ..." for the tap */
FILE* dbg_facility; /* where to dump dbgprint output g_message if null */
guint8* tap_filter;
GHashTable* pducfgs; /* k=pducfg->name v=pducfg */
GHashTable* gopcfgs; /* k=gopcfg->name v=gopcfg */
GHashTable* gogcfgs; /* k=gogcfg->name v=gogcfg */
GHashTable* transfs; /* k=transform->name v=transform */
GPtrArray* pducfglist; /* pducfgs in order of "execution" */
GHashTable* gops_by_pduname; /* k=pducfg->name v=gopcfg */
GHashTable* gogs_by_gopname; /* k=gopname v=loal where avpl->name == matchedgop->name */
GArray* hfrs;
} mate_config;
typedef struct _mate_runtime_data {
guint current_items; /* a count of items */
GMemChunk* mate_items;
float now;
guint highest_analyzed_frame;
GHashTable* frames; /* k=frame.num v=pdus */
GHashTable* items; /* k=item->id v=item */
GHashTable* gops; /* k=gop_key_match v=gop */
GHashTable* gogs; /* k=gog_key_match v=gog */
} mate_runtime_data;
/* these are used to contain information regarding pdus, gops and gogs */
struct _mate_item {
/* all three of them */
guint8 id[MATE_ITEM_ID_SIZE]; /* 1:1 -> saving a g_malloc */
mate_cfg_item* cfg; /* the type of this item */
AVPL* avpl; /* the attributes of the pdu/gop/gog */
/* these two have different uses in pdu and gop/gog */
gint start; /* start of the pdu in the tvb / framenum of the start of a gop */
gint end; /* end of the pdu in the tvb / framenum of the stop of a gop */
mate_item* next; /* in pdu: next in gop; in gop: next in gog; in gog this doesn't make any sense yet */
/* union _payload { */
/* struct _pdu { */
guint32 frame; /* wich frame I belog to? */
mate_gop* gop; /* the gop the pdu belongs to (if any) */
gboolean first; /* is this the first pdu in this frame? */
gboolean is_start; /* this is the start pdu for this gop */
gboolean is_stop; /* this is the stop pdu for this gop */
gboolean after_release; /* this pdu comes after the stop */
float rel_time; /* time since gop start if in gop or start of capture if unassigned */
mate_pdu* next_in_frame; /* points to the next pdu in this frame */
/* } pdu; */
/* struct _gop { */
mate_gog* gog; /* the gog of a gop */
mate_pdu* pdus; /* pdus that belong to a gop (NULL in gog) */
float expiration; /* when will it expire once released? */
gboolean released; /* has this gop been released? */
int num_of_pdus; /* how many gops a gog has? */
int num_of_after_release_pdus; /* how many pdus have arrived since it's been released */
float start_time; /* time of start */
float release_time; /* when this gop was released */
float last_time; /* the rel time at which the last pdu/gop has been added */
guint8* gop_key; /* used by gop */
mate_pdu* last_pdu; /* last pdu in pdu's list */
/* } gop; */
/* struct _gog { */
mate_gop* gops; /* gops that belong to a gog (NULL in gop) */
int num_of_gops; /* how many gops a gog has? */
int num_of_released_gops; /* how many of them have already been released */
guint last_n; /* the number of attributes the avpl had the last time we checked */
GPtrArray* gog_keys; /* the keys under which this gog is stored in the gogs hash */
mate_gop* last_gop; /* last gop in gop's list */
/* } gog; */
/* } o; */
};
/* from mate_runtime.c */
extern void init_mate_runtime_data(void);
extern mate_pdu* mate_get_pdus(guint32 framenum);
extern int mate_packet(void *prs _U_, packet_info *pinfo, epan_dissect_t *edt, void *dummy _U_);
/* from mate_setup.c */
extern mate_config* mate_make_config(guint8* filename);
extern mate_config* mate_cfg();
#endif

62
plugins/mate/mate_plugin.c Normal file
View File

@ -0,0 +1,62 @@
/* mate_plugin.c
* MATE -- Meta Analysis Tracing Engine
*
* Copyright 2004, Luis E. Garcia Ontanon <luis.ontanon@gmail.com>
*
* $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* this file is used temporarily to buid it as a plugin */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "plugins/plugin_api.h"
#include "moduleinfo.h"
#include <gmodule.h>
#include "plugins/plugin_api_defs.h"
/* these two are in packet-mate.c */
void proto_register_mate(void);
void proto_reg_handoff_mate(void);
static gboolean initialized = FALSE;
#ifndef ENABLE_STATIC
G_MODULE_EXPORT const gchar version[] = VERSION;
G_MODULE_EXPORT void plugin_init(plugin_address_table_t *pat _U_ ) {
/* initialise the table of pointers needed in Win32 DLLs */
plugin_address_table_init(pat);
/* register the new protocol, protocol fields, and subtrees */
if (! initialized ) { /* execute protocol initialization only once */
proto_register_mate();
initialized = 1;
}
}
G_MODULE_EXPORT void plugin_reg_handoff(void)
{
proto_reg_handoff_mate();
}
#endif

742
plugins/mate/mate_runtime.c Normal file
View File

@ -0,0 +1,742 @@
/* mate_runtime.c
* MATE -- Meta Analysis Tracing Engine
*
* Copyright 2004, Luis E. Garcia Ontanon <luis.ontanon@gmail.com>
*
* $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* TODO:
+ fix debug_print levels
- timers
- on gops
- on gogs?
- on pdu?
+ transformations
+ maps
*/
#include "mate.h"
typedef struct _mate_range mate_range;
struct _mate_range {
guint start;
guint end;
};
typedef struct _tmp_pdu_data {
GPtrArray* ranges;
GHashTable* interesting;
mate_pdu* pdu;
} tmp_pdu_data;
mate_runtime_data* rd = NULL;
static mate_config* mc = NULL;
static int zero = 0;
static int* dbg = &zero;
static int* dbg_pdu = &zero;
static int* dbg_gop = &zero;
static int* dbg_gog = &zero;
static FILE* dbg_facility = NULL;
static gboolean destroy_mate_items(gpointer k _U_, gpointer v, gpointer p _U_) {
mate_item* mi = (mate_item*) v;
if (mi->gop_key) g_free(mi->gop_key);
if (mi->gog_keys) g_ptr_array_free (mi->gog_keys,TRUE);
delete_avpl(mi->avpl,TRUE);
return TRUE;
}
static void delete_mate_runtime_data(mate_runtime_data* rdat) {
g_hash_table_destroy(rdat->gops);
g_hash_table_destroy(rdat->frames);
g_hash_table_destroy(rdat->gogs);
g_hash_table_foreach_remove(rdat->items,destroy_mate_items,FALSE);
g_hash_table_destroy(rdat->items);
g_mem_chunk_destroy (rdat->mate_items);
g_free(rdat);
}
extern void init_mate_runtime_data(void) {
if (rd) {
delete_mate_runtime_data(rd);
}
rd = g_malloc(sizeof(mate_runtime_data));
mc = mate_cfg();
rd->current_items = 0;
rd->now = -1.0;
rd->frames = g_hash_table_new(g_direct_hash,g_direct_equal);
rd->items = g_hash_table_new(g_str_hash,g_str_equal);
rd->gops = g_hash_table_new(g_str_hash,g_str_equal);
rd->gogs = g_hash_table_new(g_str_hash,g_str_equal);
rd->mate_items = g_mem_chunk_new("mate_items",sizeof(mate_item),1024,G_ALLOC_AND_FREE);
}
/* creates a mate_item*/
static mate_item* new_mate_item(mate_cfg_item* cfg) {
mate_item* it = g_mem_chunk_alloc(rd->mate_items);
it->cfg = cfg;
cfg->last_id++;
g_snprintf(it->id,MATE_ITEM_ID_SIZE,"%s:%i",cfg->name,cfg->last_id);
it->avpl = NULL ;
it->start = 0 ;
it->end = 0 ;
it->frame = 0 ;
it->next = NULL ;
it->released = FALSE ;
it->expiration = 0.0;
rd->current_items++;
return it;
}
/* a new gop */
static mate_gop* new_gop(mate_cfg_gop* cfg, mate_pdu* pdu, guint8* key) {
mate_gop* gop = new_mate_item(cfg);
dbg_print (dbg_gop,1,dbg_facility,"new_gop: %s: ``%s''",gop->id,key);
gop->avpl = new_avpl("attributes");
gop->gog = NULL;
gop->pdus = pdu;
gop->last_pdu = pdu;
gop->gop_key = key;
gop->next = NULL;
gop->start_time = pdu->rel_time;
gop->release_time = 0.0;
gop->last_time = 0.0;
pdu->gop = gop;
pdu->next = NULL;
pdu->is_start = TRUE;
pdu->rel_time = 0.0;
return gop;
}
static void adopt_gop(mate_gog* gog, mate_gop* gop) {
dbg_print (dbg_gog,5,dbg_facility,"adopt_gop: gog=%X gop=%X",gog,gop);
gop->gog = gog;
gop->next = NULL;
gog->num_of_gops++;
if (gog->last_gop) {
gog->last_gop->next = gop;
}
gog->last_gop = gop;
if (! gog->gops ) {
gog->gops = gop;
}
}
/* a new gog */
static mate_gog* new_gog(mate_cfg_gog* cfg, mate_gop* gop) {
mate_gog* gog = new_mate_item(cfg);
dbg_print (dbg_gog,1,dbg_facility,"new_gog: %s for %s",gog->id,gop->id);
gog->cfg = cfg;
gog->avpl = new_avpl("");
gog->gops = NULL;
gog->last_n = 0;
gog->gog_keys = g_ptr_array_new();
gog->last_gop = NULL;
gog->start_time = gop->rel_time;
adopt_gop(gog,gop);
return gog;
}
static void apply_transforms(mate_item* item) {
AVPL_Transf* transform = NULL;
guint i;
for (i = 0; i < item->cfg->transforms->len; i++) {
transform = g_ptr_array_index(item->cfg->transforms,i);
avpl_transform(item->avpl, transform);
}
}
/* applies the extras for which type to what avpl */
static void apply_extras(AVPL* from, AVPL* to, mate_cfg_item* cfg) {
AVPL* our_extras = NULL;
if (cfg->extra) {
dbg_print (dbg,3,dbg_facility,"apply_extras: entering: from='%s' to='%s' for='%s'\n",from->name,to->name,cfg->name);
our_extras = new_avpl_loose_match("",from, cfg->extra, FALSE) ;
if (our_extras) {
merge_avpl(to,our_extras,TRUE);
delete_avpl(our_extras,FALSE);
}
}
}
static void gog_remove_keys (mate_gog* gog) {
guint8* k;
while (gog->gog_keys->len) {
k = (guint8*) g_ptr_array_remove_index_fast(gog->gog_keys,0);
g_hash_table_remove(rd->gogs,k);
g_free(k);
}
}
static void reanalyze_gop(mate_gop* gop) {
LoAL* gog_keys = NULL;
AVPL* curr_gogkey = NULL;
void* cookie = NULL;
AVPL* gogkey_match = NULL;
mate_gog* gog = gop->gog;
guint8* key;
if ( ! gog ) return;
dbg_print (dbg_gog,1,dbg_facility,"reanalize_gop: gop=%s gog=%s\n",gop->id,gog->id);
apply_extras(gop->avpl,gog->avpl,gog->cfg);
if (gog->last_n != gog->avpl->len) {
dbg_print (dbg_gog,2,dbg_facility,"analize_gop: gog has new attributes let's look for new keys\n");
gog_keys = gog->cfg->keys;
while (( curr_gogkey = get_next_avpl(gog_keys,&cookie) )) {
if (( gogkey_match = new_avpl_exact_match("",gog->avpl,curr_gogkey,FALSE) )) {
key = avpl_to_str(gogkey_match);
if ( g_hash_table_lookup(rd->gogs,key) ) {
g_free(key);
} else {
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: new key for gog=%s : %s\n",gog->id,key);
g_hash_table_insert(rd->gogs,key,gog);
g_ptr_array_add(gog->gog_keys,key);
}
delete_avpl(gogkey_match,FALSE);
}
}
gog->last_n = gog->avpl->len;
}
if (gog->num_of_released_gops == gog->num_of_gops) {
gog->released = TRUE;
gog->expiration = gog->cfg->expiration + rd->now;
} else {
gog->released = FALSE;
}
}
static void analize_gop(mate_gop* gop) {
mate_cfg_gog* cfg = NULL;
LoAL* gog_keys = NULL;
AVPL* curr_gogkey = NULL;
void* cookie = NULL;
AVPL* gogkey_match = NULL;
mate_gog* gog = NULL;
guint8* key = NULL;
if ( ! ( gog = gop->gog ) ) {
/* no gog, let's either find one or create it if due */
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: no gog\n");
gog_keys = g_hash_table_lookup(mc->gogs_by_gopname,gop->cfg->name);
if ( ! gog_keys ) {
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: no gog_keys for this gop\n");
return;
}
/* We'll look for any matching gogkeys */
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: got gog_keys\n");
while (( curr_gogkey = get_next_avpl(gog_keys,&cookie) )) {
dbg_print (dbg_gog,2,dbg_facility,"analize_gop: about to match\n");
if (( gogkey_match = new_avpl_exact_match(curr_gogkey->name,gop->avpl,curr_gogkey,TRUE) )) {
key = avpl_to_str(gogkey_match);
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: got gogkey_match: %s\n",key);
if (( gog = g_hash_table_lookup(rd->gogs,key) )) {
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: got already a matching gog\n");
if (gog->num_of_gops == gog->num_of_released_gops && gog->expiration < rd->now) {
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: this is a new gog, not the old one, let's create it\n");
gog_remove_keys(gog);
gog = new_gog(gog->cfg,gop);
gog->num_of_gops = 1;
break;
} else {
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: this is our gog\n");
g_free(key);
if (! gop->gog ) adopt_gop(gog,gop);
break;
}
} else {
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: no such gog in hash, let's create a new one\n");
cfg = g_hash_table_lookup(mc->gogcfgs,curr_gogkey->name);
gog = new_gog(cfg,gop);
gog->num_of_gops = 1;
}
delete_avpl(gogkey_match,TRUE);
gogkey_match = NULL;
}
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: no gogkey_match: %s\n",key);
}
if (gogkey_match) delete_avpl(gogkey_match,TRUE);
reanalyze_gop(gop);
}
}
static void analize_pdu(mate_pdu* pdu) {
/* TODO:
return a g_boolean to tell we've destroyed the pdu when the pdu is unnassigned
destroy the unassigned pdu
*/
mate_cfg_gop* cfg = NULL;
mate_gop* gop = NULL;
guint8* gop_key;
guint8* orig_gop_key = NULL;
AVPL* candidate_gop_key_match = NULL;
AVPL* candidate_start = NULL;
AVPL* candidate_stop = NULL;
AVPL* our_extras = NULL;
AVPL* is_start = NULL;
AVPL* is_stop = NULL;
AVPL* gopkey_match = NULL;
guint8* avpl_str = NULL;
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: %s\n",pdu->cfg->name);
apply_transforms(pdu);
cfg = g_hash_table_lookup(mc->gops_by_pduname,pdu->cfg->name);
if (!cfg) return;
candidate_gop_key_match = cfg->key;
if (! candidate_gop_key_match) return;
avpl_str = avpl_to_str(candidate_gop_key_match);
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: got candidate key: %s\n",avpl_str);
g_free(avpl_str);
gopkey_match = new_avpl_exact_match("",pdu->avpl,candidate_gop_key_match, TRUE);
if (gopkey_match) {
gop_key = avpl_to_str(gopkey_match);
candidate_start = cfg->start;
if (candidate_start) {
avpl_str = avpl_to_str(candidate_start);
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: got candidate start: %s\n",avpl_str);
g_free(avpl_str);
is_start = new_avpl_exact_match("",pdu->avpl, candidate_start, FALSE);
}
if (is_start) {
avpl_str = avpl_to_str(is_start);
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: got start match: %s\n",avpl_str);
g_free(avpl_str);
delete_avpl(is_start,FALSE);
}
g_hash_table_lookup_extended(rd->gops,gop_key,(gpointer*)&orig_gop_key,(gpointer*)&gop);
if ( gop ) {
g_free(gop_key);
gop_key = orig_gop_key;
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: got gop: %s\n",gop_key);
if (is_start) {
if ( gop->released ) {
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: new gop on released key before key expiration\n");
g_hash_table_remove(rd->gops,gop_key);
gop = new_gop(cfg,pdu,gop_key);
g_hash_table_insert(rd->gops,gop_key,gop);
}
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: duplicate start on gop\n");
}
pdu->gop = gop;
if (gop->last_pdu) gop->last_pdu->next = pdu;
gop->last_pdu = pdu;
pdu->next = NULL;
pdu->rel_time -= gop->start_time;
if (gop->released) pdu->after_release = TRUE;
} else {
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: no gop\n");
if (is_start) {
gop = new_gop(cfg,pdu,gop_key);
g_hash_table_insert(rd->gops,gop_key,gop);
} else {
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: an unassigned pdu\n");
pdu->gop = NULL;
pdu->next = NULL;
return;
}
}
if ( gop ) gop->num_of_pdus++;
dbg_print (dbg_gop,4,dbg_facility,"analize_pdu: merge with key\n");
merge_avpl(gop->avpl,gopkey_match,TRUE);
delete_avpl(gopkey_match,TRUE);
dbg_print (dbg_gop,4,dbg_facility,"analize_pdu: apply extras\n");
apply_extras(pdu->avpl,gop->avpl,gop->cfg);
avpl_str = avpl_to_str(gop->avpl);
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: Gop Attributes: %s\n",avpl_str);
g_free(avpl_str);
gop->last_time = pdu->rel_time;
if ( ! gop->released) {
candidate_stop = cfg->stop;
if (candidate_stop) {
dbg_print (dbg_gop,4,dbg_facility,"analize_pdu: got candidate stop\n");
is_stop = new_avpl_exact_match("",pdu->avpl, candidate_stop,FALSE);
}
if(is_stop) {
avpl_str = avpl_to_str(is_stop);
dbg_print (dbg_gop,1,dbg_facility,"analize_pdu: is_stop: %s\n",avpl_str);
g_free(avpl_str);
delete_avpl(is_stop,FALSE);
if (! gop->released) {
gop->released = TRUE;
gop->release_time = pdu->rel_time;
if (gop->gog) gop->gog->num_of_released_gops++;
}
pdu->is_stop = TRUE;
} else {
dbg_print (dbg_gop,4,dbg_facility,"analize_pdu: is not a stop\n");
}
}
if (gop->last_n != gop->avpl->len) apply_transforms(gop);
gop->last_n = gop->avpl->len;
if (gop->gog) {
reanalyze_gop(gop);
} else {
analize_gop(gop);
}
} else {
dbg_print (dbg_gop,4,dbg_facility,"analize_pdu: no gop_key\n");
pdu->gop = NULL;
}
}
static void get_pdu_fields(gpointer k, gpointer v, gpointer p) {
int hfid = *((int*) k);
guint8* name = (guint8*) v;
tmp_pdu_data* data = (tmp_pdu_data*) p;
GPtrArray* fis;
field_info* fi;
guint i,j;
mate_range* curr_range;
guint start;
guint end;
AVP* avp;
guint8* s;
/* no warning */
k = p;
fis = (GPtrArray*) g_hash_table_lookup(data->interesting,(gpointer) hfid);
if (fis) {
for (i = 0; i < fis->len; i++) {
fi = (field_info*) g_ptr_array_index(fis,i);
start = fi->start;
end = fi->start + fi->length;
dbg_print(dbg_pdu,6,dbg_facility,"get_pdu_fields: found field %i-%i\n",start,end);
for (j = 0; j < data->ranges->len; j++) {
curr_range = (mate_range*) g_ptr_array_index(data->ranges,j);
dbg_print(dbg_pdu,6,dbg_facility,"get_pdu_fields: check if in range %i-%i\n",curr_range->start,curr_range->end);
if (curr_range->end >= end && curr_range->start <= start) {
avp = new_avp_from_finfo(name, fi);
s = avp_to_str(avp);
dbg_print(dbg_pdu,5,dbg_facility,"get_pdu_fields: got %s\n",s);
g_free(s);
if (! insert_avp(data->pdu->avpl,avp) ) {
delete_avp(avp);
}
}
}
}
}
}
static mate_pdu* new_pdu(mate_cfg_pdu* cfg, guint32 framenum, field_info* proto, GHashTable* interesting) {
mate_pdu* pdu = new_mate_item(cfg);
field_info* cfi;
GPtrArray* ptrs;
mate_range* range;
mate_range* proto_range;
tmp_pdu_data data;
guint i,j;
gint min_dist;
field_info* range_fi;
gint32 last_start;
int hfid;
dbg_print (dbg_pdu,2,dbg_facility,"new_pdu: type=%s framenum=%i\n",cfg->name,framenum);
pdu->avpl = new_avpl(pdu->id);
pdu->cfg = cfg;
pdu->gop = NULL;
pdu->next_in_frame = NULL;
pdu->next = NULL;
pdu->first = FALSE;
pdu->is_start = FALSE;
pdu->is_stop = FALSE;
pdu->after_release = FALSE;
pdu->start = proto->start;
pdu->end = pdu->start + proto->length;
pdu->frame = framenum;
pdu->rel_time = rd->now;
data.ranges = g_ptr_array_new();
data.pdu = pdu;
data.interesting = interesting;
/* first we create the proto range */
proto_range = g_malloc(sizeof(mate_range));
proto_range->start = pdu->start;
proto_range->end = pdu->end;
g_ptr_array_add(data.ranges,proto_range);
dbg_print(dbg_pdu,3,dbg_facility,"new_pdu: proto range %u-%u\n",proto_range->start,proto_range->end);
last_start = proto_range->start;
for (i = 0; i < cfg->hfid_ranges->len; i++) {
hfid = *((int*)g_ptr_array_index(cfg->hfid_ranges,i));
ptrs = (GPtrArray*) g_hash_table_lookup(interesting,GINT_TO_POINTER(hfid));
min_dist = 99999;
range_fi = NULL;
if (ptrs) {
for (j=0; j < ptrs->len; j++) {
cfi = (field_info*) g_ptr_array_index(ptrs,j);
if (cfi->start < last_start && min_dist >= (last_start - cfi->start) ) {
range_fi = cfi;
min_dist = last_start - cfi->start;
}
}
if ( range_fi ) {
range = g_malloc(sizeof(range));
range->start = range_fi->start;
range->end = range_fi->start + range_fi->length;
g_ptr_array_add(data.ranges,range);
last_start = range_fi->start;
dbg_print(dbg_pdu,3,dbg_facility,"new_pdu: transport(%i) range %i-%i\n",hfid,range->start,range->end);
} else {
/* what do I do if I miss a range? */
}
}
}
g_hash_table_foreach(cfg->hfids_attr,get_pdu_fields,&data);
g_ptr_array_free(data.ranges,TRUE);
return pdu;
}
extern int mate_packet(void *prs _U_, packet_info *pinfo, epan_dissect_t *edt, void *dummy _U_) {
mate_pdu* pdu = NULL;
mate_pdu* last = NULL;
proto_tree* tree = edt->tree;
mate_cfg_pdu* cfg;
GPtrArray* protos;
field_info* proto;
guint i,j;
rd->now = (((float)pinfo->fd->rel_secs) + (((float)pinfo->fd->rel_usecs) / 1000000) );
dbg_print (dbg,3,dbg_facility,"mate_packet: got frame number: %i at %d\n",pinfo->fd->num,rd->now);
if ( tree->tree_data && tree->tree_data->interesting_hfids ) {
for ( i = 0; i < mc->pducfglist->len; i++ ) {
cfg = g_ptr_array_index(mc->pducfglist,i);
dbg_print (dbg_pdu,4,dbg_facility,"mate_packet: tryning to extract: %s\n",cfg->name);
protos = (GPtrArray*) g_hash_table_lookup(tree->tree_data->interesting_hfids,(gpointer) cfg->hfid_proto);
if (protos) {
pdu = NULL;
for (j = 0; j < protos->len; j++) {
dbg_print (dbg_pdu,3,dbg_facility,"mate_packet: found matching proto, extracting: %s\n",cfg->name);
proto = (field_info*) g_ptr_array_index(protos,j);
pdu = new_pdu(cfg, pinfo->fd->num, proto, tree->tree_data->interesting_hfids);
if (!last) {
g_hash_table_insert(rd->frames,(gpointer) pinfo->fd->num,pdu);
last = pdu;
} else {
last->next_in_frame = pdu;
last = pdu;
}
analize_pdu(pdu);
if ( cfg->discard_pdu_attributes ) {
delete_avpl(pdu->avpl,TRUE);
pdu->avpl = NULL;
}
}
if ( pdu && cfg->last_to_be_created ) break;
}
}
}
rd->highest_analyzed_frame = pinfo->fd->num;
dbg_print (dbg,6,dbg_facility,"do_mate: make_pdus done\n");
return 0;
}
extern mate_pdu* mate_get_pdus(guint32 framenum) {
if (rd) {
return (mate_pdu*) g_hash_table_lookup(rd->frames,GUINT_TO_POINTER(framenum));
} else {
return NULL;
}
}
/* this will be called when the mate's dissector is initialized */
extern void initialize_mate(guint8* configuration_filename) {
dbg_print (dbg,5,dbg_facility,"initialize_mate: entering");
if (( mc = mate_cfg() )) {
dbg_pdu = &(mc->dbg_pdu_lvl);
dbg_gop = &(mc->dbg_gop_lvl);
dbg_gog = &(mc->dbg_gog_lvl);
} else {
return;
}
return;
}

1417
plugins/mate/mate_setup.c Normal file
View File

File diff suppressed because it is too large Load Diff

1861
plugins/mate/mate_util.c Normal file
View File

File diff suppressed because it is too large Load Diff

284
plugins/mate/mate_util.h Normal file
View File

@ -0,0 +1,284 @@
/* mate_util.h
*
* Copyright 2004, Luis E. Garcia Ontanon <luis.ontanon@gmail.com>
*
* $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* Note:
* Although for now it is used only by tracing.c
* I decided to make it into a separate module
* since one day in the near future I will be using it
* to reimplement packet-radius.c
*/
#ifndef __AVP_H_
#define __AVP_H_
#include "epan/proto.h"
#include <sys/types.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
/* #define _AVP_DEBUGGING */
/******* dbg_print *********/
#define DEBUG_BUFFER_SIZE 4096
extern void dbg_print(const guint* which, guint how, FILE* where, guint8* fmt, ... );
/******* single copy strings *********/
extern void scs_init(GHashTable** hash);
extern guint8* scs_subscribe(GHashTable* collection, guint8* s);
extern void scs_unsubscribe(GHashTable* collection, guint8* s);
extern guint8* scs_subscribe_printf(GHashTable* collection, guint8* fmt, ...);
/******* AVPs & Co. *********/
#define AVP_CHUNK_SIZE 4096
/* these are the defined oreators of avps */
#define AVP_OP_EQUAL '='
#define AVP_OP_NOTEQUAL '!'
#define AVP_OP_STARTS '^'
#define AVP_OP_ENDS '$'
#define AVP_OP_CONTAINS '~'
#define AVP_OP_LOWER '<'
#define AVP_OP_HIGHER '>'
#define AVP_OP_EXISTS '?'
#define AVP_OP_ONEOFF '|'
#define AVP_OP_TRANSF '&'
/* an avp is an object made of a name a value and an operator */
typedef struct _avp {
guint8* n;
guint8* v;
guint8 o;
} AVP;
/* avp nodes are used in avp lists */
typedef struct _avp_node {
AVP* avp;
struct _avp_node* next;
struct _avp_node* prev;
} AVPN;
/* an avp list is a sorted set of avps */
typedef struct _avp_list {
guint8* name;
guint32 len;
AVPN null;
} AVPL;
/* an avpl transformation operation */
typedef enum _avpl_match_mode {
AVPL_NO_MATCH,
AVPL_STRICT,
AVPL_LOOSE,
AVPL_EVERY
} avpl_match_mode;
typedef enum _avpl_replace_mode {
AVPL_NO_REPLACE,
AVPL_INSERT,
AVPL_REPLACE,
} avpl_replace_mode;
typedef struct _avpl_transf AVPL_Transf;
struct _avpl_transf {
guint8* name;
AVPL* match;
AVPL* replace;
avpl_match_mode match_mode;
avpl_replace_mode replace_mode;
GHashTable* map;
AVPL_Transf* next;
};
/* loalnodes are used in LoALs */
typedef struct _loal_node {
AVPL* avpl;
struct _loal_node *next;
struct _loal_node *prev;
} LoALnode;
/* a loal is a list of avp lists */
typedef struct _loal {
guint8* name;
guint len;
LoALnode null;
} LoAL;
/* avp library (re)initialization */
extern void avp_init(void);
/* If enabled set's up the debug facilities for the avp library */
#ifdef _AVP_DEBUGGING
extern void setup_avp_debug(FILE* fp, int* general, int* avp, int* avp_op, int* avpl, int* avpl_op);
#endif /* _AVP_DEBUGGING */
/*
* avp constructors
*/
/* creates a new avp */
extern AVP* new_avp(guint8* name, guint8* value, guint8 op);
/* creates a copy od an avp */
extern AVP* avp_copy(AVP* from);
/* creates an avp from a field_info record */
extern AVP* new_avp_from_finfo(guint8* name, field_info* finfo);
/*
* avp destructor
*/
extern void delete_avp(AVP* avp);
/*
* avp methods
*/
/* returns a newly allocated string containing a representation of the avp */
#define avp_to_str(avp) (g_strdup_printf("%s%c%s",avp->n,avp->o,avp->v))
/* returns the src avp if the src avp matches(*) the op avp or NULL if it doesn't */
extern AVP* match_avp(AVP* src, AVP* op);
/*
* avplist constructors
*/
/* creates an empty avp list */
extern AVPL* new_avpl(guint8* name);
/* creates a copy of an avp list */
extern AVPL* new_avpl_from_avpl(guint8* name, AVPL* avpl, gboolean copy_avps);
/* creates an avp list containing any avps in src matching any avps in op
it will eventually create an empty list in none match */
extern AVPL* new_avpl_loose_match(guint8* name,AVPL* src, AVPL* op, gboolean copy_avps);
/* creates an avp list containing any avps in src matching every avp in op
it will not create a list if there is not a match for every attribute in op */
extern AVPL* new_avpl_every_match(guint8* name,AVPL* src, AVPL* op, gboolean copy_avps);
/* creates an avp list containing every avp in src matching every avp in op
it will not create a list unless every avp in op is matched only once to avery avp in op */
extern AVPL* new_avpl_exact_match(guint8* name,AVPL* src, AVPL* op, gboolean copy_avps);
/* uses mode to call one of the former matches. NO_MATCH = merge(merge(copy(src),op)) */
extern AVPL* new_avpl_from_match(avpl_match_mode mode, guint8* name,AVPL* src, AVPL* op, gboolean copy_avps);
/*
* avplist destructor
*/
extern void delete_avpl(AVPL* avpl, gboolean avps_too);
/*
* functions on avpls
*/
/* it will insert an avp to an avpl */
extern gboolean insert_avp(AVPL* avpl, AVP* avp);
/* renames an avpl */
extern void rename_avpl(AVPL* avpl, guint8* name);
/* it will add all the avps in src which don't match(*) any attribute in dest */
extern void merge_avpl(AVPL* dest, AVPL* src, gboolean copy);
/* it will return the first avp in an avpl whose name matches the given name.
will return NULL if there is not anyone matching */
extern AVP* get_avp_by_name(AVPL* avpl, guint8* name, void** cookie);
/* it will get the next avp from an avpl, using cookie to keep state */
extern AVP* get_next_avp(AVPL* avpl, void** cookie);
/* it will extract the first avp from an avp list */
extern AVP* extract_first_avp(AVPL* avpl);
/* it will extract the last avp from an avp list */
extern AVP* extract_last_avp(AVPL* avpl);
/* it will extract the first avp in an avpl whose name matches the given name.
it will not extract any and return NULL if there is not anyone matching */
extern AVP* extract_avp_by_name(AVPL* avpl, guint8* name);
/* returns a newly allocated string containing a representation of the avp list */
extern guint8* avpl_to_str(AVPL* avpl);
extern guint8* avpl_to_dotstr(AVPL*);
/* deletes an avp list and eventually it's contents */
extern void delete_avpl(AVPL* avpl, gboolean avps_too);
/*
* AVPL transformations
*/
extern AVPL_Transf* new_avpl_transform(guint8* name, AVPL* mixed, avpl_match_mode match_mode, avpl_replace_mode replace_mode);
extern void delete_avpl_transform(AVPL_Transf* it);
extern void avpl_transform(AVPL* src, AVPL_Transf* op);
/*
* Lists of AVP lists
*/
/* creates an empty list of avp lists */
extern LoAL* new_loal(guint8* name);
/* given a file loads all the avpls contained in it
every line is formatted as it is the output of avplist_to_string */
extern LoAL* loal_from_file(guint8* filename);
/* inserts an avplist into a LoAL */
extern void loal_append(LoAL* loal, AVPL* avpl);
/* extracts the first avp list from the loal */
extern AVPL* extract_first_avpl(LoAL* loal);
/* extracts the last avp list from the loal */
extern AVPL* extract_last_avpl(LoAL* loal);
/* it will get the next avp list from a LoAL, using cookie to keep state */
extern AVPL* get_next_avpl(LoAL* loal,void** cookie);
/* deletes a loal and eventually it's contents */
extern void delete_loal(LoAL* loal, gboolean avpls_too, gboolean avps_too);
#endif

19
plugins/mate/matelib/dns.mate Normal file
View File

@ -0,0 +1,19 @@
# dns.thing
Action=Settings; SessionExpiration=300;
Action=PDU; Proto=ftp; Transport=ip; addr=ip.addr; port=ftp.passive.port;
Action=LegKey; On=ftp; addr!65.;
Action=LegStart; On=ftp; addr!;
Action=PDU; Proto=tcp; Transport=ip; addr=ip.addr; port=tcp.port; tcp_start=tcp.flags.syn; tcp_stop=tcp.flags.reset; tcp_stop=tcp.flags.fin;
Action=LegKey; On=tcp; addr!21; addr; port; port;
Action=LegStart; On=tcp; tcp_start=1;
Action=LegStop; On=tcp; tcp_stop=1;
Action=PDU; Proto=dns; Transport=ip; addr=ip.addr; dns_id=dns.id; dns_rsp=dns.flags.response; dns_name=dns.name;
Action=LegKey; On=dns; addr; addr; dns_id;
Action=LegStart; On=dns; dns_rsp=0;
Action=LegStop; On=dns; dns_rsp=1;
Action=LegExtra; On=dns; dns_name;

7
plugins/mate/matelib/h225_ras.mate Normal file
View File

@ -0,0 +1,7 @@
# h225_ras.thing
# (c) 2004 Luis E. Garcia Ontanon
Action=PDU; Proto=h225.RasMessage; Transport=ip; ras_msg=h225.RasMessage; addr=ip.addr; guid=h225.guid; seqnum=h225.RequestSeqNum;
Action=LegKey; On=h225.RasMessage; addr; addr; seqnum;
Action=LegStart; On=h225.RasMessage; ras_msg|0|3|6|9|12|15|18|21|26|30;
Action=LegStop; On=h225.RasMessage; ras_msg|1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31;

6
plugins/mate/matelib/isup.mate Normal file
View File

@ -0,0 +1,6 @@
# isup.thing
Action=PDU; Proto=isup; Transport=mtp3; mtp3pc=mtp3.dpc; mtp3pc=mtp3.opc; cic=isup.cic; isup_msg=isup.message_type; called=isup.called; calling=isup.calling; isup_cause=isup.cause_indicator;
Action=LegKey; On=isup; cic; mtp3pc; mtp3pc;
Action=LegStart; On=isup; isup_msg=1;
Action=LegStop; On=isup; isup_msg=16;

6
plugins/mate/matelib/megaco.mate Normal file
View File

@ -0,0 +1,6 @@
# megaco.thing
Action=PDU; Proto=megaco; Transport=ip; addr=ip.addr; megaco_ctx=megaco.context; megaco_trx=megaco.transid; megaco_msg=megaco.transaction; term=megaco.termid;
Action=LegKey; On=megaco; addr; addr; megaco_trx;
Action=LegStart; On=megaco; megaco_msg|Request|Notify;
Action=LegStop; On=megaco; megaco_msg=Reply;

6
plugins/mate/matelib/q931.mate Normal file
View File

@ -0,0 +1,6 @@
# q931.thing
Action=PDU; Proto=q931; Transport=ip; addr=ip.addr; call_ref=q931.call_ref; q931_msg=q931.message_type; guid=h225.guid; called=q931.called_party_number.digits; calling=q931.calling_party_number.digits; q931_cause=q931.cause_value; h225_cause=h225.ReleaseCompleteReason;
Action=LegKey; On=q931; call_ref; addr; addr;
Action=LegStart; On=q931; q931_msg=5;
Action=LegStop; On=q931; q931_msg=90;

7
plugins/mate/matelib/radius.mate Normal file
View File

@ -0,0 +1,7 @@
# radius.thing
Action=pdu; Proto=radius; Transport=ip; addr=ip.addr; radius_id=radius.id; radius_code=radius.code; calling=radius.calling;
Action=pdukey; On=radius; radius_id; addr; addr;
Action=start; On=radius; radius_code=4;
Action=stop; On=radius; radius_code=5;

5
plugins/mate/matelib/rtsp.mate Normal file
View File

@ -0,0 +1,5 @@
Action=PDU; Proto=rtsp; Transport=ip; isup_msg=isup.message_type; calling=X_Vig_Msisdn; rtsp_method=rtsp.method; rtsp_ses=rtsp.session; addr=ip.addr; rtsp_url=rtsp.url;
Action=LegKey; On=rtsp; rtsp_ses;
Action=LegStart; On=rtsp; rtsp_method=SETUP;
Action=LegStop; On=rtsp; rtsp_method=TEARDOWN;

6
plugins/mate/matelib/sip.mate Normal file
View File

@ -0,0 +1,6 @@
# sip.thing
Action=PDU; Proto=sip; Transport=ip; addr=ip.addr; sip_method=sip.Method; sip_callid=sip.Call-ID; calling=sdp.owner.username;
Action=LegKey; On=sip; sip_callid; addr; addr;
Action=LegStart; On=sip; sip_method=INVITE;
Action=LegStop; On=sip; sip_method=BYE;

16
plugins/mate/moduleinfo.h Normal file
View File

@ -0,0 +1,16 @@
/* Included *after* config.h, in order to re-define these macros */
#ifdef PACKAGE
#undef PACKAGE
#endif
/* Name of package */
#define PACKAGE "mate"
#ifdef VERSION
#undef VERSION
#endif
/* Version number of package */
#define VERSION "0.0.3"

321
plugins/mate/packet-mate.c Normal file
View File

@ -0,0 +1,321 @@
/* packet-mate.c
* Routines for the mate Facility's Pseudo-Protocol dissection
*
* Copyright 2004, Luis E. Garcia Ontanon <gopo@webflies.org>
*
* $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/**************************************************************************
* This is the pseudo protocol dissector for the mate module. ***
* It is intended for this to be just the user interface to the module. ***
**************************************************************************/
#include "mate.h"
static int mate_tap_data = 0;
static mate_config* mc = NULL;
static int proto_mate = -1;
static gint ett_mate = -1;
static gint ett_mate_pdu = -1;
static gint ett_mate_pdu_attr = -1;
static gint ett_mate_gop = -1;
static gint ett_mate_gop_attr = -1;
static gint ett_mate_gop_pdus = -1;
static gint ett_mate_gop_times = -1;
static gint ett_mate_gog = -1;
static gint ett_mate_gog_attr = -1;
static gint ett_mate_gog_gops = -1;
static gint ett_mate_gop_in_gog = -1;
static char* pref_mate_config_filename = "config.mate";
static proto_item *mate_i = NULL;
void attrs_tree(proto_tree* tree, tvbuff_t *tvb,mate_item* item) {
AVPN* c;
proto_item *avpl_i;
proto_tree *avpl_t;
int* hfi_p;
gint our_ett;
switch (item->cfg->type) {
case MATE_PDU_TYPE:
our_ett = ett_mate_pdu_attr;
break;
case MATE_GOP_TYPE:
our_ett = ett_mate_pdu_attr;
break;
case MATE_GOG_TYPE:
our_ett = ett_mate_pdu_attr;
break;
default:
our_ett = ett_mate;
break;
}
avpl_i = proto_tree_add_text(tree,tvb,0,0,"%s Attributes",item->cfg->name);
avpl_t = proto_item_add_subtree(avpl_i, our_ett);
for ( c = item->avpl->null.next; c->avp; c = c->next) {
hfi_p = g_hash_table_lookup(item->cfg->my_hfids,c->avp->n);
if (hfi_p) {
proto_tree_add_string(avpl_t,*hfi_p,tvb,0,0,c->avp->v);
} else {
g_warning("MATE: error: undefined attribute: mate.%s.%s",item->cfg->name,c->avp->n);
proto_tree_add_text(avpl_t,tvb,0,0,"Undefined attribute: %s=%s",c->avp->n, c->avp->v);
}
}
}
void mate_gop_tree(proto_tree* pdu_tree, tvbuff_t *tvb, mate_gop* gop, gint ett);
void mate_gog_tree(proto_tree* tree, tvbuff_t *tvb, mate_gog* gog, mate_gop* gop) {
proto_item *gog_item;
proto_tree *gog_tree;
proto_item *gog_gop_item;
proto_tree *gog_gop_tree;
mate_gop* gog_gops;
#ifdef _MATE_DEBUGGING
proto_item* gog_key_item;
proto_tree* gog_key_tree;
guint i;
#endif
gog_item = proto_tree_add_string(tree,gog->cfg->hfid,tvb,0,0,gog->id);
gog_tree = proto_item_add_subtree(gog_item,ett_mate_gog);
attrs_tree(gog_tree,tvb,gog);
gog_gop_item = proto_tree_add_uint(gog_tree, gog->cfg->hfid_gog_num_of_gops,
tvb, 0, 0, gog->num_of_gops);
gog_gop_tree = proto_item_add_subtree(gog_gop_item, ett_mate_gog_gops);
for (gog_gops = gog->gops; gog_gops; gog_gops = gog_gops->next) {
if (gop != gog_gops) {
mate_gop_tree(gog_gop_tree, tvb, gog_gops, ett_mate_gop_in_gog);
} else {
proto_tree_add_string_format(gog_gop_tree,gop->cfg->hfid,tvb,0,0,gop->id,"GOP of current frame: %s",gop->id);
}
}
}
void mate_gop_tree(proto_tree* tree, tvbuff_t *tvb, mate_gop* gop, gint gop_ett) {
proto_item *gop_item;
proto_tree *gop_time_tree;
proto_item *gop_time_item;
proto_tree *gop_tree;
proto_item *gop_pdu_item;
proto_tree *gop_pdu_tree;
mate_pdu* gop_pdus;
float rel_time;
float gop_time;
gop_item = proto_tree_add_string(tree,gop->cfg->hfid,tvb,0,0,gop->id);
gop_tree = proto_item_add_subtree(gop_item, gop_ett);
if (gop->gop_key) proto_tree_add_text(gop_tree,tvb,0,0,"GOP Key: %s",gop->gop_key);
attrs_tree(gop_tree,tvb,gop);
if (gop->cfg->show_gop_times) {
gop_time_item = proto_tree_add_text(gop_tree,tvb,0,0,"%s Times",gop->cfg->name);
gop_time_tree = proto_item_add_subtree(gop_time_item, ett_mate_gop_times);
proto_tree_add_float(gop_time_tree, gop->cfg->hfid_gop_start_time, tvb, 0, 0, gop->start_time);
if (gop->released) {
proto_tree_add_float(gop_time_tree, gop->cfg->hfid_gop_stop_time, tvb, 0, 0, gop->release_time);
if (gop->release_time != gop->last_time) {
proto_tree_add_float(gop_time_tree, gop->cfg->hfid_gop_last_time, tvb, 0, 0, gop->last_time);
}
} else {
proto_tree_add_float(gop_time_tree, gop->cfg->hfid_gop_last_time, tvb, 0, 0, gop->last_time);
}
}
rel_time = gop_time = gop->start_time;
gop_pdu_item = proto_tree_add_uint(gop_tree, gop->cfg->hfid_gop_num_pdus, tvb, 0, 0,gop->num_of_pdus);
gop_pdu_tree = proto_item_add_subtree(gop_pdu_item, ett_mate_gop_pdus);
if (gop->cfg->show_pdu_tree) {
for (gop_pdus = gop->pdus; gop_pdus; gop_pdus = gop_pdus->next) {
if (gop_pdus->is_start) {
proto_tree_add_uint_format(gop_pdu_tree,gop->cfg->hfid_gop_pdu,
tvb,0,0,gop_pdus->frame,
"Start PDU: in frame %i",
gop_pdus->frame);
} else if (gop_pdus->is_stop) {
proto_tree_add_uint_format(gop_pdu_tree,gop->cfg->hfid_gop_pdu,
tvb,0,0,gop_pdus->frame,
"Stop PDU: in frame %i (%f : %f)",
gop_pdus->frame,
gop_pdus->rel_time,
gop_pdus->rel_time-rel_time);
} else if (gop_pdus->after_release) {
proto_tree_add_uint_format(gop_pdu_tree,gop->cfg->hfid_gop_pdu,
tvb,0,0,gop_pdus->frame,
"After stop PDU: in frame %i (%f : %f)",
gop_pdus->frame,
gop_pdus->rel_time,
gop_pdus->rel_time-rel_time);
} else {
proto_tree_add_uint_format(gop_pdu_tree,gop->cfg->hfid_gop_pdu,
tvb,0,0,gop_pdus->frame,
"PDU: in frame %i (%f : %f)",
gop_pdus->frame,
gop_pdus->rel_time,
gop_pdus->rel_time-rel_time);
}
rel_time = gop_pdus->rel_time;
}
}
}
void mate_pdu_tree(mate_pdu *pdu, tvbuff_t *tvb, proto_tree* tree) {
proto_item *pdu_item;
proto_tree *pdu_tree;
guint32 len;
if ( ! pdu ) return;
if (pdu->gop && pdu->gop->gog) {
proto_item_append_text(mate_i," %s->%s->%s",pdu->id,pdu->gop->id,pdu->gop->gog->id);
} else if (pdu->gop) {
proto_item_append_text(mate_i," %s->%s",pdu->id,pdu->gop->id);
} else {
proto_item_append_text(mate_i," %s",pdu->id);
}
len = pdu->end - pdu->start;
pdu_item = proto_tree_add_string(tree,pdu->cfg->hfid,tvb,pdu->start,len,pdu->id);
pdu_tree = proto_item_add_subtree(pdu_item, ett_mate_pdu);
proto_tree_add_float(pdu_tree,pdu->cfg->hfid_pdu_rel_time, tvb, 0, 0, pdu->rel_time);
if (pdu->gop) {
mate_gop_tree(pdu_tree,tvb,pdu->gop,ett_mate_gop);
if (pdu->gop->gog)
mate_gog_tree(pdu_tree,tvb,pdu->gop->gog,pdu->gop);
}
if (pdu->avpl) {
attrs_tree(pdu_tree,tvb,pdu);
}
}
extern void mate_tree(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
mate_pdu* pdus;
proto_tree *mate_t;
if (! tree ) return;
if (( pdus = mate_get_pdus(pinfo->fd->num) )) {
mate_i = proto_tree_add_text(tree,tvb,0,0,"mate");
mate_t = proto_item_add_subtree(mate_i, ett_mate);
for ( ; pdus; pdus = pdus->next_in_frame) {
mate_pdu_tree(pdus,tvb,mate_t);
}
}
}
static void init_mate(void) {
GString* tap_error = NULL;
tap_error = register_tap_listener("frame", &mate_tap_data,
mc->tap_filter,
NULL,
mate_packet,
NULL);
if ( tap_error ) {
g_warning("mate: couldn't (re)register tap: %s",tap_error->str);
g_string_free(tap_error, TRUE);
mate_tap_data = 0;
return;
} else {
mate_tap_data = 1;
}
init_mate_runtime_data();
}
extern
void
proto_reg_handoff_mate(void)
{
}
extern
void
proto_register_mate(void)
{
static gint *ett[] = {
&ett_mate,
&ett_mate_pdu,
&ett_mate_pdu_attr,
&ett_mate_gop,
&ett_mate_gop_attr,
&ett_mate_gop_times,
&ett_mate_gop_pdus,
&ett_mate_gog,
&ett_mate_gog_gops,
&ett_mate_gog_attr,
&ett_mate_gop_in_gog
};
mc = mate_make_config(pref_mate_config_filename);
if (mc) {
proto_mate = proto_register_protocol("Meta Analysis Tracing Engine", "mate", "mate");
proto_register_field_array(proto_mate, (hf_register_info*) mc->hfrs->data, mc->hfrs->len );
proto_register_subtree_array(ett, array_length(ett));
register_dissector("mate",mate_tree,proto_mate);
register_init_routine(init_mate);
}
}

91
plugins/mate/presentation.txt Normal file
View File

@ -0,0 +1,91 @@
Hi,
I think this fifth rewrite has taken it out of prototype stage and makes it
look almost as "production" code, please tell me if it doesn't. I do not plan
to rewrite it again. I'm realy happy with what it has become.
This has surpassed my initial goal by far. It had just to to be a filter for
packets of calls, using few protocols, based on the calling number.
My original idea was just to rewrite inside ethereal a perl script I had
written to split calls. I needed to decode h225 and could not get Decode::ASN1
to compile the h225 syntax, I thought that migrating it into ethereal would
had been easy. I was *VERY* wrong.
At the begining it was ECTAF it extracted data from ISUP and Q931. I hard
coded the extraction code directly in the dissectors and did an ugly job
putting it into several hashes but kida threaded the PDUs.
Later I wrote the AVP Lib for it. So that I would converge dealing with the
different protocols into a single mechanism. H225 got into the picture but
wasn't versatile enough. Still I used code in the dissectors to extract the
data.
As I tried to get MEGACO into the picture I wrote a parser to import the
dpc+cic->term mapping. It took me a day to "see the light", ECTAF used the
AVPLs as a logical engine already, I had a parser for AVPLs, 1+1=2, so:
importing the logic from a config file wasa natuiral step for it. STTF was
the name then (I never got it to be usable, that's why I did not release then).
At that point I started working into fetching data from the tree, getting it
into avpls match the avpls to group the pdus etc... the nice "thing" was that
it was configurable. I called it TTT.
I released about a month ago something called "Thing" that was the result of
that metamorphosis. A configurable tool that allows to use ethereal to do
analysis at the session and application level. Not only on what the frames
carry but on how they interact.
Now I release a nicelly wrapped version of it. I fixed many things and made
code that I believe to be versatile enough to be able to grow, clean enough to
be mantainable.
Anyway today's MATE is just the core of an application in the application. It
has plenty of room to grow.
There are still things I will be doing on MATE's code in the very next future:
- add timers to gops so that if they expire before their stop condition the gop
gets "marked".
- merge two gogs whenever a new gog matches keys of some previous unexpired gog
- spawn pre-started "empty" gops if a pdu of a gop in the gogs matches
a given condition.
- use mem_chunks to store most of the strings in the AVP library
* one for small strings (<16bytes)
* one for midsized strings (<32 bytes)
* one for large strings (<64 bytes)
* g_malloc for the remaining cases
- the avpl transformations will be reimplemeted
* a contextual_avp_op(AVPL_Transf* ctx, AVPL* src, AVP* avp, AVP* op)
has to be written to allow to transform AVPs extracting its value from
the source avpl and/or manupulating its contents.
* a map method that uses a hash will replace the "extremely slow" long
sequence of very similar matches that is used right now
- get rid of most of the dbg_print calls in the code and give sense to the
debug levels, which by now are almost randomic.
There are things other I cannot/"do not plan to" do that would be nice
if someone else did:
- build it as a plugin on Win32. However it may be better to get it in epan and
forget about pluginizing it.
- make it work with tethereal. This has frustrated me twice:
first because I meant it to be used as a filter on live capture to save only
packets of a call from a given number. And, second, because I tried very hard
and failed miserably.
- GUI gizmos (I don't stand GUI programming, sorry) :
an pane for sessions,
a Graphical config tool
?
- tap it, that is, we got plenty of information on how frames interact why
don't we give the users the ability to do the math with it.