forked from osmocom/wireshark
29 lines
1.3 KiB
Plaintext
29 lines
1.3 KiB
Plaintext
# web.mate
|
|
# $Id$
|
|
|
|
Action=PduDef; Name=dns_pdu; Proto=dns; Transport=ip; addr=ip.addr; dns_resp=dns.flags.response; host=dns.qry.name; client_addr=ip.src; dns_id=dns.id;
|
|
Action=PduDef; Name=http_pdu; Proto=http; Transport=tcp/ip; addr=ip.addr; port=tcp.port; http_rq=http.request.method; http_rs=http.response; host=http.host; client_addr=ip.src;
|
|
|
|
Action=GopDef; Name=dns_req; On=dns_pdu; addr; addr; dns_id;
|
|
Action=GopStart; For=dns_req; dns_resp=0;
|
|
Action=GopStop; For=dns_req; dns_resp=1;
|
|
|
|
Action=GopDef; Name=http_req; On=http_pdu; addr; addr; port; port;
|
|
Action=GopStart; For=http_req; http_rq;
|
|
Action=GopStop; For=http_req; http_rs;
|
|
|
|
Action=Transform; Name=rm_client_from_dns_resp; Mode=Replace; Match=Every; dns_resp=1; client_addr; .dns_resp=1;
|
|
Action=PduTransform; For=dns_pdu; Name=rm_client_from_dns_resp;
|
|
|
|
Action=Transform; Name=rm_client_from_http_resp; Mode=Replace; Match=Every; http_rs; client_addr; .http_rs=;
|
|
Action=PduTransform; For=http_pdu; Name=rm_client_from_http_resp;
|
|
|
|
Action=GopExtra; For=http_req; host; client_addr;
|
|
Action=GopExtra; For=dns_req; host; client_addr;
|
|
|
|
Action=GogDef; Name=http_use; GogExpiration=0.75;
|
|
Action=GogKey; For=http_use; On=http_req; host; client_addr;
|
|
Action=GogKey; For=http_use; On=dns_req; host;client_addr;
|
|
|
|
Action=GogExtra; For=http_use; host; client_addr;
|