wireshark/sharkd_session.c

5094 lines
160 KiB
C

/* sharkd_session.c
*
* Copyright (C) 2016 Jakub Zawadzki
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "wtap_opttypes.h"
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <errno.h>
#include <glib.h>
#include <wsutil/wsjson.h>
#include <wsutil/json_dumper.h>
#include <wsutil/ws_assert.h>
#include <file.h>
#include <epan/epan_dissect.h>
#include <epan/exceptions.h>
#include <epan/color_filters.h>
#include <epan/prefs.h>
#include <epan/prefs-int.h>
#include <epan/uat-int.h>
#include <wiretap/wtap.h>
#include <epan/column.h>
#include <epan/column-info.h>
#include <ui/ssl_key_export.h>
#include <ui/io_graph_item.h>
#include <epan/stats_tree_priv.h>
#include <epan/stat_tap_ui.h>
#include <epan/conversation_table.h>
#include <epan/sequence_analysis.h>
#include <epan/expert.h>
#include <epan/export_object.h>
#include <epan/follow.h>
#include <epan/rtd_table.h>
#include <epan/srt_table.h>
#include <epan/dissectors/packet-h225.h>
#include <epan/rtp_pt.h>
#include <ui/voip_calls.h>
#include <ui/rtp_stream.h>
#include <ui/tap-rtp-common.h>
#include <ui/tap-rtp-analysis.h>
#include <wsutil/version_info.h>
#include <epan/to_str.h>
#include <epan/addr_resolv.h>
#include <epan/dissectors/packet-rtp.h>
#include <ui/rtp_media.h>
#include <speex/speex_resampler.h>
#include <epan/maxmind_db.h>
#include <wsutil/pint.h>
#include <wsutil/strtoi.h>
#include "globals.h"
#include "sharkd.h"
struct sharkd_filter_item
{
guint8 *filtered; /* can be NULL if all frames are matching for given filter. */
};
static GHashTable *filter_table = NULL;
static int mode;
static guint32 rpcid;
static json_dumper dumper = {0};
static const char *
json_find_attr(const char *buf, const jsmntok_t *tokens, int count, const char *attr)
{
int i;
for (i = 0; i < count; i += 2)
{
const char *tok_attr = &buf[tokens[i + 0].start];
const char *tok_value = &buf[tokens[i + 1].start];
if (!strcmp(tok_attr, attr))
return tok_value;
}
return NULL;
}
static void
json_print_base64(const guint8 *data, size_t len)
{
json_dumper_begin_base64(&dumper);
json_dumper_write_base64(&dumper, data, len);
json_dumper_end_base64(&dumper);
}
static void G_GNUC_PRINTF(2, 3)
sharkd_json_value_anyf(const char *key, const char *format, ...)
{
if (key)
json_dumper_set_member_name(&dumper, key);
if (format) {
va_list ap;
va_start(ap, format);
json_dumper_value_va_list(&dumper, format, ap);
va_end(ap);
}
}
static void
sharkd_json_value_string(const char *key, const char *str)
{
if (key)
json_dumper_set_member_name(&dumper, key);
if (str)
json_dumper_value_string(&dumper, str);
}
static void
sharkd_json_value_base64(const char *key, const guint8 *data, size_t len)
{
if (key)
json_dumper_set_member_name(&dumper, key);
json_print_base64(data, len);
}
static void G_GNUC_PRINTF(2, 3)
sharkd_json_value_stringf(const char *key, const char *format, ...)
{
if (key)
json_dumper_set_member_name(&dumper, key);
if (format) {
va_list ap;
va_start(ap, format);
char* sformat = ws_strdup_printf("\"%s\"", format);
json_dumper_value_va_list(&dumper, sformat, ap);
g_free(sformat);
va_end(ap);
}
}
static void
sharkd_json_array_open(const char *key)
{
if (key)
json_dumper_set_member_name(&dumper, key);
json_dumper_begin_array(&dumper);
}
static void
sharkd_json_array_close(void)
{
json_dumper_end_array(&dumper);
}
static void
sharkd_json_response_open(guint32 id)
{
json_dumper_begin_object(&dumper); // start the message
sharkd_json_value_string("jsonrpc", "2.0");
sharkd_json_value_anyf("id", "%d", id);
}
static void
sharkd_json_response_close(void)
{
json_dumper_finish(&dumper);
/*
* We do an explicit fflush after every line, because
* we want output to be written to the socket as soon
* as the line is complete.
*
* The stream is fully-buffered by default, so it's
* only flushed when the buffer fills or the FILE *
* is closed. On UN*X, we could set it to be line
* buffered, but the MSVC standard I/O routines don't
* support line buffering - they only support *byte*
* buffering, doing a write for every byte written,
* which is too inefficient, and full buffering,
* which is what you get if you request line buffering.
*/
fflush(stdout);
}
static void
sharkd_json_result_prologue(guint32 id)
{
sharkd_json_response_open(id);
sharkd_json_value_anyf("result", NULL);
json_dumper_begin_object(&dumper); // start the result object
}
static void
sharkd_json_result_epilogue(void)
{
json_dumper_end_object(&dumper); // end the result object
json_dumper_end_object(&dumper); // end the message
sharkd_json_response_close();
}
static void
sharkd_json_result_array_prologue(guint32 id)
{
sharkd_json_response_open(id);
sharkd_json_array_open("result"); // start the result array
}
static void
sharkd_json_result_array_epilogue(void)
{
sharkd_json_array_close(); // end of result array
json_dumper_end_object(&dumper); // end the message
sharkd_json_response_close();
}
static void
sharkd_json_simple_ok(guint32 id)
{
sharkd_json_result_prologue(id);
sharkd_json_value_string("status", "OK");
sharkd_json_result_epilogue();
}
static void
sharkd_json_warning(guint32 id, char *warning)
{
sharkd_json_result_prologue(id);
sharkd_json_value_string("status", "Warning");
sharkd_json_value_string("warning", warning);
sharkd_json_result_epilogue();
}
static void G_GNUC_PRINTF(4, 5)
sharkd_json_error(guint32 id, int code, char* data, char* format, ...)
{
sharkd_json_response_open(id);
sharkd_json_value_anyf("error", NULL);
json_dumper_begin_object(&dumper);
sharkd_json_value_anyf("code", "%d", code);
if (format)
{
// format the text message
va_list args;
va_start(args, format);
char *error_msg = ws_strdup_vprintf(format, args);
va_end(args);
sharkd_json_value_string("message", error_msg);
g_free(error_msg);
}
json_dumper_end_object(&dumper);
if (data)
sharkd_json_value_string("data", data);
json_dumper_end_object(&dumper);
sharkd_json_response_close();
}
static gboolean
is_param_match(const char *param_in, const char *valid_param)
{
char* ptr;
if ((ptr = g_strrstr(valid_param, "*")))
{
size_t prefix_len = ptr - valid_param;
return !strncmp(param_in, valid_param, prefix_len);
}
else
return !strcmp(param_in, valid_param);
}
/*
* json_prep does four things:
*
* 1. check the syntax of the root and parameter members
* 2. tokenize the names and values by zero terminating them
* 3. unescape the names and values
* 4. extracts and saves the rpcid
* - we have to do it here as it's needed for the error messages
*
* The objective is to minimise the validation work in the functions
* that process each called method.
*
* This gets a little messy as the JSON parser creates a flat list
* of all members rather than create a tree.
*/
static gboolean
json_prep(char* buf, const jsmntok_t* tokens, int count)
{
int i;
char* method = NULL;
char* attr_name = NULL;
char* attr_value = NULL;
#define SHARKD_JSON_ANY 0
#define SHARKD_JSON_STRING 1
#define SHARKD_JSON_INTEGER 2
#define SHARKD_JSON_UINTEGER 3
#define SHARKD_JSON_FLOAT 4
#define SHARKD_JSON_OBJECT 5
#define SHARKD_JSON_ARRAY 6
#define SHARKD_JSON_BOOLEAN 7
#define SHARKD_ARRAY_END 99
struct member_attribute {
const char* parent_ctx;
const char* name;
int level;
jsmntype_t type;
int value_type;
gboolean is_mandatory;
};
#define MANDATORY TRUE
#define OPTIONAL FALSE
/*
* The member attribute structure is key to the syntax checking. The
* array contains all of the root level (1) member names, the data
* types permissable for the value and a boolean that indicates whether
* or not the member is mandatory.
*
* Once we get into the next layer (2) of the json tree, we need to check
* params member names and data types dependent in the context of the method
* (parent_ctx).
*/
struct member_attribute name_array[] = {
// Root members
{NULL, "jsonrpc", 1, JSMN_STRING, SHARKD_JSON_STRING, MANDATORY},
{NULL, "userid", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{NULL, "id", 1, JSMN_PRIMITIVE, SHARKD_JSON_UINTEGER, MANDATORY},
{NULL, "method", 1, JSMN_STRING, SHARKD_JSON_STRING, MANDATORY},
{NULL, "params", 1, JSMN_OBJECT, SHARKD_JSON_OBJECT, OPTIONAL},
// Valid methods
{"method", "analyse", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "bye", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "check", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "complete", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "download", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "dumpconf", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "follow", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "frame", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "frames", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "info", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "intervals", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "iograph", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "load", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "setcomment", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "setconf", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "status", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"method", "tap", 1, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
// Parameters and their method context
{"check", "field", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"check", "filter", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"complete", "field", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"complete", "pref", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"download", "token", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"dumpconf", "pref", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"follow", "follow", 2, JSMN_STRING, SHARKD_JSON_STRING, MANDATORY},
{"follow", "filter", 2, JSMN_STRING, SHARKD_JSON_STRING, MANDATORY},
{"frame", "frame", 2, JSMN_PRIMITIVE, SHARKD_JSON_UINTEGER, MANDATORY},
{"frame", "proto", 2, JSMN_PRIMITIVE, SHARKD_JSON_BOOLEAN, OPTIONAL},
{"frame", "ref_frame", 2, JSMN_PRIMITIVE, SHARKD_JSON_UINTEGER, OPTIONAL},
{"frame", "prev_frame", 2, JSMN_PRIMITIVE, SHARKD_JSON_UINTEGER, OPTIONAL},
{"frame", "columns", 2, JSMN_PRIMITIVE, SHARKD_JSON_BOOLEAN, OPTIONAL},
{"frame", "color", 2, JSMN_PRIMITIVE, SHARKD_JSON_BOOLEAN, OPTIONAL},
{"frame", "bytes", 2, JSMN_PRIMITIVE, SHARKD_JSON_BOOLEAN, OPTIONAL},
{"frame", "hidden", 2, JSMN_PRIMITIVE, SHARKD_JSON_BOOLEAN, OPTIONAL},
{"frames", "column*", 2, JSMN_UNDEFINED, SHARKD_JSON_ANY, OPTIONAL},
{"frames", "filter", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"frames", "skip", 2, JSMN_PRIMITIVE, SHARKD_JSON_UINTEGER, OPTIONAL},
{"frames", "limit", 2, JSMN_PRIMITIVE, SHARKD_JSON_UINTEGER, OPTIONAL},
{"frames", "refs", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"intervals", "interval", 2, JSMN_PRIMITIVE, SHARKD_JSON_UINTEGER, OPTIONAL},
{"intervals", "filter", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "interval", 2, JSMN_PRIMITIVE, SHARKD_JSON_UINTEGER, OPTIONAL},
{"iograph", "filter", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "graph0", 2, JSMN_STRING, SHARKD_JSON_STRING, MANDATORY},
{"iograph", "graph1", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "graph2", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "graph3", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "graph4", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "graph5", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "graph6", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "graph7", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "graph8", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "graph9", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "filter0", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "filter1", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "filter2", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "filter3", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "filter4", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "filter5", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "filter6", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "filter7", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "filter8", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"iograph", "filter9", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"load", "file", 2, JSMN_STRING, SHARKD_JSON_STRING, MANDATORY},
{"setcomment", "frame", 2, JSMN_PRIMITIVE, SHARKD_JSON_UINTEGER, MANDATORY},
{"setcomment", "comment", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"setconf", "name", 2, JSMN_STRING, SHARKD_JSON_STRING, MANDATORY},
{"setconf", "value", 2, JSMN_UNDEFINED, SHARKD_JSON_ANY, MANDATORY},
{"tap", "tap0", 2, JSMN_STRING, SHARKD_JSON_STRING, MANDATORY},
{"tap", "tap1", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap2", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap3", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap4", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap5", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap6", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap7", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap8", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap9", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap10", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap11", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap12", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap13", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap14", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
{"tap", "tap15", 2, JSMN_STRING, SHARKD_JSON_STRING, OPTIONAL},
// End of the name_array
{NULL, NULL, 0, JSMN_STRING, SHARKD_ARRAY_END, OPTIONAL},
};
rpcid = 0;
/* sanity check, and split strings */
if (count < 1 || tokens[0].type != JSMN_OBJECT)
{
sharkd_json_error(
rpcid, -32600, NULL,
"The request must an object"
);
return FALSE;
}
/* don't need [0] token */
tokens++;
count--;
if (count & 1)
{
sharkd_json_error(
rpcid, -32600, NULL,
"The request must contain name/value pairs"
);
return FALSE;
}
for (i = 0; i < count; i += 2)
{
if (tokens[i].type != JSMN_STRING)
{
sharkd_json_error(
rpcid, -32600, NULL,
"Member names must be a string - member %d is not string", (i / 2) + 1
);
return FALSE;
}
buf[tokens[i + 0].end] = '\0';
buf[tokens[i + 1].end] = '\0';
attr_name = &buf[tokens[i + 0].start];
attr_value = &buf[tokens[i + 1].start];
// we must get the id as soon as possible so that it's available in all future error messages
if (!strcmp(attr_name, "id"))
{
if (!ws_strtou32(attr_value, NULL, &rpcid))
{
sharkd_json_error(
rpcid, -32600, NULL,
"The id value must be a positive integer"
);
return FALSE;
}
}
if (!strcmp(attr_name, "jsonrpc"))
{
if (strcmp(&buf[tokens[i + 1].start], "2.0"))
{
sharkd_json_error(
rpcid, -32600, NULL,
"Only JSON %s is supported", "2.0"
);
return FALSE;
}
}
/* unescape only value, as keys are simple strings */
if (tokens[i + 1].type == JSMN_STRING && !json_decode_string_inplace(attr_value))
{
sharkd_json_error(
rpcid, -32600, NULL,
"Cannot unescape the value string of member %d", (i / 2) + 1
);
return FALSE;
}
/* Confirm that the member is valid */
gboolean match = FALSE;
// We need to check root members (level 1) and parameters (level 2), hence the for loop.
for (int level = 1; level < 3; level++)
{
size_t j = 0;
while (name_array[j].value_type != SHARKD_ARRAY_END) // iterate through the array until we hit the end
{
if (is_param_match(attr_name, name_array[j].name) && name_array[j].level == level)
{
// We need to be sure the match is in the correct context
// i.e. is this a match for a root member (level 1) or for a parameter (level 2).
if (level == 1)
{
// need to guard against a parameter name matching a method name
if (method)
{
if (name_array[j].parent_ctx)
{
j++;
continue;
}
if (!strcmp(method, &buf[tokens[i + 0].start]))
{
j++;
continue;
}
}
match = TRUE;
}
else if (method)
{
if (level == 2 && !strcmp(name_array[j].parent_ctx, method))
match = TRUE;
else
{
j++;
continue;
}
}
else
{
j++;
continue;
}
// The match looks good, let's now check the data types
if (tokens[i + 1].type != name_array[j].type && name_array[j].type != SHARKD_JSON_ANY)
{
sharkd_json_error(
rpcid, -32600, NULL,
"The data type for member %s is not a valid", attr_name
);
return FALSE;
}
else if (name_array[j].type == JSMN_PRIMITIVE && name_array[j].value_type == SHARKD_JSON_UINTEGER)
{
guint32 temp;
if (!ws_strtou32(attr_value, NULL, &temp) || temp <= 0)
{
sharkd_json_error(
rpcid, -32600, NULL,
"The value for %s must be a positive integer", name_array[j].name
);
return FALSE;
}
}
else if (name_array[j].type == JSMN_PRIMITIVE && name_array[j].value_type == SHARKD_JSON_BOOLEAN)
{
if (strcmp(attr_value, "true") && strcmp(attr_value, "false"))
{
sharkd_json_error(
rpcid, -32600, NULL,
"The value for %s must be a boolean (true or false)", name_array[j].name
);
return FALSE;
}
}
break; // looks like a valid match
}
j++;
}
if (!strcmp(attr_name, "method"))
{
int k = 0; // name array index
// check that the request method is good
while (name_array[k].value_type != SHARKD_ARRAY_END)
{
if (name_array[k].parent_ctx)
{
if (!strcmp(attr_value, name_array[k].name) && !strcmp(name_array[k].parent_ctx, "method"))
method = attr_value; // the method is valid
}
k++;
}
if (!method)
{
sharkd_json_error(
rpcid, -32601, NULL,
"The method %s is not supported", attr_value
);
return FALSE;
}
}
}
if (!match)
{
sharkd_json_error(
rpcid, -32600, NULL,
"%s is not a valid member name", attr_name
);
return FALSE;
}
}
/* check for mandatory members */
size_t j = 0;
while (name_array[j].value_type != SHARKD_ARRAY_END)
{
if (name_array[j].is_mandatory && name_array[j].level == 1)
{
if (!json_find_attr(buf, tokens, count, name_array[j].name))
{
sharkd_json_error(
rpcid, -32600, NULL,
"Mandatory member %s is missing", name_array[j].name
);
return FALSE;
}
}
j++;
}
// check that the current request contains the mandatory parameters
j = 0;
while (name_array[j].value_type != SHARKD_ARRAY_END)
{
if (name_array[j].is_mandatory && name_array[j].level == 2 && !strcmp(method, name_array[j].parent_ctx))
{
if (!json_find_attr(buf, tokens, count, name_array[j].name))
{
sharkd_json_error(
rpcid, -32600, NULL,
"Mandatory parameter %s is missing", name_array[j].name
);
return FALSE;
}
}
j++;
}
// check that the parameters for the current request are valid for the method and that the data type for the value is valid
return TRUE;
}
static void
sharkd_session_filter_free(gpointer data)
{
struct sharkd_filter_item *l = (struct sharkd_filter_item *) data;
g_free(l->filtered);
g_free(l);
}
static const struct sharkd_filter_item *
sharkd_session_filter_data(const char *filter)
{
struct sharkd_filter_item *l;
l = (struct sharkd_filter_item *) g_hash_table_lookup(filter_table, filter);
if (!l)
{
guint8 *filtered = NULL;
int ret = sharkd_filter(filter, &filtered);
if (ret == -1)
return NULL;
l = g_new(struct sharkd_filter_item, 1);
l->filtered = filtered;
g_hash_table_insert(filter_table, g_strdup(filter), l);
}
return l;
}
static gboolean
sharkd_rtp_match_init(rtpstream_id_t *id, const char *init_str)
{
gboolean ret = FALSE;
char **arr;
guint32 tmp_addr_src, tmp_addr_dst;
address tmp_src_addr, tmp_dst_addr;
memset(id, 0, sizeof(*id));
arr = g_strsplit(init_str, "_", 7); /* pass larger value, so we'll catch incorrect input :) */
if (g_strv_length(arr) != 5)
goto fail;
/* TODO, for now only IPv4 */
if (!get_host_ipaddr(arr[0], &tmp_addr_src))
goto fail;
if (!ws_strtou16(arr[1], NULL, &id->src_port))
goto fail;
if (!get_host_ipaddr(arr[2], &tmp_addr_dst))
goto fail;
if (!ws_strtou16(arr[3], NULL, &id->dst_port))
goto fail;
if (!ws_hexstrtou32(arr[4], NULL, &id->ssrc))
goto fail;
set_address(&tmp_src_addr, AT_IPv4, 4, &tmp_addr_src);
copy_address(&id->src_addr, &tmp_src_addr);
set_address(&tmp_dst_addr, AT_IPv4, 4, &tmp_addr_dst);
copy_address(&id->dst_addr, &tmp_dst_addr);
ret = TRUE;
fail:
g_strfreev(arr);
return ret;
}
static gboolean
sharkd_session_process_info_nstat_cb(const void *key, void *value, void *userdata _U_)
{
stat_tap_table_ui *stat_tap = (stat_tap_table_ui *) value;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("name", stat_tap->title);
sharkd_json_value_stringf("tap", "nstat:%s", (const char *) key);
json_dumper_end_object(&dumper);
return FALSE;
}
static gboolean
sharkd_session_process_info_conv_cb(const void* key, void* value, void* userdata _U_)
{
struct register_ct *table = (struct register_ct *) value;
const char *label = (const char *) key;
if (get_conversation_packet_func(table))
{
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("name", "Conversation List/%s", label);
sharkd_json_value_stringf("tap", "conv:%s", label);
json_dumper_end_object(&dumper);
}
if (get_endpoint_packet_func(table))
{
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("name", "Endpoint/%s", label);
sharkd_json_value_stringf("tap", "endpt:%s", label);
json_dumper_end_object(&dumper);
}
return FALSE;
}
static gboolean
sharkd_session_seq_analysis_cb(const void *key, void *value, void *userdata _U_)
{
register_analysis_t *analysis = (register_analysis_t *) value;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("name", sequence_analysis_get_ui_name(analysis));
sharkd_json_value_stringf("tap", "seqa:%s", (const char *) key);
json_dumper_end_object(&dumper);
return FALSE;
}
static gboolean
sharkd_export_object_visit_cb(const void *key _U_, void *value, void *user_data _U_)
{
register_eo_t *eo = (register_eo_t *) value;
const int proto_id = get_eo_proto_id(eo);
const char *filter = proto_get_protocol_filter_name(proto_id);
const char *label = proto_get_protocol_short_name(find_protocol_by_id(proto_id));
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("name", "Export Object/%s", label);
sharkd_json_value_stringf("tap", "eo:%s", filter);
json_dumper_end_object(&dumper);
return FALSE;
}
static gboolean
sharkd_srt_visit_cb(const void *key _U_, void *value, void *user_data _U_)
{
register_srt_t *srt = (register_srt_t *) value;
const int proto_id = get_srt_proto_id(srt);
const char *filter = proto_get_protocol_filter_name(proto_id);
const char *label = proto_get_protocol_short_name(find_protocol_by_id(proto_id));
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("name", "Service Response Time/%s", label);
sharkd_json_value_stringf("tap", "srt:%s", filter);
json_dumper_end_object(&dumper);
return FALSE;
}
static gboolean
sharkd_rtd_visit_cb(const void *key _U_, void *value, void *user_data _U_)
{
register_rtd_t *rtd = (register_rtd_t *) value;
const int proto_id = get_rtd_proto_id(rtd);
const char *filter = proto_get_protocol_filter_name(proto_id);
const char *label = proto_get_protocol_short_name(find_protocol_by_id(proto_id));
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("name", "Response Time Delay/%s", label);
sharkd_json_value_stringf("tap", "rtd:%s", filter);
json_dumper_end_object(&dumper);
return FALSE;
}
static gboolean
sharkd_follower_visit_cb(const void *key _U_, void *value, void *user_data _U_)
{
register_follow_t *follower = (register_follow_t *) value;
const int proto_id = get_follow_proto_id(follower);
const char *label = proto_get_protocol_short_name(find_protocol_by_id(proto_id));
const char *filter = label; /* correct: get_follow_by_name() is registered by short name */
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("name", "Follow/%s", label);
sharkd_json_value_stringf("tap", "follow:%s", filter);
json_dumper_end_object(&dumper);
return FALSE;
}
/**
* sharkd_session_process_info()
*
* Process info request
*
* Output object with attributes:
* (m) version - version number
*
* (m) columns - available column formats, array of object with attributes:
* 'name' - column name
* 'format' - column format-name
*
* (m) stats - available statistics, array of object with attributes:
* 'name' - statistic name
* 'tap' - sharkd tap-name for statistic
*
* (m) convs - available conversation list, array of object with attributes:
* 'name' - conversation name
* 'tap' - sharkd tap-name for conversation
*
* (m) eo - available export object list, array of object with attributes:
* 'name' - export object name
* 'tap' - sharkd tap-name for eo
*
* (m) srt - available service response time list, array of object with attributes:
* 'name' - service response time name
* 'tap' - sharkd tap-name for srt
*
* (m) rtd - available response time delay list, array of object with attributes:
* 'name' - response time delay name
* 'tap' - sharkd tap-name for rtd
*
* (m) seqa - available sequence analysis (flow) list, array of object with attributes:
* 'name' - sequence analysis name
* 'tap' - sharkd tap-name
*
* (m) taps - available taps, array of object with attributes:
* 'name' - tap name
* 'tap' - sharkd tap-name
*
* (m) follow - available followers, array of object with attributes:
* 'name' - tap name
* 'tap' - sharkd tap-name
*
* (m) ftypes - conversation table for FT_ number to string, array of FT_xxx strings.
*
* (m) nstat - available table-based taps, array of object with attributes:
* 'name' - tap name
* 'tap' - sharkd tap-name
*
*/
static void
sharkd_session_process_info(void)
{
int i;
sharkd_json_result_prologue(rpcid);
sharkd_json_array_open("columns");
for (i = 0; i < NUM_COL_FMTS; i++)
{
const char *col_format = col_format_to_string(i);
const char *col_descr = col_format_desc(i);
json_dumper_begin_object(&dumper);
sharkd_json_value_string("name", col_descr);
sharkd_json_value_string("format", col_format);
json_dumper_end_object(&dumper);
}
sharkd_json_array_close();
sharkd_json_array_open("stats");
{
GList *cfg_list = stats_tree_get_cfg_list();
GList *l;
for (l = cfg_list; l; l = l->next)
{
stats_tree_cfg *cfg = (stats_tree_cfg *) l->data;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("name", cfg->name);
sharkd_json_value_stringf("tap", "stat:%s", cfg->abbr);
json_dumper_end_object(&dumper);
}
g_list_free(cfg_list);
}
sharkd_json_array_close();
sharkd_json_array_open("ftypes");
for (i = 0; i < FT_NUM_TYPES; i++)
sharkd_json_value_string(NULL, ftype_name((ftenum_t) i));
sharkd_json_array_close();
sharkd_json_value_string("version", get_ws_vcs_version_info_short());
sharkd_json_array_open("nstat");
i = 0;
stat_tap_iterate_tables(sharkd_session_process_info_nstat_cb, &i);
sharkd_json_array_close();
sharkd_json_array_open("convs");
i = 0;
conversation_table_iterate_tables(sharkd_session_process_info_conv_cb, &i);
sharkd_json_array_close();
sharkd_json_array_open("seqa");
i = 0;
sequence_analysis_table_iterate_tables(sharkd_session_seq_analysis_cb, &i);
sharkd_json_array_close();
sharkd_json_array_open("taps");
{
json_dumper_begin_object(&dumper);
sharkd_json_value_string("name", "RTP streams");
sharkd_json_value_string("tap", "rtp-streams");
json_dumper_end_object(&dumper);
json_dumper_begin_object(&dumper);
sharkd_json_value_string("name", "Expert Information");
sharkd_json_value_string("tap", "expert");
json_dumper_end_object(&dumper);
}
sharkd_json_array_close();
sharkd_json_array_open("eo");
i = 0;
eo_iterate_tables(sharkd_export_object_visit_cb, &i);
sharkd_json_array_close();
sharkd_json_array_open("srt");
i = 0;
srt_table_iterate_tables(sharkd_srt_visit_cb, &i);
sharkd_json_array_close();
sharkd_json_array_open("rtd");
i = 0;
rtd_table_iterate_tables(sharkd_rtd_visit_cb, &i);
sharkd_json_array_close();
sharkd_json_array_open("follow");
i = 0;
follow_iterate_followers(sharkd_follower_visit_cb, &i);
sharkd_json_array_close();
sharkd_json_result_epilogue();
}
/**
* sharkd_session_process_load()
*
* Process load request
*
* Input:
* (m) file - file to be loaded
*
* Output object with attributes:
* (m) err - error code
*/
static void
sharkd_session_process_load(const char *buf, const jsmntok_t *tokens, int count)
{
const char *tok_file = json_find_attr(buf, tokens, count, "file");
int err = 0;
if (!tok_file)
return;
fprintf(stderr, "load: filename=%s\n", tok_file);
if (sharkd_cf_open(tok_file, WTAP_TYPE_AUTO, FALSE, &err) != CF_OK)
{
sharkd_json_error(
rpcid, -2001, NULL,
"Unable to open the file"
);
return;
}
TRY
{
err = sharkd_load_cap_file();
}
CATCH(OutOfMemoryError)
{
sharkd_json_error(
rpcid, -32603, NULL,
"Load failed, out of memory"
);
fprintf(stderr, "load: OutOfMemoryError\n");
err = ENOMEM;
}
ENDTRY;
if (err == 0)
sharkd_json_simple_ok(rpcid);
}
/**
* sharkd_session_process_status()
*
* Process status request
*
* Output object with attributes:
* (m) frames - count of currently loaded frames
* (m) duration - time difference between time of first frame, and last loaded frame
* (o) filename - capture filename
* (o) filesize - capture filesize
* (o) columns - array of column titles
*/
static void
sharkd_session_process_status(void)
{
sharkd_json_result_prologue(rpcid);
sharkd_json_value_anyf("frames", "%u", cfile.count);
sharkd_json_value_anyf("duration", "%.9f", nstime_to_sec(&cfile.elapsed_time));
if (cfile.filename)
{
char *name = g_path_get_basename(cfile.filename);
sharkd_json_value_string("filename", name);
g_free(name);
}
if (cfile.provider.wth)
{
gint64 file_size = wtap_file_size(cfile.provider.wth, NULL);
if (file_size > 0)
sharkd_json_value_anyf("filesize", "%" PRId64, file_size);
}
if (cfile.cinfo.num_cols > 0)
{
sharkd_json_array_open("columns");
for (int i = 0; i < cfile.cinfo.num_cols; ++i)
{
sharkd_json_value_string(NULL, get_column_title(i));
}
sharkd_json_array_close();
}
sharkd_json_result_epilogue();
}
struct sharkd_analyse_data
{
GHashTable *protocols_set;
nstime_t *first_time;
nstime_t *last_time;
};
static void
sharkd_session_process_analyse_cb(epan_dissect_t *edt, proto_tree *tree _U_,
struct epan_column_info *cinfo _U_, const GSList *data_src _U_, void *data)
{
struct sharkd_analyse_data *analyser = (struct sharkd_analyse_data *) data;
packet_info *pi = &edt->pi;
frame_data *fdata = pi->fd;
if (analyser->first_time == NULL || nstime_cmp(&fdata->abs_ts, analyser->first_time) < 0)
analyser->first_time = &fdata->abs_ts;
if (analyser->last_time == NULL || nstime_cmp(&fdata->abs_ts, analyser->last_time) > 0)
analyser->last_time = &fdata->abs_ts;
if (pi->layers)
{
wmem_list_frame_t *frame;
for (frame = wmem_list_head(pi->layers); frame; frame = wmem_list_frame_next(frame))
{
int proto_id = GPOINTER_TO_UINT(wmem_list_frame_data(frame));
if (!g_hash_table_lookup_extended(analyser->protocols_set, GUINT_TO_POINTER(proto_id), NULL, NULL))
{
g_hash_table_insert(analyser->protocols_set, GUINT_TO_POINTER(proto_id), GUINT_TO_POINTER(proto_id));
sharkd_json_value_string(NULL, proto_get_protocol_filter_name(proto_id));
}
}
}
}
/**
* sharkd_session_process_status()
*
* Process analyse request
*
* Output object with attributes:
* (m) frames - count of currently loaded frames
* (m) protocols - protocol list
* (m) first - earliest frame time
* (m) last - latest frame time
*/
static void
sharkd_session_process_analyse(void)
{
struct sharkd_analyse_data analyser;
wtap_rec rec; /* Record metadata */
Buffer rec_buf; /* Record data */
analyser.first_time = NULL;
analyser.last_time = NULL;
analyser.protocols_set = g_hash_table_new(NULL /* g_direct_hash() */, NULL /* g_direct_equal */);
sharkd_json_result_prologue(rpcid);
sharkd_json_value_anyf("frames", "%u", cfile.count);
sharkd_json_array_open("protocols");
wtap_rec_init(&rec);
ws_buffer_init(&rec_buf, 1514);
for (guint32 framenum = 1; framenum <= cfile.count; framenum++)
{
enum dissect_request_status status;
int err;
gchar *err_info;
status = sharkd_dissect_request(framenum,
(framenum != 1) ? 1 : 0, framenum - 1,
&rec, &rec_buf, NULL, SHARKD_DISSECT_FLAG_NULL,
&sharkd_session_process_analyse_cb, &analyser,
&err, &err_info);
switch (status) {
case DISSECT_REQUEST_SUCCESS:
break;
case DISSECT_REQUEST_NO_SUCH_FRAME:
/* XXX - report the error. */
break;
case DISSECT_REQUEST_READ_ERROR:
/*
* Free up the error string.
* XXX - report the error.
*/
g_free(err_info);
break;
}
}
sharkd_json_array_close();
if (analyser.first_time)
sharkd_json_value_anyf("first", "%.9f", nstime_to_sec(analyser.first_time));
if (analyser.last_time)
sharkd_json_value_anyf("last", "%.9f", nstime_to_sec(analyser.last_time));
sharkd_json_result_epilogue();
wtap_rec_cleanup(&rec);
ws_buffer_free(&rec_buf);
g_hash_table_destroy(analyser.protocols_set);
}
static column_info *
sharkd_session_create_columns(column_info *cinfo, const char *buf, const jsmntok_t *tokens, int count)
{
const char *columns_custom[32];
guint16 columns_fmt[32];
gint16 columns_occur[32];
int i, cols;
for (i = 0; i < 32; i++)
{
const char *tok_column;
char tok_column_name[64];
char *custom_sepa;
snprintf(tok_column_name, sizeof(tok_column_name), "column%d", i);
tok_column = json_find_attr(buf, tokens, count, tok_column_name);
if (tok_column == NULL)
break;
columns_custom[i] = NULL;
columns_occur[i] = 0;
if ((custom_sepa = strchr(tok_column, ':')))
{
*custom_sepa = '\0'; /* XXX, C abuse: discarding-const */
columns_fmt[i] = COL_CUSTOM;
columns_custom[i] = tok_column;
if (!ws_strtoi16(custom_sepa + 1, NULL, &columns_occur[i]))
return NULL;
}
else
{
if (!ws_strtou16(tok_column, NULL, &columns_fmt[i]))
return NULL;
if (columns_fmt[i] >= NUM_COL_FMTS)
return NULL;
/* if custom, that it shouldn't be just custom number -> error */
if (columns_fmt[i] == COL_CUSTOM)
return NULL;
}
}
cols = i;
col_setup(cinfo, cols);
for (i = 0; i < cols; i++)
{
col_item_t *col_item = &cinfo->columns[i];
col_item->col_fmt = columns_fmt[i];
col_item->col_title = NULL; /* no need for title */
if (col_item->col_fmt == COL_CUSTOM)
{
col_item->col_custom_fields = g_strdup(columns_custom[i]);
col_item->col_custom_occurrence = columns_occur[i];
}
col_item->col_fence = 0;
}
col_finalize(cinfo);
return cinfo;
}
static void
sharkd_session_process_frames_cb(epan_dissect_t *edt, proto_tree *tree _U_,
struct epan_column_info *cinfo, const GSList *data_src _U_, void *data _U_)
{
packet_info *pi = &edt->pi;
frame_data *fdata = pi->fd;
wtap_block_t pkt_block = NULL;
char *comment;
json_dumper_begin_object(&dumper);
sharkd_json_array_open("c");
for (int col = 0; col < cinfo->num_cols; ++col)
{
sharkd_json_value_string(NULL, get_column_text(cinfo, col));
}
sharkd_json_array_close();
sharkd_json_value_anyf("num", "%u", pi->num);
/*
* Get the block for this record, if it has one.
*/
if (fdata->has_modified_block)
pkt_block = sharkd_get_modified_block(fdata);
else
pkt_block = pi->rec->block;
/*
* Does this record have any comments?
*/
if (pkt_block != NULL &&
WTAP_OPTTYPE_SUCCESS == wtap_block_get_nth_string_option_value(pkt_block, OPT_COMMENT, 0, &comment))
sharkd_json_value_anyf("ct", "true");
if (fdata->ignored)
sharkd_json_value_anyf("i", "true");
if (fdata->marked)
sharkd_json_value_anyf("m", "true");
if (fdata->color_filter)
{
sharkd_json_value_stringf("bg", "%06x", color_t_to_rgb(&fdata->color_filter->bg_color));
sharkd_json_value_stringf("fg", "%06x", color_t_to_rgb(&fdata->color_filter->fg_color));
}
json_dumper_end_object(&dumper);
}
/**
* sharkd_session_process_frames()
*
* Process frames request
*
* Input:
* (o) column0...columnXX - requested columns either number in range [0..NUM_COL_FMTS), or custom (syntax <dfilter>:<occurence>).
* If column0 is not specified default column set will be used.
* (o) filter - filter to be used
* (o) skip=N - skip N frames
* (o) limit=N - show only N frames
* (o) refs - list (comma separated) with sorted time reference frame numbers.
*
* Output array of frames with attributes:
* (m) c - array of column data
* (m) num - frame number
* (o) i - if frame is ignored
* (o) m - if frame is marked
* (o) ct - if frame is commented
* (o) bg - color filter - background color in hex
* (o) fg - color filter - foreground color in hex
*/
static void
sharkd_session_process_frames(const char *buf, const jsmntok_t *tokens, int count)
{
const char *tok_filter = json_find_attr(buf, tokens, count, "filter");
const char *tok_column = json_find_attr(buf, tokens, count, "column0");
const char *tok_skip = json_find_attr(buf, tokens, count, "skip");
const char *tok_limit = json_find_attr(buf, tokens, count, "limit");
const char *tok_refs = json_find_attr(buf, tokens, count, "refs");
const guint8 *filter_data = NULL;
guint32 next_ref_frame = G_MAXUINT32;
guint32 skip;
guint32 limit;
wtap_rec rec; /* Record metadata */
Buffer rec_buf; /* Record data */
column_info *cinfo = &cfile.cinfo;
column_info user_cinfo;
if (tok_column)
{
memset(&user_cinfo, 0, sizeof(user_cinfo));
cinfo = sharkd_session_create_columns(&user_cinfo, buf, tokens, count);
if (!cinfo)
{
sharkd_json_error(
rpcid, -13001, NULL,
"Column definition invalid - note column 6 requires a custom definition"
);
return;
}
}
if (tok_filter)
{
const struct sharkd_filter_item *filter_item;
filter_item = sharkd_session_filter_data(tok_filter);
if (!filter_item)
{
sharkd_json_error(
rpcid, -13002, NULL,
"Filter expression invalid"
);
return;
}
filter_data = filter_item->filtered;
}
skip = 0;
if (tok_skip)
{
if (!ws_strtou32(tok_skip, NULL, &skip))
return;
}
limit = 0;
if (tok_limit)
{
if (!ws_strtou32(tok_limit, NULL, &limit))
return;
}
if (tok_refs)
{
if (!ws_strtou32(tok_refs, &tok_refs, &next_ref_frame))
return;
}
sharkd_json_result_array_prologue(rpcid);
wtap_rec_init(&rec);
ws_buffer_init(&rec_buf, 1514);
for (guint32 framenum = 1; framenum <= cfile.count; framenum++)
{
frame_data *fdata;
enum dissect_request_status status;
int err;
gchar *err_info;
if (filter_data && !(filter_data[framenum / 8] & (1 << (framenum % 8))))
continue;
if (skip)
{
skip--;
continue;
}
if (tok_refs)
{
if (framenum >= next_ref_frame)
{
if (*tok_refs != ',')
next_ref_frame = G_MAXUINT32;
while (*tok_refs == ',' && framenum >= next_ref_frame)
{
if (!ws_strtou32(tok_refs + 1, &tok_refs, &next_ref_frame))
{
fprintf(stderr, "sharkd_session_process_frames() wrong format for refs: %s\n", tok_refs);
break;
}
}
if (*tok_refs == '\0' && framenum >= next_ref_frame)
{
next_ref_frame = G_MAXUINT32;
}
}
}
fdata = sharkd_get_frame(framenum);
status = sharkd_dissect_request(framenum,
(framenum != 1) ? 1 : 0, framenum - 1,
&rec, &rec_buf, cinfo,
(fdata->color_filter == NULL) ? SHARKD_DISSECT_FLAG_COLOR : SHARKD_DISSECT_FLAG_NULL,
&sharkd_session_process_frames_cb, NULL,
&err, &err_info);
switch (status) {
case DISSECT_REQUEST_SUCCESS:
break;
case DISSECT_REQUEST_NO_SUCH_FRAME:
/* XXX - report the error. */
break;
case DISSECT_REQUEST_READ_ERROR:
/*
* Free up the error string.
* XXX - report the error.
*/
g_free(err_info);
break;
}
if (limit && --limit == 0)
break;
}
sharkd_json_result_array_epilogue();
if (cinfo != &cfile.cinfo)
col_cleanup(cinfo);
wtap_rec_cleanup(&rec);
ws_buffer_free(&rec_buf);
}
static void
sharkd_session_process_tap_stats_node_cb(const stat_node *n)
{
stat_node *node;
sharkd_json_array_open(NULL);
for (node = n->children; node; node = node->next)
{
json_dumper_begin_object(&dumper);
/* code based on stats_tree_get_values_from_node() */
sharkd_json_value_string("name", node->name);
sharkd_json_value_anyf("count", "%d", node->counter);
if (node->counter && ((node->st_flags & ST_FLG_AVERAGE) || node->rng))
{
switch(node->datatype)
{
case STAT_DT_INT:
sharkd_json_value_anyf("avg", "%.2f", ((float)node->total.int_total) / node->counter);
sharkd_json_value_anyf("min", "%d", node->minvalue.int_min);
sharkd_json_value_anyf("max", "%d", node->maxvalue.int_max);
break;
case STAT_DT_FLOAT:
sharkd_json_value_anyf("avg", "%.2f", node->total.float_total / node->counter);
sharkd_json_value_anyf("min", "%f", node->minvalue.float_min);
sharkd_json_value_anyf("max", "%f", node->maxvalue.float_max);
break;
}
}
if (node->st->elapsed)
sharkd_json_value_anyf("rate", "%.4f", ((float)node->counter) / node->st->elapsed);
if (node->parent && node->parent->counter)
sharkd_json_value_anyf("perc", "%.2f", (node->counter * 100.0) / node->parent->counter);
else if (node->parent == &(node->st->root))
sharkd_json_value_anyf("perc", "100");
if (prefs.st_enable_burstinfo && node->max_burst)
{
if (prefs.st_burst_showcount)
sharkd_json_value_anyf("burstcount", "%d", node->max_burst);
else
sharkd_json_value_anyf("burstrate", "%.4f", ((double)node->max_burst) / prefs.st_burst_windowlen);
sharkd_json_value_anyf("bursttime", "%.3f", (node->burst_time / 1000.0));
}
if (node->children)
{
sharkd_json_value_anyf("sub", NULL);
sharkd_session_process_tap_stats_node_cb(node);
}
json_dumper_end_object(&dumper);
}
sharkd_json_array_close();
}
/**
* sharkd_session_process_tap_stats_cb()
*
* Output stats tap:
*
* (m) tap - tap name
* (m) type:stats - tap output type
* (m) name - stat name
* (m) stats - array of object with attributes:
* (m) name - stat item name
* (m) count - stat item counter
* (o) avg - stat item averange value
* (o) min - stat item min value
* (o) max - stat item max value
* (o) rate - stat item rate value (ms)
* (o) perc - stat item percentage
* (o) burstrate - stat item burst rate
* (o) burstcount - stat item burst count
* (o) burstttme - stat item burst start
* (o) sub - array of object with attributes like in stats node.
*/
static void
sharkd_session_process_tap_stats_cb(void *psp)
{
stats_tree *st = (stats_tree *) psp;
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("tap", "stats:%s", st->cfg->abbr);
sharkd_json_value_string("type", "stats");
sharkd_json_value_string("name", st->cfg->name);
sharkd_json_value_anyf("stats", NULL);
sharkd_session_process_tap_stats_node_cb(&st->root);
json_dumper_end_object(&dumper);
}
static void
sharkd_session_free_tap_stats_cb(void *psp)
{
stats_tree *st = (stats_tree *) psp;
stats_tree_free(st);
}
struct sharkd_expert_tap
{
GSList *details;
GStringChunk *text;
};
/**
* sharkd_session_process_tap_expert_cb()
*
* Output expert tap:
*
* (m) tap - tap name
* (m) type:expert - tap output type
* (m) details - array of object with attributes:
* (m) f - frame number, which generated expert information
* (o) s - severity
* (o) g - group
* (m) m - expert message
* (o) p - protocol
*/
static void
sharkd_session_process_tap_expert_cb(void *tapdata)
{
struct sharkd_expert_tap *etd = (struct sharkd_expert_tap *) tapdata;
GSList *list;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("tap", "expert");
sharkd_json_value_string("type", "expert");
sharkd_json_array_open("details");
for (list = etd->details; list; list = list->next)
{
expert_info_t *ei = (expert_info_t *) list->data;
const char *tmp;
json_dumper_begin_object(&dumper);
sharkd_json_value_anyf("f", "%u", ei->packet_num);
tmp = try_val_to_str(ei->severity, expert_severity_vals);
if (tmp)
sharkd_json_value_string("s", tmp);
tmp = try_val_to_str(ei->group, expert_group_vals);
if (tmp)
sharkd_json_value_string("g", tmp);
sharkd_json_value_string("m", ei->summary);
if (ei->protocol)
sharkd_json_value_string("p", ei->protocol);
json_dumper_end_object(&dumper);
}
sharkd_json_array_close();
json_dumper_end_object(&dumper);
}
static tap_packet_status
sharkd_session_packet_tap_expert_cb(void *tapdata, packet_info *pinfo _U_, epan_dissect_t *edt _U_, const void *pointer, tap_flags_t flags _U_)
{
struct sharkd_expert_tap *etd = (struct sharkd_expert_tap *) tapdata;
const expert_info_t *ei = (const expert_info_t *) pointer;
expert_info_t *ei_copy;
if (ei == NULL)
return TAP_PACKET_DONT_REDRAW;
ei_copy = g_new(expert_info_t, 1);
/* Note: this is a shallow copy */
*ei_copy = *ei;
/* ei->protocol, ei->summary might be allocated in packet scope, make a copy. */
ei_copy->protocol = g_string_chunk_insert_const(etd->text, ei_copy->protocol);
ei_copy->summary = g_string_chunk_insert_const(etd->text, ei_copy->summary);
etd->details = g_slist_prepend(etd->details, ei_copy);
return TAP_PACKET_REDRAW;
}
static void
sharkd_session_free_tap_expert_cb(void *tapdata)
{
struct sharkd_expert_tap *etd = (struct sharkd_expert_tap *) tapdata;
g_slist_free_full(etd->details, g_free);
g_string_chunk_free(etd->text);
g_free(etd);
}
/**
* sharkd_session_process_tap_flow_cb()
*
* Output flow tap:
* (m) tap - tap name
* (m) type:flow - tap output type
* (m) nodes - array of strings with node address
* (m) flows - array of object with attributes:
* (m) t - frame time string
* (m) n - array of two numbers with source node index and destination node index
* (m) pn - array of two numbers with source and destination port
* (o) c - comment
*/
static void
sharkd_session_process_tap_flow_cb(void *tapdata)
{
seq_analysis_info_t *graph_analysis = (seq_analysis_info_t *) tapdata;
GList *flow_list;
guint i;
sequence_analysis_get_nodes(graph_analysis);
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("tap", "seqa:%s", graph_analysis->name);
sharkd_json_value_string("type", "flow");
sharkd_json_array_open("nodes");
for (i = 0; i < graph_analysis->num_nodes; i++)
{
char *addr_str;
addr_str = address_to_display(NULL, &(graph_analysis->nodes[i]));
sharkd_json_value_string(NULL, addr_str);
wmem_free(NULL, addr_str);
}
sharkd_json_array_close();
sharkd_json_array_open("flows");
flow_list = g_queue_peek_nth_link(graph_analysis->items, 0);
while (flow_list)
{
seq_analysis_item_t *sai = (seq_analysis_item_t *) flow_list->data;
flow_list = g_list_next(flow_list);
if (!sai->display)
continue;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("t", sai->time_str);
sharkd_json_value_anyf("n", "[%u,%u]", sai->src_node, sai->dst_node);
sharkd_json_value_anyf("pn", "[%u,%u]", sai->port_src, sai->port_dst);
if (sai->comment)
sharkd_json_value_string("c", sai->comment);
json_dumper_end_object(&dumper);
}
sharkd_json_array_close();
json_dumper_end_object(&dumper);
}
static void
sharkd_session_free_tap_flow_cb(void *tapdata)
{
seq_analysis_info_t *graph_analysis = (seq_analysis_info_t *) tapdata;
sequence_analysis_info_free(graph_analysis);
}
struct sharkd_conv_tap_data
{
const char *type;
conv_hash_t hash;
gboolean resolve_name;
gboolean resolve_port;
};
static gboolean
sharkd_session_geoip_addr(address *addr, const char *suffix)
{
const mmdb_lookup_t *lookup = NULL;
gboolean with_geoip = FALSE;
char json_key[64];
if (addr->type == AT_IPv4)
{
const ws_in4_addr *ip4 = (const ws_in4_addr *) addr->data;
lookup = maxmind_db_lookup_ipv4(ip4);
}
else if (addr->type == AT_IPv6)
{
const ws_in6_addr *ip6 = (const ws_in6_addr *) addr->data;
lookup = maxmind_db_lookup_ipv6(ip6);
}
if (!lookup || !lookup->found)
return FALSE;
if (lookup->country)
{
snprintf(json_key, sizeof(json_key), "geoip_country%s", suffix);
sharkd_json_value_string(json_key, lookup->country);
with_geoip = TRUE;
}
if (lookup->country_iso)
{
snprintf(json_key, sizeof(json_key), "geoip_country_iso%s", suffix);
sharkd_json_value_string(json_key, lookup->country_iso);
with_geoip = TRUE;
}
if (lookup->city)
{
snprintf(json_key, sizeof(json_key), "geoip_city%s", suffix);
sharkd_json_value_string(json_key, lookup->city);
with_geoip = TRUE;
}
if (lookup->as_org)
{
snprintf(json_key, sizeof(json_key), "geoip_as_org%s", suffix);
sharkd_json_value_string(json_key, lookup->as_org);
with_geoip = TRUE;
}
if (lookup->as_number > 0)
{
snprintf(json_key, sizeof(json_key), "geoip_as%s", suffix);
sharkd_json_value_anyf(json_key, "%u", lookup->as_number);
with_geoip = TRUE;
}
if (lookup->latitude >= -90.0 && lookup->latitude <= 90.0)
{
snprintf(json_key, sizeof(json_key), "geoip_lat%s", suffix);
sharkd_json_value_anyf(json_key, "%f", lookup->latitude);
with_geoip = TRUE;
}
if (lookup->longitude >= -180.0 && lookup->longitude <= 180.0)
{
snprintf(json_key, sizeof(json_key), "geoip_lon%s", suffix);
sharkd_json_value_anyf(json_key, "%f", lookup->longitude);
with_geoip = TRUE;
}
return with_geoip;
}
struct sharkd_analyse_rtp_items
{
guint32 frame_num;
guint32 sequence_num;
double delta;
double jitter;
double skew;
double bandwidth;
gboolean marker;
double arrive_offset;
/* from tap_rtp_stat_t */
guint32 flags;
guint16 pt;
};
struct sharkd_analyse_rtp
{
const char *tap_name;
rtpstream_id_t id;
GSList *packets;
double start_time;
tap_rtp_stat_t statinfo;
};
static void
sharkd_session_process_tap_rtp_free_cb(void *tapdata)
{
struct sharkd_analyse_rtp *rtp_req = (struct sharkd_analyse_rtp *) tapdata;
g_slist_free_full(rtp_req->packets, g_free);
g_free(rtp_req);
}
static tap_packet_status
sharkd_session_packet_tap_rtp_analyse_cb(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_, const void *pointer, tap_flags_t flags _U_)
{
struct sharkd_analyse_rtp *rtp_req = (struct sharkd_analyse_rtp *) tapdata;
const struct _rtp_info *rtp_info = (const struct _rtp_info *) pointer;
if (rtpstream_id_equal_pinfo_rtp_info(&rtp_req->id, pinfo, rtp_info))
{
tap_rtp_stat_t *statinfo = &(rtp_req->statinfo);
struct sharkd_analyse_rtp_items *item;
rtppacket_analyse(statinfo, pinfo, rtp_info);
item = g_new(struct sharkd_analyse_rtp_items, 1);
if (!rtp_req->packets)
rtp_req->start_time = nstime_to_sec(&pinfo->abs_ts);
item->frame_num = pinfo->num;
item->sequence_num = rtp_info->info_seq_num;
item->delta = (statinfo->flags & STAT_FLAG_FIRST) ? 0.0 : statinfo->delta;
item->jitter = (statinfo->flags & STAT_FLAG_FIRST) ? 0.0 : statinfo->jitter;
item->skew = (statinfo->flags & STAT_FLAG_FIRST) ? 0.0 : statinfo->skew;
item->bandwidth = statinfo->bandwidth;
item->marker = rtp_info->info_marker_set ? TRUE : FALSE;
item->arrive_offset= nstime_to_sec(&pinfo->abs_ts) - rtp_req->start_time;
item->flags = statinfo->flags;
item->pt = statinfo->pt;
/* XXX, O(n) optimize */
rtp_req->packets = g_slist_append(rtp_req->packets, item);
}
return TAP_PACKET_REDRAW;
}
/**
* sharkd_session_process_tap_rtp_analyse_cb()
*
* Output rtp analyse tap:
* (m) tap - tap name
* (m) type - tap output type
* (m) ssrc - RTP SSRC
* (m) max_delta - Max delta (ms)
* (m) max_delta_nr - Max delta packet #
* (m) max_jitter - Max jitter (ms)
* (m) mean_jitter - Mean jitter (ms)
* (m) max_skew - Max skew (ms)
* (m) total_nr - Total number of RTP packets
* (m) seq_err - Number of sequence errors
* (m) duration - Duration (ms)
* (m) items - array of object with attributes:
* (m) f - frame number
* (m) o - arrive offset
* (m) sn - sequence number
* (m) d - delta
* (m) j - jitter
* (m) sk - skew
* (m) bw - bandwidth
* (o) s - status string
* (o) t - status type
* (o) mark - rtp mark
*/
static void
sharkd_session_process_tap_rtp_analyse_cb(void *tapdata)
{
const int RTP_TYPE_CN = 1;
const int RTP_TYPE_ERROR = 2;
const int RTP_TYPE_WARN = 3;
const int RTP_TYPE_PT_EVENT = 4;
const struct sharkd_analyse_rtp *rtp_req = (struct sharkd_analyse_rtp *) tapdata;
const tap_rtp_stat_t *statinfo = &rtp_req->statinfo;
GSList *l;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("tap", rtp_req->tap_name);
sharkd_json_value_string("type", "rtp-analyse");
sharkd_json_value_anyf("ssrc", "%u", rtp_req->id.ssrc);
sharkd_json_value_anyf("max_delta", "%f", statinfo->max_delta);
sharkd_json_value_anyf("max_delta_nr", "%u", statinfo->max_nr);
sharkd_json_value_anyf("max_jitter", "%f", statinfo->max_jitter);
sharkd_json_value_anyf("mean_jitter", "%f", statinfo->mean_jitter);
sharkd_json_value_anyf("max_skew", "%f", statinfo->max_skew);
sharkd_json_value_anyf("total_nr", "%u", statinfo->total_nr);
sharkd_json_value_anyf("seq_err", "%u", statinfo->sequence);
sharkd_json_value_anyf("duration", "%f", statinfo->time - statinfo->start_time);
sharkd_json_array_open("items");
for (l = rtp_req->packets; l; l = l->next)
{
struct sharkd_analyse_rtp_items *item = (struct sharkd_analyse_rtp_items *) l->data;
json_dumper_begin_object(&dumper);
sharkd_json_value_anyf("f", "%u", item->frame_num);
sharkd_json_value_anyf("o", "%.9f", item->arrive_offset);
sharkd_json_value_anyf("sn", "%u", item->sequence_num);
sharkd_json_value_anyf("d", "%.2f", item->delta);
sharkd_json_value_anyf("j", "%.2f", item->jitter);
sharkd_json_value_anyf("sk", "%.2f", item->skew);
sharkd_json_value_anyf("bw", "%.2f", item->bandwidth);
if (item->pt == PT_CN)
{
sharkd_json_value_string("s", "Comfort noise (PT=13, RFC 3389)");
sharkd_json_value_anyf("t", "%d", RTP_TYPE_CN);
}
else if (item->pt == PT_CN_OLD)
{
sharkd_json_value_string("s", "Comfort noise (PT=19, reserved)");
sharkd_json_value_anyf("t", "%d", RTP_TYPE_CN);
}
else if (item->flags & STAT_FLAG_WRONG_SEQ)
{
sharkd_json_value_string("s", "Wrong sequence number");
sharkd_json_value_anyf("t", "%d", RTP_TYPE_ERROR);
}
else if (item->flags & STAT_FLAG_DUP_PKT)
{
sharkd_json_value_string("s", "Suspected duplicate (MAC address) only delta time calculated");
sharkd_json_value_anyf("t", "%d", RTP_TYPE_WARN);
}
else if (item->flags & STAT_FLAG_REG_PT_CHANGE)
{
sharkd_json_value_stringf("s", "Payload changed to PT=%u%s",
item->pt,
(item->flags & STAT_FLAG_PT_T_EVENT) ? " telephone/event" : "");
sharkd_json_value_anyf("t", "%d", RTP_TYPE_WARN);
}
else if (item->flags & STAT_FLAG_WRONG_TIMESTAMP)
{
sharkd_json_value_string("s", "Incorrect timestamp");
sharkd_json_value_anyf("t", "%d", RTP_TYPE_WARN);
}
else if ((item->flags & STAT_FLAG_PT_CHANGE)
&& !(item->flags & STAT_FLAG_FIRST)
&& !(item->flags & STAT_FLAG_PT_CN)
&& (item->flags & STAT_FLAG_FOLLOW_PT_CN)
&& !(item->flags & STAT_FLAG_MARKER))
{
sharkd_json_value_string("s", "Marker missing?");
sharkd_json_value_anyf("t", "%d", RTP_TYPE_WARN);
}
else if (item->flags & STAT_FLAG_PT_T_EVENT)
{
sharkd_json_value_stringf("s", "PT=%u telephone/event", item->pt);
sharkd_json_value_anyf("t", "%d", RTP_TYPE_PT_EVENT);
}
else if (item->flags & STAT_FLAG_MARKER)
{
sharkd_json_value_anyf("t", "%d", RTP_TYPE_WARN);
}
if (item->marker)
sharkd_json_value_anyf("mark", "1");
json_dumper_end_object(&dumper);
}
sharkd_json_array_close();
json_dumper_end_object(&dumper);
}
/**
* sharkd_session_process_tap_conv_cb()
*
* Output conv tap:
* (m) tap - tap name
* (m) type - tap output type
* (m) proto - protocol short name
* (o) filter - filter string
* (o) geoip - whether GeoIP information is available, boolean
*
* (o) convs - array of object with attributes:
* (m) saddr - source address
* (m) daddr - destination address
* (o) sport - source port
* (o) dport - destination port
* (m) txf - TX frame count
* (m) txb - TX bytes
* (m) rxf - RX frame count
* (m) rxb - RX bytes
* (m) start - (relative) first packet time
* (m) stop - (relative) last packet time
* (o) filter - conversation filter
*
* (o) hosts - array of object with attributes:
* (m) host - host address
* (o) port - host port
* (m) txf - TX frame count
* (m) txb - TX bytes
* (m) rxf - RX frame count
* (m) rxb - RX bytes
*/
static void
sharkd_session_process_tap_conv_cb(void *arg)
{
conv_hash_t *hash = (conv_hash_t *) arg;
const struct sharkd_conv_tap_data *iu = (struct sharkd_conv_tap_data *) hash->user_data;
const char *proto;
int proto_with_port;
guint i;
int with_geoip = 0;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("tap", iu->type);
if (!strncmp(iu->type, "conv:", 5))
{
sharkd_json_value_string("type", "conv");
sharkd_json_array_open("convs");
proto = iu->type + 5;
}
else if (!strncmp(iu->type, "endpt:", 6))
{
sharkd_json_value_string("type", "host");
sharkd_json_array_open("hosts");
proto = iu->type + 6;
}
else
{
sharkd_json_value_string("type", "err");
proto = "";
}
proto_with_port = (!strcmp(proto, "TCP") || !strcmp(proto, "UDP") || !strcmp(proto, "SCTP"));
if (iu->hash.conv_array != NULL && !strncmp(iu->type, "conv:", 5))
{
for (i = 0; i < iu->hash.conv_array->len; i++)
{
conv_item_t *iui = &g_array_index(iu->hash.conv_array, conv_item_t, i);
char *src_addr, *dst_addr;
char *src_port, *dst_port;
char *filter_str;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("saddr", (src_addr = get_conversation_address(NULL, &iui->src_address, iu->resolve_name)));
sharkd_json_value_string("daddr", (dst_addr = get_conversation_address(NULL, &iui->dst_address, iu->resolve_name)));
if (proto_with_port)
{
sharkd_json_value_string("sport", (src_port = get_conversation_port(NULL, iui->src_port, iui->ctype, iu->resolve_port)));
sharkd_json_value_string("dport", (dst_port = get_conversation_port(NULL, iui->dst_port, iui->ctype, iu->resolve_port)));
wmem_free(NULL, src_port);
wmem_free(NULL, dst_port);
}
sharkd_json_value_anyf("rxf", "%" PRIu64, iui->rx_frames);
sharkd_json_value_anyf("rxb", "%" PRIu64, iui->rx_bytes);
sharkd_json_value_anyf("txf", "%" PRIu64, iui->tx_frames);
sharkd_json_value_anyf("txb", "%" PRIu64, iui->tx_bytes);
sharkd_json_value_anyf("start", "%.9f", nstime_to_sec(&iui->start_time));
sharkd_json_value_anyf("stop", "%.9f", nstime_to_sec(&iui->stop_time));
filter_str = get_conversation_filter(iui, CONV_DIR_A_TO_FROM_B);
if (filter_str)
{
sharkd_json_value_string("filter", filter_str);
g_free(filter_str);
}
wmem_free(NULL, src_addr);
wmem_free(NULL, dst_addr);
if (sharkd_session_geoip_addr(&(iui->src_address), "1"))
with_geoip = 1;
if (sharkd_session_geoip_addr(&(iui->dst_address), "2"))
with_geoip = 1;
json_dumper_end_object(&dumper);
}
}
else if (iu->hash.conv_array != NULL && !strncmp(iu->type, "endpt:", 6))
{
for (i = 0; i < iu->hash.conv_array->len; i++)
{
endpoint_item_t *endpoint = &g_array_index(iu->hash.conv_array, endpoint_item_t, i);
char *host_str, *port_str;
char *filter_str;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("host", (host_str = get_conversation_address(NULL, &endpoint->myaddress, iu->resolve_name)));
if (proto_with_port)
{
sharkd_json_value_string("port", (port_str = get_endpoint_port(NULL, endpoint, iu->resolve_port)));
wmem_free(NULL, port_str);
}
sharkd_json_value_anyf("rxf", "%" PRIu64, endpoint->rx_frames);
sharkd_json_value_anyf("rxb", "%" PRIu64, endpoint->rx_bytes);
sharkd_json_value_anyf("txf", "%" PRIu64, endpoint->tx_frames);
sharkd_json_value_anyf("txb", "%" PRIu64, endpoint->tx_bytes);
filter_str = get_endpoint_filter(endpoint);
if (filter_str)
{
sharkd_json_value_string("filter", filter_str);
g_free(filter_str);
}
wmem_free(NULL, host_str);
if (sharkd_session_geoip_addr(&(endpoint->myaddress), ""))
with_geoip = 1;
json_dumper_end_object(&dumper);
}
}
sharkd_json_array_close();
sharkd_json_value_string("proto", proto);
sharkd_json_value_anyf("geoip", with_geoip ? "true" : "false");
json_dumper_end_object(&dumper);
}
static void
sharkd_session_free_tap_conv_cb(void *arg)
{
conv_hash_t *hash = (conv_hash_t *) arg;
struct sharkd_conv_tap_data *iu = (struct sharkd_conv_tap_data *) hash->user_data;
if (!strncmp(iu->type, "conv:", 5))
{
reset_conversation_table_data(hash);
}
else if (!strncmp(iu->type, "endpt:", 6))
{
reset_endpoint_table_data(hash);
}
g_free(iu);
}
/**
* sharkd_session_process_tap_nstat_cb()
*
* Output nstat tap:
* (m) tap - tap name
* (m) type - tap output type
* (m) fields: array of objects with attributes:
* (m) c - name
*
* (m) tables: array of object with attributes:
* (m) t - table title
* (m) i - array of items
*/
static void
sharkd_session_process_tap_nstat_cb(void *arg)
{
stat_data_t *stat_data = (stat_data_t *) arg;
guint i, j, k;
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("tap", "nstat:%s", stat_data->stat_tap_data->cli_string);
sharkd_json_value_string("type", "nstat");
sharkd_json_array_open("fields");
for (i = 0; i < stat_data->stat_tap_data->nfields; i++)
{
stat_tap_table_item *field = &(stat_data->stat_tap_data->fields[i]);
json_dumper_begin_object(&dumper);
sharkd_json_value_string("c", field->column_name);
json_dumper_end_object(&dumper);
}
sharkd_json_array_close();
sharkd_json_array_open("tables");
for (i = 0; i < stat_data->stat_tap_data->tables->len; i++)
{
stat_tap_table *table = g_array_index(stat_data->stat_tap_data->tables, stat_tap_table *, i);
json_dumper_begin_object(&dumper);
sharkd_json_value_string("t", table->title);
sharkd_json_array_open("i");
for (j = 0; j < table->num_elements; j++)
{
stat_tap_table_item_type *field_data;
field_data = stat_tap_get_field_data(table, j, 0);
if (field_data == NULL || field_data->type == TABLE_ITEM_NONE) /* Nothing for us here */
continue;
sharkd_json_array_open(NULL);
for (k = 0; k < table->num_fields; k++)
{
field_data = stat_tap_get_field_data(table, j, k);
switch (field_data->type)
{
case TABLE_ITEM_UINT:
sharkd_json_value_anyf(NULL, "%u", field_data->value.uint_value);
break;
case TABLE_ITEM_INT:
sharkd_json_value_anyf(NULL, "%d", field_data->value.int_value);
break;
case TABLE_ITEM_STRING:
sharkd_json_value_string(NULL, field_data->value.string_value);
break;
case TABLE_ITEM_FLOAT:
sharkd_json_value_anyf(NULL, "%f", field_data->value.float_value);
break;
case TABLE_ITEM_ENUM:
sharkd_json_value_anyf(NULL, "%d", field_data->value.enum_value);
break;
case TABLE_ITEM_NONE:
sharkd_json_value_anyf(NULL, "null");
break;
}
}
sharkd_json_array_close();
}
sharkd_json_array_close();
json_dumper_end_object(&dumper);
}
sharkd_json_array_close();
json_dumper_end_object(&dumper);
}
static void
sharkd_session_free_tap_nstat_cb(void *arg)
{
stat_data_t *stat_data = (stat_data_t *) arg;
free_stat_tables(stat_data->stat_tap_data);
}
/**
* sharkd_session_process_tap_rtd_cb()
*
* Output rtd tap:
* (m) tap - tap name
* (m) type - tap output type
* (m) stats - statistics rows - array object with attributes:
* (m) type - statistic name
* (m) num - number of messages
* (m) min - minimum SRT time
* (m) max - maximum SRT time
* (m) tot - total SRT time
* (m) min_frame - minimal SRT
* (m) max_frame - maximum SRT
* (o) open_req - Open Requests
* (o) disc_rsp - Discarded Responses
* (o) req_dup - Duplicated Requests
* (o) rsp_dup - Duplicated Responses
* (o) open_req - Open Requests
* (o) disc_rsp - Discarded Responses
* (o) req_dup - Duplicated Requests
* (o) rsp_dup - Duplicated Responses
*/
static void
sharkd_session_process_tap_rtd_cb(void *arg)
{
rtd_data_t *rtd_data = (rtd_data_t *) arg;
register_rtd_t *rtd = (register_rtd_t *) rtd_data->user_data;
guint i, j;
const char *filter = proto_get_protocol_filter_name(get_rtd_proto_id(rtd));
/* XXX, some dissectors are having single table and multiple timestats (mgcp, megaco),
* some multiple table and single timestat (radius, h225)
* and it seems that value_string is used one for timestamp-ID, other one for table-ID
* I wonder how it will gonna work with multiple timestats and multiple tables...
* (for usage grep for: register_rtd_table)
*/
const value_string *vs = get_rtd_value_string(rtd);
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("tap", "rtd:%s", filter);
sharkd_json_value_string("type", "rtd");
if (rtd_data->stat_table.num_rtds == 1)
{
const rtd_timestat *ms = &rtd_data->stat_table.time_stats[0];
sharkd_json_value_anyf("open_req", "%u", ms->open_req_num);
sharkd_json_value_anyf("disc_rsp", "%u", ms->disc_rsp_num);
sharkd_json_value_anyf("req_dup", "%u", ms->req_dup_num);
sharkd_json_value_anyf("rsp_dup", "%u", ms->rsp_dup_num);
}
sharkd_json_array_open("stats");
for (i = 0; i < rtd_data->stat_table.num_rtds; i++)
{
const rtd_timestat *ms = &rtd_data->stat_table.time_stats[i];
for (j = 0; j < ms->num_timestat; j++)
{
const char *type_str;
if (ms->rtd[j].num == 0)
continue;
json_dumper_begin_object(&dumper);
if (rtd_data->stat_table.num_rtds == 1)
type_str = val_to_str_const(j, vs, "Other"); /* 1 table - description per row */
else
type_str = val_to_str_const(i, vs, "Other"); /* multiple table - description per table */
sharkd_json_value_string("type", type_str);
sharkd_json_value_anyf("num", "%u", ms->rtd[j].num);
sharkd_json_value_anyf("min", "%.9f", nstime_to_sec(&(ms->rtd[j].min)));
sharkd_json_value_anyf("max", "%.9f", nstime_to_sec(&(ms->rtd[j].max)));
sharkd_json_value_anyf("tot", "%.9f", nstime_to_sec(&(ms->rtd[j].tot)));
sharkd_json_value_anyf("min_frame", "%u", ms->rtd[j].min_num);
sharkd_json_value_anyf("max_frame", "%u", ms->rtd[j].max_num);
if (rtd_data->stat_table.num_rtds != 1)
{
/* like in tshark, display it on every row */
sharkd_json_value_anyf("open_req", "%u", ms->open_req_num);
sharkd_json_value_anyf("disc_rsp", "%u", ms->disc_rsp_num);
sharkd_json_value_anyf("req_dup", "%u", ms->req_dup_num);
sharkd_json_value_anyf("rsp_dup", "%u", ms->rsp_dup_num);
}
json_dumper_end_object(&dumper);
}
}
sharkd_json_array_close();
json_dumper_end_object(&dumper);
}
static void
sharkd_session_free_tap_rtd_cb(void *arg)
{
rtd_data_t *rtd_data = (rtd_data_t *) arg;
free_rtd_table(&rtd_data->stat_table);
g_free(rtd_data);
}
/**
* sharkd_session_process_tap_srt_cb()
*
* Output srt tap:
* (m) tap - tap name
* (m) type - tap output type
*
* (m) tables - array of object with attributes:
* (m) n - table name
* (m) f - table filter
* (o) c - table column name
* (m) r - table rows - array object with attributes:
* (m) n - row name
* (m) idx - procedure index
* (m) num - number of events
* (m) min - minimum SRT time
* (m) max - maximum SRT time
* (m) tot - total SRT time
*/
static void
sharkd_session_process_tap_srt_cb(void *arg)
{
srt_data_t *srt_data = (srt_data_t *) arg;
register_srt_t *srt = (register_srt_t *) srt_data->user_data;
const char *filter = proto_get_protocol_filter_name(get_srt_proto_id(srt));
guint i;
json_dumper_begin_object(&dumper);
sharkd_json_value_stringf("tap", "srt:%s", filter);
sharkd_json_value_string("type", "srt");
sharkd_json_array_open("tables");
for (i = 0; i < srt_data->srt_array->len; i++)
{
/* SRT table */
srt_stat_table *rst = g_array_index(srt_data->srt_array, srt_stat_table *, i);
int j;
json_dumper_begin_object(&dumper);
if (rst->name)
sharkd_json_value_string("n", rst->name);
else if (rst->short_name)
sharkd_json_value_string("n", rst->short_name);
else
sharkd_json_value_stringf("n", "table%u", i);
if (rst->filter_string)
sharkd_json_value_string("f", rst->filter_string);
if (rst->proc_column_name)
sharkd_json_value_string("c", rst->proc_column_name);
sharkd_json_array_open("r");
for (j = 0; j < rst->num_procs; j++)
{
/* SRT row */
srt_procedure_t *proc = &rst->procedures[j];
if (proc->stats.num == 0)
continue;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("n", proc->procedure);
if (rst->filter_string)
sharkd_json_value_anyf("idx", "%d", proc->proc_index);
sharkd_json_value_anyf("num", "%u", proc->stats.num);
sharkd_json_value_anyf("min", "%.9f", nstime_to_sec(&proc->stats.min));
sharkd_json_value_anyf("max", "%.9f", nstime_to_sec(&proc->stats.max));
sharkd_json_value_anyf("tot", "%.9f", nstime_to_sec(&proc->stats.tot));
json_dumper_end_object(&dumper);
}
sharkd_json_array_close();
json_dumper_end_object(&dumper);
}
sharkd_json_array_close();
json_dumper_end_object(&dumper);
}
static void
sharkd_session_free_tap_srt_cb(void *arg)
{
srt_data_t *srt_data = (srt_data_t *) arg;
register_srt_t *srt = (register_srt_t *) srt_data->user_data;
free_srt_table(srt, srt_data->srt_array);
g_array_free(srt_data->srt_array, TRUE);
g_free(srt_data);
}
struct sharkd_export_object_list
{
struct sharkd_export_object_list *next;
char *type;
const char *proto;
GSList *entries;
};
static struct sharkd_export_object_list *sharkd_eo_list;
/**
* sharkd_session_process_tap_eo_cb()
*
* Output eo tap:
* (m) tap - tap name
* (m) type - tap output type
* (m) proto - protocol short name
* (m) objects - array of object with attributes:
* (m) pkt - packet number
* (o) hostname - hostname
* (o) type - content type
* (o) filename - filename
* (m) len - object length
*/
static void
sharkd_session_process_tap_eo_cb(void *tapdata)
{
export_object_list_t *tap_object = (export_object_list_t *) tapdata;
struct sharkd_export_object_list *object_list = (struct sharkd_export_object_list *) tap_object->gui_data;
GSList *slist;
int i = 0;
json_dumper_begin_object(&dumper);
sharkd_json_value_string("tap", object_list->type);
sharkd_json_value_string("type", "eo");
sharkd_json_value_string("proto", object_list->proto);
sharkd_json_array_open("objects");
for (slist = object_list->entries; slist; slist = slist->next)
{
const export_object_entry_t *eo_entry = (export_object_entry_t *) slist->data;
json_dumper_begin_object(&dumper);
sharkd_json_value_anyf("pkt", "%u", eo_entry->pkt_num);
if (eo_entry->hostname)
sharkd_json_value_string("hostname", eo_entry->hostname);
if (eo_entry->content_type)
sharkd_json_value_string("type", eo_entry->content_type);
if (eo_entry->filename)
sharkd_json_value_string("filename", eo_entry->filename);
sharkd_json_value_stringf("_download", "%s_%d", object_list->type, i);
sharkd_json_value_anyf("len", "%zu", eo_entry->payload_len);