osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Apply refactored "conversation" (tap) data to TShark. 

I intentionally left the fields displayed alone (so they don't exactly match Wireshark GUI), because as Guy points out in bug 6310, not sure its A Bug or A Feature.  But at least all types of conversations allowed are in sync with Wireshark GUI.

Bug:6310
Change-Id: I722837df510a39dadc1f9a07a99275509516698c
Reviewed-on: https://code.wireshark.org/review/3212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Michael Mann 2014-07-26 12:41:27 -04:00
parent 54777bf315
commit dcf6d44b7f
21 changed files with 107 additions and 502 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
epan/conversation_table.c
View File

@ -439,9 +439,10 @@ const char *get_conversation_filter(conv_item_t *conv_item, conv_direction_e dir
}
void
add_conversation_table_data(conv_hash_t *ch, const address *src, const address *dst, guint32 src_port, guint32 dst_port, int num_frames, int num_bytes, nstime_t *ts, ct_dissector_info_t *ct_info, port_type ptype)
add_conversation_table_data(conv_hash_t *ch, const address *src, const address *dst, guint32 src_port, guint32 dst_port, int num_frames, int num_bytes,
nstime_t *ts, nstime_t *abs_ts, ct_dissector_info_t *ct_info, port_type ptype)
{
add_conversation_table_data_with_conv_id(ch, src, dst, src_port, dst_port, CONV_ID_UNSET, num_frames, num_bytes, ts, ct_info, ptype);
add_conversation_table_data_with_conv_id(ch, src, dst, src_port, dst_port, CONV_ID_UNSET, num_frames, num_bytes, ts, abs_ts, ct_info, ptype);
}
void
@ -455,6 +456,7 @@ add_conversation_table_data_with_conv_id(
int num_frames,
int num_bytes,
nstime_t *ts,
nstime_t *abs_ts,
ct_dissector_info_t *ct_info,
port_type ptype)
{
@ -530,7 +532,9 @@ add_conversation_table_data_with_conv_id(
if (ts) {
memcpy(&new_conv_item.start_time, ts, sizeof(new_conv_item.start_time));
memcpy(&new_conv_item.stop_time, ts, sizeof(new_conv_item.stop_time));
memcpy(&new_conv_item.start_abs_time, abs_ts, sizeof(new_conv_item.start_abs_time));
} else {
nstime_set_unset(&new_conv_item.start_abs_time);
nstime_set_unset(&new_conv_item.start_time);
nstime_set_unset(&new_conv_item.stop_time);
}
@ -563,6 +567,7 @@ add_conversation_table_data_with_conv_id(
memcpy(&conv_item->stop_time, ts, sizeof(conv_item->stop_time));
} else if (nstime_cmp(ts, &conv_item->start_time) < 0) {
memcpy(&conv_item->start_time, ts, sizeof(conv_item->start_time));
memcpy(&conv_item->start_abs_time, abs_ts, sizeof(conv_item->start_abs_time));
}
}
}

10
epan/conversation_table.h
View File

@ -109,8 +109,9 @@ typedef struct _conversation_item_t {
guint64 rx_bytes; /**< number of received bytes */
guint64 tx_bytes; /**< number of transmitted bytes */
nstime_t start_time; /**< start time for the conversation */
nstime_t stop_time; /**< stop time for the conversation */
nstime_t start_time; /**< relative start time for the conversation */
nstime_t stop_time; /**< relative stop time for the conversation */
nstime_t start_abs_time; /**< absolute start time for the conversation */
gboolean modified; /**< new to redraw the row (only used in GTK+) */
} conv_item_t;
@ -228,11 +229,12 @@ WS_DLL_PUBLIC const char *get_conversation_filter(conv_item_t *conv_item, conv_d
* @param num_frames number of packets
* @param num_bytes number of bytes
* @param ts timestamp
* @param abs_ts absolute timestamp
* @param ct_info callback handlers from the dissector
* @param ptype the port type (e.g. PT_TCP)
*/
extern void add_conversation_table_data(conv_hash_t *ch, const address *src, const address *dst,
guint32 src_port, guint32 dst_port, int num_frames, int num_bytes, nstime_t *ts,
guint32 src_port, guint32 dst_port, int num_frames, int num_bytes, nstime_t *ts, nstime_t *abs_ts,
ct_dissector_info_t *ct_info, port_type ptype);
/** Add some data to the conversation table, passing a value to be used in
@ -247,6 +249,7 @@ extern void add_conversation_table_data(conv_hash_t *ch, const address *src, con
* @param num_frames number of packets
* @param num_bytes number of bytes
* @param ts timestamp
* @param abs_ts absolute timestamp
* @param ct_info callback handlers from the dissector
* @param ptype the port type (e.g. PT_TCP)
* @param conv_id a value to help differentiate the conversation in case the address and port quadruple is not sufficiently unique
@ -262,6 +265,7 @@ add_conversation_table_data_with_conv_id(
int num_frames,
int num_bytes,
nstime_t *ts,
nstime_t *abs_ts,
ct_dissector_info_t *ct_info,
port_type ptype);

2
epan/dissectors/packet-eth.c
View File

@ -130,7 +130,7 @@ eth_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_,
conv_hash_t *hash = (conv_hash_t*) pct;
const eth_hdr *ehdr=(const eth_hdr *)vip;
add_conversation_table_data(hash, &ehdr->src, &ehdr->dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &eth_ct_dissector_info, PT_NONE);
add_conversation_table_data(hash, &ehdr->src, &ehdr->dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &eth_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/dissectors/packet-fc.c
View File

@ -228,7 +228,7 @@ fc_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_, c
conv_hash_t *hash = (conv_hash_t*) pct;
const fc_hdr *fchdr=(const fc_hdr *)vip;
add_conversation_table_data(hash, &fchdr->s_id, &fchdr->d_id, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &fc_ct_dissector_info, PT_NONE);
add_conversation_table_data(hash, &fchdr->s_id, &fchdr->d_id, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &fc_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/dissectors/packet-fddi.c
View File

@ -165,7 +165,7 @@ fddi_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_,
conv_hash_t *hash = (conv_hash_t*) pct;
const fddi_hdr *ehdr=(const fddi_hdr *)vip;
add_conversation_table_data(hash, &ehdr->src, &ehdr->dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &fddi_ct_dissector_info, PT_NONE);
add_conversation_table_data(hash, &ehdr->src, &ehdr->dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &fddi_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/dissectors/packet-ieee80211.c
View File

@ -5195,7 +5195,7 @@ wlan_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_,
conv_hash_t *hash = (conv_hash_t*) pct;
const wlan_hdr *whdr=(const wlan_hdr *)vip;
add_conversation_table_data(hash, &whdr->src, &whdr->dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &wlan_ct_dissector_info, PT_NONE);
add_conversation_table_data(hash, &whdr->src, &whdr->dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &wlan_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/dissectors/packet-ip.c
View File

@ -496,7 +496,7 @@ ip_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_, c
conv_hash_t *hash = (conv_hash_t*) pct;
const ws_ip *iph=(const ws_ip *)vip;
add_conversation_table_data(hash, &iph->ip_src, &iph->ip_dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &ip_ct_dissector_info, PT_NONE);
add_conversation_table_data(hash, &iph->ip_src, &iph->ip_dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &ip_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/dissectors/packet-ipv6.c
View File

@ -378,7 +378,7 @@ ipv6_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_,
src.data = &ip6h->ip6_src;
dst.data = &ip6h->ip6_dst;
add_conversation_table_data(hash, &src, &dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &ipv6_ct_dissector_info, PT_NONE);
add_conversation_table_data(hash, &src, &dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &ipv6_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/dissectors/packet-ipx.c
View File

@ -169,7 +169,7 @@ ipx_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_,
conv_hash_t *hash = (conv_hash_t*) pct;
const ipxhdr_t *ipxh=(const ipxhdr_t *)vip;
add_conversation_table_data(hash, &ipxh->ipx_src, &ipxh->ipx_dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &ipx_ct_dissector_info, PT_NONE);
add_conversation_table_data(hash, &ipxh->ipx_src, &ipxh->ipx_dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &ipx_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/dissectors/packet-jxta.c
View File

@ -218,7 +218,7 @@ jxta_conversation_packet(void *pct, packet_info *pinfo _U_, epan_dissect_t *edt
const jxta_tap_header *jxtahdr = (const jxta_tap_header *) vip;
add_conversation_table_data(hash, &jxtahdr->src_address, &jxtahdr->dest_address,
0, 0, 1, jxtahdr->size, NULL, &jxta_ct_dissector_info, PT_NONE);
0, 0, 1, jxtahdr->size, NULL, NULL, &jxta_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/dissectors/packet-ncp.c
View File

@ -315,7 +315,7 @@ ncp_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_,
connection = (ncph->conn_high * 256)+ncph->conn_low;
if (connection < 65535) {
add_conversation_table_data(hash, &pinfo->src, &pinfo->dst, connection, connection, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &ncp_ct_dissector_info, PT_NCP);
add_conversation_table_data(hash, &pinfo->src, &pinfo->dst, connection, connection, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &ncp_ct_dissector_info, PT_NCP);
}
return 1;

2
epan/dissectors/packet-rsvp.c
View File

@ -1887,7 +1887,7 @@ rsvp_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_,
const rsvp_conversation_info *rsvph = (const rsvp_conversation_info *)vip;
add_conversation_table_data(hash, &rsvph->source, &rsvph->destination,
0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &rsvp_ct_dissector_info, PT_NONE);
0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &rsvp_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/dissectors/packet-sctp.c
View File

@ -798,7 +798,7 @@ sctp_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_,
const struct _sctp_info *sctphdr=(const struct _sctp_info *)vip;
add_conversation_table_data(hash, &sctphdr->ip_src, &sctphdr->ip_dst,
sctphdr->sport, sctphdr->dport, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &sctp_ct_dissector_info, PT_SCTP);
sctphdr->sport, sctphdr->dport, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &sctp_ct_dissector_info, PT_SCTP);
return 1;

2
epan/dissectors/packet-tcp.c
View File

@ -547,7 +547,7 @@ tcpip_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_
const struct tcpheader *tcphdr=(const struct tcpheader *)vip;
add_conversation_table_data_with_conv_id(hash, &tcphdr->ip_src, &tcphdr->ip_dst, tcphdr->th_sport, tcphdr->th_dport, (conv_id_t) tcphdr->th_stream, 1, pinfo->fd->pkt_len,
&pinfo->rel_ts, &tcp_ct_dissector_info, PT_TCP);
&pinfo->rel_ts, &pinfo->fd->abs_ts, &tcp_ct_dissector_info, PT_TCP);
return 1;
}

2
epan/dissectors/packet-tr.c
View File

@ -150,7 +150,7 @@ tr_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_, c
conv_hash_t *hash = (conv_hash_t*) pct;
const tr_hdr *trhdr=(const tr_hdr *)vip;
add_conversation_table_data(hash, &trhdr->src, &trhdr->dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &tr_ct_dissector_info, PT_NONE);
add_conversation_table_data(hash, &trhdr->src, &trhdr->dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &tr_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/dissectors/packet-udp.c
View File

@ -303,7 +303,7 @@ udpip_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_
conv_hash_t *hash = (conv_hash_t*) pct;
const e_udphdr *udphdr=(const e_udphdr *)vip;
add_conversation_table_data(hash, &udphdr->ip_src, &udphdr->ip_dst, udphdr->uh_sport, udphdr->uh_dport, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &udp_ct_dissector_info, PT_UDP);
add_conversation_table_data(hash, &udphdr->ip_src, &udphdr->ip_dst, udphdr->uh_sport, udphdr->uh_dport, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &udp_ct_dissector_info, PT_UDP);
return 1;
}

2
epan/dissectors/packet-usb.c
View File

@ -1122,7 +1122,7 @@ static int
usb_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip _U_)
{
conv_hash_t *hash = (conv_hash_t*) pct;
add_conversation_table_data(hash, &pinfo->src, &pinfo->dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &usb_ct_dissector_info, PT_NONE);
add_conversation_table_data(hash, &pinfo->src, &pinfo->dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts, &usb_ct_dissector_info, PT_NONE);
return 1;
}

2
epan/stat_cmd_args.c
View File

@ -83,7 +83,7 @@ process_stat_cmd_arg(char *optstr)
for(entry=stat_cmd_arg_list;entry;entry=g_slist_next(entry)){
sca=(stat_cmd_arg *)entry->data;
if(!strncmp(sca->cmd,optstr,strlen(sca->cmd))){
if(!strncmp(sca->cmd,optstr,strlen(optstr))){
tr=(stat_requested *)g_malloc(sizeof (stat_requested));
tr->sca = sca;
tr->arg=g_strdup(optstr);

3
tshark.c
View File

@ -98,6 +98,7 @@
#endif
#include "ui/util.h"
#include "ui/ui_util.h"
#include "ui/cli/tshark-tap.h"
#include "version_info.h"
#include "register.h"
#include <epan/epan_dissect.h>
@ -1199,7 +1200,7 @@ main(int argc, char *argv[])
register_all_plugin_tap_listeners();
#endif
register_all_tap_listeners();
conversation_table_set_gui_info(NULL); /* XXX - TODO: Provide "GUI" function for TShark */
conversation_table_set_gui_info(init_iousers);
/* If invoked with the "-G" flag, we dump out information based on
the argument to the "-G" flag; if no argument is specified,

525
ui/cli/tap-iousers.c
View File

@ -23,349 +23,32 @@
#include "config.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <epan/packet_info.h>
#include <epan/packet.h>
#include <epan/addr_resolv.h>
#include <epan/tap.h>
#include <epan/timestamp.h>
#include <epan/conv_id.h>
#include <epan/conversation.h>
#include <epan/stat_cmd_args.h>
#include <epan/dissectors/packet-ip.h>
#include <epan/dissectors/packet-ipv6.h>
#include <epan/dissectors/packet-ipx.h>
#include <epan/dissectors/packet-tcp.h>
#include <epan/dissectors/packet-udp.h>
#include <epan/dissectors/packet-eth.h>
#include <epan/dissectors/packet-sctp.h>
#include <epan/dissectors/packet-tr.h>
#include <epan/dissectors/packet-scsi.h>
#include <epan/dissectors/packet-fc.h>
#include <epan/dissectors/packet-fddi.h>
void register_tap_listener_iousers(void);
#include <ui/conversation_ui.h>
#include <epan/conversation_table.h>
typedef struct _io_users_t {
const char *type;
char *filter;
struct _io_users_item_t *items;
const char *filter;
conv_hash_t hash;
} io_users_t;
typedef struct _io_users_item_t {
struct _io_users_item_t *next;
char *name1;
char *name2;
conv_id_t conv_id;
address addr1;
address addr2;
guint32 frames1;
guint32 frames2;
guint64 bytes1;
guint64 bytes2;
nstime_t start_rel_time;
nstime_t stop_rel_time;
nstime_t start_abs_time;
} io_users_item_t;
#define iousers_process_name_packet(iu, name1, name2, direction, pkt_len, rel_ts, abs_ts) \
iousers_process_name_packet_with_conv_id(iu, name1, name2, CONV_ID_UNSET, direction, pkt_len, rel_ts, abs_ts)
static void
iousers_process_name_packet_with_conv_id(
io_users_t *iu,
char *name1,
char *name2,
conv_id_t conv_id,
int direction,
guint64 pkt_len,
nstime_t *rel_ts,
nstime_t *abs_ts)
{
io_users_item_t *iui;
for(iui=iu->items;iui;iui=iui->next){
if((iui->conv_id==conv_id)
&& (!strcmp(iui->name1, name1))
&& (!strcmp(iui->name2, name2)) ){
break;
}
}
if(!iui){
iui=g_new(io_users_item_t,1);
iui->next=iu->items;
iu->items=iui;
iui->name1=g_strdup(name1);
iui->name2=g_strdup(name2);
iui->conv_id=conv_id;
iui->frames1=0;
iui->frames2=0;
iui->bytes1=0;
iui->bytes2=0;
memcpy(&iui->start_rel_time, rel_ts, sizeof(iui->start_rel_time));
memcpy(&iui->stop_rel_time, rel_ts, sizeof(iui->stop_rel_time));
memcpy(&iui->start_abs_time, abs_ts, sizeof(iui->start_abs_time));
}
else {
if (nstime_cmp(rel_ts, &iui->stop_rel_time) > 0) {
memcpy(&iui->stop_rel_time, rel_ts, sizeof(iui->stop_rel_time));
} else if (nstime_cmp(rel_ts, &iui->start_rel_time) < 0) {
memcpy(&iui->start_rel_time, rel_ts, sizeof(iui->start_rel_time));
memcpy(&iui->start_abs_time, abs_ts, sizeof(iui->start_abs_time));
}
}
if(direction){
iui->frames1++;
iui->bytes1+=pkt_len;
} else {
iui->frames2++;
iui->bytes2+=pkt_len;
}
}
static void
iousers_process_address_packet(io_users_t *iu, const address *src, const address *dst, guint64 pkt_len,
nstime_t *ts)
{
const address *addr1, *addr2;
io_users_item_t *iui;
if(CMP_ADDRESS(src, dst)>0){
addr1=src;
addr2=dst;
} else {
addr2=src;
addr1=dst;
}
for(iui=iu->items;iui;iui=iui->next){
if((!CMP_ADDRESS(&iui->addr1, addr1))
&&(!CMP_ADDRESS(&iui->addr2, addr2)) ){
break;
}
}
if(!iui){
iui=g_new(io_users_item_t,1);
iui->next=iu->items;
iu->items=iui;
COPY_ADDRESS(&iui->addr1, addr1);
iui->name1=g_strdup(ep_address_to_str(addr1));
COPY_ADDRESS(&iui->addr2, addr2);
iui->name2=g_strdup(ep_address_to_str(addr2));
iui->frames1=0;
iui->frames2=0;
iui->bytes1=0;
iui->bytes2=0;
memcpy(&iui->start_rel_time, ts, sizeof(iui->start_rel_time));
memcpy(&iui->stop_rel_time, ts, sizeof(iui->stop_rel_time));
}
else {
if (nstime_cmp(ts, &iui->stop_rel_time) > 0) {
memcpy(&iui->stop_rel_time, ts, sizeof(iui->stop_rel_time));
} else if (nstime_cmp(ts, &iui->start_rel_time) < 0) {
memcpy(&iui->start_rel_time, ts, sizeof(iui->start_rel_time));
}
}
if(!CMP_ADDRESS(dst, &iui->addr1)){
iui->frames1++;
iui->bytes1+=pkt_len;
} else {
iui->frames2++;
iui->bytes2+=pkt_len;
}
}
static int
iousers_udpip_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vudph)
{
io_users_t *iu=(io_users_t *)arg;
const e_udphdr *udph=(const e_udphdr *)vudph;
char name1[256],name2[256];
int direction=0;
if(udph->uh_sport>udph->uh_dport){
direction=0;
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&udph->ip_src),ep_udp_port_to_display(udph->uh_sport));
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&udph->ip_dst),ep_udp_port_to_display(udph->uh_dport));
} else if(udph->uh_sport<udph->uh_dport){
direction=1;
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&udph->ip_src),ep_udp_port_to_display(udph->uh_sport));
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&udph->ip_dst),ep_udp_port_to_display(udph->uh_dport));
} else if(CMP_ADDRESS(&udph->ip_src, &udph->ip_dst)>0){
direction=0;
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&udph->ip_src),ep_udp_port_to_display(udph->uh_sport));
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&udph->ip_dst),ep_udp_port_to_display(udph->uh_dport));
} else {
direction=1;
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&udph->ip_src),ep_udp_port_to_display(udph->uh_sport));
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&udph->ip_dst),ep_udp_port_to_display(udph->uh_dport));
}
iousers_process_name_packet(iu, name1, name2, direction, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts);
return 1;
}
static int
iousers_sctp_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vsctp)
{
io_users_t *iu=(io_users_t *)arg;
const struct _sctp_info* sctph = (const struct _sctp_info*)vsctp;
char name1[256],name2[256], s_sport[10], s_dport[10];
int direction=0;
g_snprintf(s_sport, sizeof s_sport, "%d",sctph->sport);
g_snprintf(s_dport, sizeof s_dport, "%d",sctph->dport);
if(sctph->sport > sctph->dport) {
direction=0;
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&sctph->ip_src),s_sport);
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&sctph->ip_dst),s_dport);
} else if(sctph->sport < sctph->dport) {
direction=1;
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&sctph->ip_src),s_sport);
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&sctph->ip_dst),s_dport);
} else {
direction=0;
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&sctph->ip_src),s_sport);
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&sctph->ip_dst),s_dport);
}
iousers_process_name_packet(iu, name1, name2, direction, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts);
return 1;
}
static int
iousers_tcpip_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vtcph)
{
io_users_t *iu=(io_users_t *)arg;
const struct tcpheader *tcph=(const struct tcpheader *)vtcph;
char name1[256],name2[256];
int direction=0;
if(tcph->th_sport>tcph->th_dport){
direction=0;
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&tcph->ip_src),ep_tcp_port_to_display(tcph->th_sport));
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&tcph->ip_dst),ep_tcp_port_to_display(tcph->th_dport));
} else if(tcph->th_sport<tcph->th_dport){
direction=1;
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&tcph->ip_src),ep_tcp_port_to_display(tcph->th_sport));
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&tcph->ip_dst),ep_tcp_port_to_display(tcph->th_dport));
} else if(CMP_ADDRESS(&tcph->ip_src, &tcph->ip_dst)>0){
direction=0;
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&tcph->ip_src),ep_tcp_port_to_display(tcph->th_sport));
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&tcph->ip_dst),ep_tcp_port_to_display(tcph->th_dport));
} else {
direction=1;
g_snprintf(name2,256,"%s:%s",ep_address_to_str(&tcph->ip_src),ep_tcp_port_to_display(tcph->th_sport));
g_snprintf(name1,256,"%s:%s",ep_address_to_str(&tcph->ip_dst),ep_tcp_port_to_display(tcph->th_dport));
}
iousers_process_name_packet_with_conv_id(iu, name1, name2, tcph->th_stream, direction, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->fd->abs_ts);
return 1;
}
static int
iousers_ip_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip)
{
io_users_t *iu=(io_users_t *)arg;
const ws_ip *iph=(const ws_ip *)vip;
iousers_process_address_packet(iu, &iph->ip_src, &iph->ip_dst, pinfo->fd->pkt_len, &pinfo->rel_ts);
return 1;
}
static int
iousers_ipv6_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip)
{
io_users_t *iu=(io_users_t *)arg;
const struct ip6_hdr *ip6h=(const struct ip6_hdr *)vip;
address src, dst;
/* Addresses aren't implemented as 'address' type in struct ip6_hdr */
src.type = dst.type = AT_IPv6;
src.len = dst.len = sizeof(struct e_in6_addr);
src.data = &ip6h->ip6_src;
dst.data = &ip6h->ip6_dst;
iousers_process_address_packet(iu, &src, &dst, pinfo->fd->pkt_len, &pinfo->rel_ts);
return 1;
}
static int
iousers_ipx_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vipx)
{
io_users_t *iu=(io_users_t *)arg;
const ipxhdr_t *ipxh=(const ipxhdr_t *)vipx;
iousers_process_address_packet(iu, &ipxh->ipx_src, &ipxh->ipx_dst, pinfo->fd->pkt_len, &pinfo->rel_ts);
return 1;
}
static int
iousers_fc_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vfc)
{
io_users_t *iu=(io_users_t *)arg;
const fc_hdr *fchdr=(const fc_hdr *)vfc;
iousers_process_address_packet(iu, &fchdr->s_id, &fchdr->d_id, pinfo->fd->pkt_len, &pinfo->rel_ts);
return 1;
}
static int
iousers_eth_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const void *veth)
{
io_users_t *iu=(io_users_t *)arg;
const eth_hdr *ehdr=(const eth_hdr *)veth;
iousers_process_address_packet(iu, &ehdr->src, &ehdr->dst, pinfo->fd->pkt_len, &pinfo->rel_ts);
return 1;
}
static int
iousers_fddi_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const void *veth)
{
io_users_t *iu=(io_users_t *)arg;
const fddi_hdr *ehdr=(const fddi_hdr *)veth;
iousers_process_address_packet(iu, &ehdr->src, &ehdr->dst, pinfo->fd->pkt_len, &pinfo->rel_ts);
return 1;
}
static int
iousers_tr_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vtr)
{
io_users_t *iu=(io_users_t *)arg;
const tr_hdr *trhdr=(const tr_hdr *)vtr;
iousers_process_address_packet(iu, &trhdr->src, &trhdr->dst, pinfo->fd->pkt_len, &pinfo->rel_ts);
return 1;
}
static void
iousers_draw(void *arg)
{
io_users_t *iu = (io_users_t *)arg;
io_users_item_t *iui;
guint32 last_frames, max_frames;
conv_hash_t *hash = (conv_hash_t*)arg;
io_users_t *iu = (io_users_t *)hash->user_data;
conv_item_t *iui;
guint64 last_frames, max_frames;
struct tm * tm_time;
guint i;
printf("================================================================================\n");
printf("%s Conversations\n",iu->type);
@ -392,29 +75,34 @@ iousers_draw(void *arg)
break;
}
max_frames=0xffffffff;
max_frames=UINT_MAX;
do {
last_frames=0;
for(iui=iu->items;iui;iui=iui->next){
guint32 tot_frames;
tot_frames=iui->frames1+iui->frames2;
for (i=0; (iu->hash.conv_array && i < iu->hash.conv_array->len); i++){
guint64 tot_frames;
if((tot_frames>last_frames)
&&(tot_frames<max_frames)){
iui = &g_array_index(iu->hash.conv_array, conv_item_t, i);
tot_frames = iui->rx_frames + iui->tx_frames;
if ((tot_frames>last_frames) && (tot_frames<max_frames)){
last_frames=tot_frames;
}
}
for(iui=iu->items;iui;iui=iui->next){
guint32 tot_frames;
tot_frames=iui->frames1+iui->frames2;
if(tot_frames==last_frames){
for (i=0; (iu->hash.conv_array && i < iu->hash.conv_array->len); i++){
guint64 tot_frames;
iui = &g_array_index(iu->hash.conv_array, conv_item_t, i);
tot_frames = iui->rx_frames + iui->tx_frames;
if (tot_frames == last_frames){
printf("%-20s <-> %-20s %6d %9" G_GINT64_MODIFIER "d %6d %9" G_GINT64_MODIFIER "d %6d %9" G_GINT64_MODIFIER "d ",
iui->name1, iui->name2,
iui->frames1, iui->bytes1,
iui->frames2, iui->bytes2,
iui->frames1+iui->frames2,
iui->bytes1+iui->bytes2
/* XXX - TODO: make name resolution configurable (through gbl_resolv_flags?) */
get_conversation_address(&iui->src_address, TRUE), get_conversation_address(&iui->dst_address, TRUE),
iui->tx_frames, iui->tx_bytes,
iui->rx_frames, iui->rx_bytes,
iui->tx_frames+iui->rx_frames,
iui->tx_bytes+iui->rx_bytes
);
switch (timestamp_get_type()) {
@ -424,7 +112,7 @@ iousers_draw(void *arg)
tm_time->tm_hour,
tm_time->tm_min,
tm_time->tm_sec,
nstime_to_sec(&iui->stop_rel_time) - nstime_to_sec(&iui->start_rel_time));
nstime_to_sec(&iui->stop_time) - nstime_to_sec(&iui->start_time));
break;
case TS_ABSOLUTE_WITH_YMD:
tm_time = localtime(&iui->start_abs_time.secs);
@ -435,7 +123,7 @@ iousers_draw(void *arg)
tm_time->tm_hour,
tm_time->tm_min,
tm_time->tm_sec,
nstime_to_sec(&iui->stop_rel_time) - nstime_to_sec(&iui->start_rel_time));
nstime_to_sec(&iui->stop_time) - nstime_to_sec(&iui->start_time));
break;
case TS_ABSOLUTE_WITH_YDOY:
tm_time = localtime(&iui->start_abs_time.secs);
@ -445,7 +133,7 @@ iousers_draw(void *arg)
tm_time->tm_hour,
tm_time->tm_min,
tm_time->tm_sec,
nstime_to_sec(&iui->stop_rel_time) - nstime_to_sec(&iui->start_rel_time));
nstime_to_sec(&iui->stop_time) - nstime_to_sec(&iui->start_time));
break;
case TS_UTC:
tm_time = gmtime(&iui->start_abs_time.secs);
@ -453,7 +141,7 @@ iousers_draw(void *arg)
tm_time->tm_hour,
tm_time->tm_min,
tm_time->tm_sec,
nstime_to_sec(&iui->stop_rel_time) - nstime_to_sec(&iui->start_rel_time));
nstime_to_sec(&iui->stop_time) - nstime_to_sec(&iui->start_time));
break;
case TS_UTC_WITH_YMD:
tm_time = gmtime(&iui->start_abs_time.secs);
@ -464,7 +152,7 @@ iousers_draw(void *arg)
tm_time->tm_hour,
tm_time->tm_min,
tm_time->tm_sec,
nstime_to_sec(&iui->stop_rel_time) - nstime_to_sec(&iui->start_rel_time));
nstime_to_sec(&iui->stop_time) - nstime_to_sec(&iui->start_time));
break;
case TS_UTC_WITH_YDOY:
tm_time = gmtime(&iui->start_abs_time.secs);
@ -474,14 +162,14 @@ iousers_draw(void *arg)
tm_time->tm_hour,
tm_time->tm_min,
tm_time->tm_sec,
nstime_to_sec(&iui->stop_rel_time) - nstime_to_sec(&iui->start_rel_time));
nstime_to_sec(&iui->stop_time) - nstime_to_sec(&iui->start_time));
break;
case TS_RELATIVE:
case TS_NOT_SET:
default:
printf("%14.9f %12.4f\n",
nstime_to_sec(&iui->start_rel_time),
nstime_to_sec(&iui->stop_rel_time) - nstime_to_sec(&iui->start_rel_time)
nstime_to_sec(&iui->start_time),
nstime_to_sec(&iui->stop_time) - nstime_to_sec(&iui->start_time)
);
break;
}
@ -492,135 +180,18 @@ iousers_draw(void *arg)
printf("================================================================================\n");
}
static void
iousers_init(const char *opt_arg, void* userdata _U_)
void init_iousers(struct register_ct* ct, const char *filter)
{
const char *filter=NULL;
const char *tap_type, *tap_type_name;
tap_packet_cb packet_func;
io_users_t *iu=NULL;
io_users_t *iu;
GString *error_string;
if(!strncmp(opt_arg,"conv,eth",8)){
if(opt_arg[8]==','){
filter=opt_arg+9;
} else {
filter=NULL;
}
tap_type="eth";
tap_type_name="Ethernet";
packet_func=iousers_eth_packet;
} else if(!strncmp(opt_arg,"conv,fc",7)){
if(opt_arg[7]==','){
filter=opt_arg+8;
} else {
filter=NULL;
}
tap_type="fc";
tap_type_name="Fibre Channel";
packet_func=iousers_fc_packet;
} else if(!strncmp(opt_arg,"conv,fddi",9)){
if(opt_arg[9]==','){
filter=opt_arg+10;
} else {
filter=NULL;
}
tap_type="fddi";
tap_type_name="FDDI";
packet_func=iousers_fddi_packet;
} else if(!strncmp(opt_arg,"conv,tcp",8)){
if(opt_arg[8]==','){
filter=opt_arg+9;
} else {
filter=NULL;
}
tap_type="tcp";
tap_type_name="TCP";
packet_func=iousers_tcpip_packet;
} else if(!strncmp(opt_arg,"conv,udp",8)){
if(opt_arg[8]==','){
filter=opt_arg+9;
} else {
filter=NULL;
}
tap_type="udp";
tap_type_name="UDP";
packet_func=iousers_udpip_packet;
} else if(!strncmp(opt_arg,"conv,tr",7)){
if(opt_arg[7]==','){
filter=opt_arg+8;
} else {
filter=NULL;
}
tap_type="tr";
tap_type_name="Token Ring";
packet_func=iousers_tr_packet;
} else if(!strncmp(opt_arg,"conv,ipx",8)){
if(opt_arg[8]==','){
filter=opt_arg+9;
} else {
filter=NULL;
}
tap_type="ipx";
tap_type_name="IPX";
packet_func=iousers_ipx_packet;
} else if(!strncmp(opt_arg,"conv,ipv6",9)){
if(opt_arg[9]==','){
filter=opt_arg+10;
} else {
filter=NULL;
}
tap_type="ipv6";
tap_type_name="IPv6";
packet_func=iousers_ipv6_packet;
} else if(!strncmp(opt_arg,"conv,ip",7)){
if(opt_arg[7]==','){
filter=opt_arg+8;
} else {
filter=NULL;
}
tap_type="ip";
tap_type_name="IPv4";
packet_func=iousers_ip_packet;
} else if(!strncmp(opt_arg,"conv,sctp",9)) {
if(opt_arg[9]==','){
filter=opt_arg+10;
} else {
filter=NULL;
}
tap_type="sctp";
tap_type_name="SCTP";
packet_func=iousers_sctp_packet;
} else {
fprintf(stderr, "tshark: invalid \"-z conv,<type>[,<filter>]\" argument\n");
fprintf(stderr," <type> must be one of\n");
fprintf(stderr," \"eth\"\n");
fprintf(stderr," \"fc\"\n");
fprintf(stderr," \"fddi\"\n");
fprintf(stderr," \"ip\"\n");
fprintf(stderr," \"ipx\"\n");
fprintf(stderr," \"sctp\"\n");
fprintf(stderr," \"tcp\"\n");
fprintf(stderr," \"tr\"\n");
fprintf(stderr," \"udp\"\n");
exit(1);
}
iu = g_new0(io_users_t,1);
iu->type = proto_get_protocol_short_name(find_protocol_by_id(get_conversation_proto_id(ct)));
iu->filter = g_strdup(filter);
iu->hash.user_data = iu;
iu=g_new(io_users_t,1);
iu->items=NULL;
iu->type=tap_type_name;
if(filter){
iu->filter=g_strdup(filter);
} else {
iu->filter=NULL;
}
error_string=register_tap_listener(tap_type, iu, filter, 0, NULL, packet_func, iousers_draw);
error_string=register_tap_listener(proto_get_protocol_filter_name(get_conversation_proto_id(ct)), &iu->hash, filter, 0, NULL, get_conversation_packet_func(ct), iousers_draw);
if(error_string){
if(iu->items){
g_free(iu->items);
}
g_free(iu);
fprintf(stderr, "tshark: Couldn't register conversations tap: %s\n",
error_string->str);
@ -629,9 +200,3 @@ iousers_init(const char *opt_arg, void* userdata _U_)
}
}
void
register_tap_listener_iousers(void)
{
register_stat_cmd_arg("conv,", iousers_init, NULL);
}

30
ui/cli/tshark-tap.h Normal file
View File

@ -0,0 +1,30 @@
/* tshark-tap.h
* Registation tap hooks for TShark
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef __TSHARK_TAP_H__
#define __TSHARK_TAP_H__
#include <epan/conversation_table.h>
extern void init_iousers(struct register_ct* ct, const char *filter);
#endif /* __TSHARK_TAP_H__ */