osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/ui/cli/tap-follow.c

600 lines
16 KiB
C
Raw Blame History

/* tap-follow.c
*
* Copyright 2011-2013, QA Cafe <info@qacafe.com>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
/* This module provides udp and tcp follow stream capabilities to tshark.
* It is only used by tshark and not wireshark.
*/
#include "config.h"
#include <stdio.h>
#include <stdlib.h>
#include <glib.h>
#include <epan/addr_resolv.h>
#include <epan/charsets.h>
#include <epan/follow.h>
#include <epan/stat_tap_ui.h>
#include <epan/tap.h>
#include <wsutil/ws_assert.h>
void register_tap_listener_follow(void);
typedef struct _cli_follow_info {
show_type_t show_type;
register_follow_t* follower;
/* range */
guint32 chunkMin;
guint32 chunkMax;
/* filter */
int stream_index;
int sub_stream_index;
int port[2];
address addr[2];
union {
guint32 addrBuf_v4;
ws_in6_addr addrBuf_v6;
} addrBuf[2];
} cli_follow_info_t;
#define STR_FOLLOW "follow,"
#define STR_HEX ",hex"
#define STR_ASCII ",ascii"
#define STR_EBCDIC ",ebcdic"
#define STR_RAW ",raw"
#define STR_YAML ",yaml"
WS_NORETURN static void follow_exit(const char *strp)
{
fprintf(stderr, "tshark: follow - %s\n", strp);
exit(1);
}
static const char * follow_str_type(cli_follow_info_t* cli_follow_info)
{
switch (cli_follow_info->show_type)
{
case SHOW_HEXDUMP: return "hex";
case SHOW_ASCII: return "ascii";
case SHOW_EBCDIC: return "ebcdic";
case SHOW_RAW: return "raw";
case SHOW_YAML: return "yaml";
default:
ws_assert_not_reached();
break;
}
ws_assert_not_reached();
return "<unknown-mode>";
}
static void
follow_free(follow_info_t *follow_info)
{
cli_follow_info_t* cli_follow_info = (cli_follow_info_t*)follow_info->gui_data;
g_free(cli_follow_info);
follow_info_free(follow_info);
}
#define BYTES_PER_LINE 16
#define OFFSET_LEN 8
#define OFFSET_SPACE 2
#define HEX_START (OFFSET_LEN + OFFSET_SPACE)
#define HEX_LEN (BYTES_PER_LINE * 3) /* extra space at column 8 */
#define HEX_SPACE 2
#define ASCII_START (HEX_START + HEX_LEN + HEX_SPACE)
#define ASCII_LEN (BYTES_PER_LINE + 1) /* extra space at column 8 */
#define LINE_LEN (ASCII_START + ASCII_LEN)
static const char bin2hex[] = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
static void follow_print_hex(const char *prefixp, guint32 offset, void *datap, int len)
{
int ii;
int jj;
int kk;
guint8 val;
char line[LINE_LEN + 1];
for (ii = 0, jj = 0, kk = 0; ii < len; )
{
if ((ii % BYTES_PER_LINE) == 0)
{
/* new line */
snprintf(line, LINE_LEN + 1, "%0*X", OFFSET_LEN, offset);
memset(line + HEX_START - OFFSET_SPACE, ' ',
HEX_LEN + OFFSET_SPACE + HEX_SPACE);
/* offset of hex */
jj = HEX_START;
/* offset of ascii */
kk = ASCII_START;
}
val = ((guint8 *)datap)[ii];
line[jj++] = bin2hex[val >> 4];
line[jj++] = bin2hex[val & 0xf];
jj++;
line[kk++] = val >= ' ' && val < 0x7f ? val : '.';
/* extra space at column 8 */
if (++ii % BYTES_PER_LINE == BYTES_PER_LINE/2)
{
line[jj++] = ' ';
line[kk++] = ' ';
}
if ((ii % BYTES_PER_LINE) == 0 || ii == len)
{
/* end of line or buffer */
if (line[kk - 1] == ' ')
{
kk--;
}
line[kk] = 0;
printf("%s%s\n", prefixp, line);
offset += BYTES_PER_LINE;
}
}
}
static void follow_draw(void *contextp)
{
static const char separator[] =
"===================================================================\n";
follow_info_t *follow_info = (follow_info_t*)contextp;
cli_follow_info_t* cli_follow_info = (cli_follow_info_t*)follow_info->gui_data;
gchar buf[WS_INET6_ADDRSTRLEN];
guint32 global_client_pos = 0, global_server_pos = 0;
guint32 *global_pos;
guint32 ii, jj;
char *buffer;
GList *cur;
follow_record_t *follow_record;
guint chunk;
gchar *b64encoded;
const guint32 base64_raw_len = 57; /* Encodes to 76 bytes, common in RFCs */
/* Print header */
switch (cli_follow_info->show_type)
{
case SHOW_YAML:
printf("peers:\n");
printf(" - peer: 0\n");
address_to_str_buf(&follow_info->client_ip, buf, sizeof buf);
printf(" host: %s\n", buf);
printf(" port: %d\n", follow_info->client_port);
printf(" - peer: 1\n");
address_to_str_buf(&follow_info->server_ip, buf, sizeof buf);
printf(" host: %s\n", buf);
printf(" port: %d\n", follow_info->server_port);
printf("packets:\n");
break;
default:
printf("\n%s", separator);
printf("Follow: %s,%s\n", proto_get_protocol_filter_name(get_follow_proto_id(cli_follow_info->follower)), follow_str_type(cli_follow_info));
printf("Filter: %s\n", follow_info->filter_out_filter);
address_to_str_buf(&follow_info->client_ip, buf, sizeof buf);
if (follow_info->client_ip.type == AT_IPv6)
printf("Node 0: [%s]:%u\n", buf, follow_info->client_port);
else
printf("Node 0: %s:%u\n", buf, follow_info->client_port);
address_to_str_buf(&follow_info->server_ip, buf, sizeof buf);
if (follow_info->server_ip.type == AT_IPv6)
printf("Node 1: [%s]:%u\n", buf, follow_info->server_port);
else
printf("Node 1: %s:%u\n", buf, follow_info->server_port);
break;
}
for (cur = g_list_last(follow_info->payload), chunk = 1;
cur != NULL;
cur = g_list_previous(cur), chunk++)
{
follow_record = (follow_record_t *)cur->data;
if (!follow_record->is_server) {
global_pos = &global_client_pos;
} else {
global_pos = &global_server_pos;
}
/* ignore chunks not in range */
if ((chunk < cli_follow_info->chunkMin) || (chunk > cli_follow_info->chunkMax)) {
(*global_pos) += follow_record->data->len;
continue;
}
/* Print start of line */
switch (cli_follow_info->show_type)
{
case SHOW_HEXDUMP:
case SHOW_YAML:
break;
case SHOW_ASCII:
case SHOW_EBCDIC:
printf("%s%u\n", follow_record->is_server ? "\t" : "", follow_record->data->len);
break;
case SHOW_RAW:
if (follow_record->is_server)
{
putchar('\t');
}
break;
default:
ws_assert_not_reached();
}
/* Print data */
switch (cli_follow_info->show_type)
{
case SHOW_HEXDUMP:
follow_print_hex(follow_record->is_server ? "\t" : "", *global_pos, follow_record->data->data, follow_record->data->len);
(*global_pos) += follow_record->data->len;
break;
case SHOW_ASCII:
case SHOW_EBCDIC:
buffer = (char *)g_malloc(follow_record->data->len+2);
for (ii = 0; ii < follow_record->data->len; ii++)
{
switch (follow_record->data->data[ii])
{
case '\r':
case '\n':
buffer[ii] = follow_record->data->data[ii];
break;
default:
buffer[ii] = g_ascii_isprint(follow_record->data->data[ii]) ? follow_record->data->data[ii] : '.';
break;
}
}
buffer[ii++] = '\n';
buffer[ii] = 0;
if (cli_follow_info->show_type == SHOW_EBCDIC) {
EBCDIC_to_ASCII(buffer, ii);
}
printf("%s", buffer);
g_free(buffer);
break;
case SHOW_RAW:
buffer = (char *)g_malloc((follow_record->data->len*2)+2);
for (ii = 0, jj = 0; ii < follow_record->data->len; ii++)
{
buffer[jj++] = bin2hex[follow_record->data->data[ii] >> 4];
buffer[jj++] = bin2hex[follow_record->data->data[ii] & 0xf];
}
buffer[jj++] = '\n';
buffer[jj] = 0;
printf("%s", buffer);
g_free(buffer);
break;
case SHOW_YAML:
printf(" - packet: %d\n", follow_record->packet_num);
printf(" peer: %d\n", follow_record->is_server ? 1 : 0);
printf(" timestamp: %.9f\n", nstime_to_sec(&follow_record->abs_ts));
printf(" data: !!binary |\n");
ii = 0;
while (ii < follow_record->data->len) {
guint32 len = ii + base64_raw_len < follow_record->data->len
? base64_raw_len
: follow_record->data->len - ii;
b64encoded = g_base64_encode(&follow_record->data->data[ii], len);
printf(" %s\n", b64encoded);
g_free(b64encoded);
ii += len;
}
break;
default:
ws_assert_not_reached();
}
}
/* Print footer */
switch (cli_follow_info->show_type)
{
case SHOW_YAML:
break;
default:
printf("%s", separator);
break;
}
}
static gboolean follow_arg_strncmp(const char **opt_argp, const char *strp)
{
size_t len = strlen(strp);
if (strncmp(*opt_argp, strp, len) == 0)
{
*opt_argp += len;
return TRUE;
}
return FALSE;
}
static void
follow_arg_mode(const char **opt_argp, follow_info_t *follow_info)
{
cli_follow_info_t* cli_follow_info = (cli_follow_info_t*)follow_info->gui_data;
if (follow_arg_strncmp(opt_argp, STR_HEX))
{
cli_follow_info->show_type = SHOW_HEXDUMP;
}
else if (follow_arg_strncmp(opt_argp, STR_ASCII))
{
cli_follow_info->show_type = SHOW_ASCII;
}
else if (follow_arg_strncmp(opt_argp, STR_EBCDIC))
{
cli_follow_info->show_type = SHOW_EBCDIC;
}
else if (follow_arg_strncmp(opt_argp, STR_RAW))
{
cli_follow_info->show_type = SHOW_RAW;
}
else if (follow_arg_strncmp(opt_argp, STR_YAML))
{
cli_follow_info->show_type = SHOW_YAML;
}
else
{
follow_exit("Invalid display mode.");
}
}
#define _STRING(s) # s
#define STRING(s) _STRING(s)
#define ADDR_CHARS 80
#define ADDR_LEN (ADDR_CHARS + 1)
#define ADDRv6_FMT ",[%" STRING(ADDR_CHARS) "[^]]]:%d%n"
#define ADDRv4_FMT ",%" STRING(ADDR_CHARS) "[^:]:%d%n"
static void
follow_arg_filter(const char **opt_argp, follow_info_t *follow_info)
{
int len;
unsigned int ii;
char addr[ADDR_LEN];
cli_follow_info_t* cli_follow_info = (cli_follow_info_t*)follow_info->gui_data;
gboolean is_ipv6;
if (sscanf(*opt_argp, ",%d%n", &cli_follow_info->stream_index, &len) == 1 &&
((*opt_argp)[len] == 0 || (*opt_argp)[len] == ','))
{
*opt_argp += len;
/* if it's HTTP2 or QUIC protocol we should read substream id otherwise it's a range parameter from follow_arg_range */
if (cli_follow_info->sub_stream_index == -1 && sscanf(*opt_argp, ",%d%n", &cli_follow_info->sub_stream_index, &len) == 1 &&
((*opt_argp)[len] == 0 || (*opt_argp)[len] == ','))
{
*opt_argp += len;
follow_info->substream_id = cli_follow_info->sub_stream_index;
}
}
else
{
for (ii = 0; ii < sizeof cli_follow_info->addr/sizeof *cli_follow_info->addr; ii++)
{
if (sscanf(*opt_argp, ADDRv6_FMT, addr, &cli_follow_info->port[ii], &len) == 2)
{
is_ipv6 = TRUE;
}
else if (sscanf(*opt_argp, ADDRv4_FMT, addr, &cli_follow_info->port[ii], &len) == 2)
{
is_ipv6 = FALSE;
}
else
{
follow_exit("Invalid address.");
}
if (cli_follow_info->port[ii] <= 0 || cli_follow_info->port[ii] > G_MAXUINT16)
{
follow_exit("Invalid port.");
}
if (is_ipv6)
{
if (!get_host_ipaddr6(addr, &cli_follow_info->addrBuf[ii].addrBuf_v6))
{
follow_exit("Can't get IPv6 address");
}
set_address(&cli_follow_info->addr[ii], AT_IPv6, 16, (void *)&cli_follow_info->addrBuf[ii].addrBuf_v6);
}
else
{
if (!get_host_ipaddr(addr, &cli_follow_info->addrBuf[ii].addrBuf_v4))
{
follow_exit("Can't get IPv4 address");
}
set_address(&cli_follow_info->addr[ii], AT_IPv4, 4, (void *)&cli_follow_info->addrBuf[ii].addrBuf_v4);
}
*opt_argp += len;
}
if (cli_follow_info->addr[0].type != cli_follow_info->addr[1].type)
{
follow_exit("Mismatched IP address types.");
}
cli_follow_info->stream_index = -1;
}
}
static void follow_arg_range(const char **opt_argp, cli_follow_info_t* cli_follow_info)
{
int len;
if (**opt_argp == 0)
{
cli_follow_info->chunkMin = 1;
cli_follow_info->chunkMax = G_MAXUINT32;
}
else
{
if (sscanf(*opt_argp, ",%u-%u%n", &cli_follow_info->chunkMin, &cli_follow_info->chunkMax, &len) == 2)
{
*opt_argp += len;
}
else if (sscanf(*opt_argp, ",%u%n", &cli_follow_info->chunkMin, &len) == 1)
{
cli_follow_info->chunkMax = cli_follow_info->chunkMin;
*opt_argp += len;
}
else
{
follow_exit("Invalid range.");
}
if (cli_follow_info->chunkMin < 1 || cli_follow_info->chunkMin > cli_follow_info->chunkMax)
{
follow_exit("Invalid range value.");
}
}
}
static void
follow_arg_done(const char *opt_argp)
{
if (*opt_argp != 0)
{
follow_exit("Invalid parameter.");
}
}
static void follow_stream(const char *opt_argp, void *userdata)
{
follow_info_t *follow_info;
cli_follow_info_t* cli_follow_info;
GString *errp;
register_follow_t* follower = (register_follow_t*)userdata;
follow_index_filter_func index_filter;
follow_address_filter_func address_filter;
int proto_id = get_follow_proto_id(follower);
const char* proto_filter_name = proto_get_protocol_filter_name(proto_id);
opt_argp += strlen(STR_FOLLOW);
opt_argp += strlen(proto_filter_name);
cli_follow_info = g_new0(cli_follow_info_t, 1);
cli_follow_info->stream_index = -1;
/* use second parameter only for HTTP2 or QUIC substream */
if (g_str_equal(proto_filter_name, "http2") ||
g_str_equal(proto_filter_name, "quic")) {
cli_follow_info->sub_stream_index = -1;
} else {
cli_follow_info->sub_stream_index = 0;
}
follow_info = g_new0(follow_info_t, 1);
follow_info->gui_data = cli_follow_info;
follow_info->substream_id = SUBSTREAM_UNUSED;
cli_follow_info->follower = follower;
follow_arg_mode(&opt_argp, follow_info);
follow_arg_filter(&opt_argp, follow_info);
follow_arg_range(&opt_argp, cli_follow_info);
follow_arg_done(opt_argp);
if (cli_follow_info->stream_index >= 0)
{
index_filter = get_follow_index_func(follower);
follow_info->filter_out_filter = index_filter(cli_follow_info->stream_index, cli_follow_info->sub_stream_index);
if (follow_info->filter_out_filter == NULL || cli_follow_info->sub_stream_index < 0)
{
follow_exit("Error creating filter for this stream.");
}
}
else
{
address_filter = get_follow_address_func(follower);
follow_info->filter_out_filter = address_filter(&cli_follow_info->addr[0], &cli_follow_info->addr[1], cli_follow_info->port[0], cli_follow_info->port[1]);
if (follow_info->filter_out_filter == NULL)
{
follow_exit("Error creating filter for this address/port pair.\n");
}
}
errp = register_tap_listener(get_follow_tap_string(follower), follow_info, follow_info->filter_out_filter, 0,
NULL, get_follow_tap_handler(follower), follow_draw, (tap_finish_cb)follow_free);
if (errp != NULL)
{
follow_free(follow_info);
g_string_free(errp, TRUE);
follow_exit("Error registering tap listener.");
}
}
static gboolean
follow_register(const void *key _U_, void *value, void *userdata _U_)
{
register_follow_t *follower = (register_follow_t*)value;
stat_tap_ui follow_ui;
gchar *cli_string;
cli_string = follow_get_stat_tap_string(follower);
follow_ui.group = REGISTER_STAT_GROUP_GENERIC;
follow_ui.title = NULL; /* construct this from the protocol info? */
follow_ui.cli_string = cli_string;
follow_ui.tap_init_cb = follow_stream;
follow_ui.nparams = 0;
follow_ui.params = NULL;
register_stat_tap_ui(&follow_ui, follower);
g_free(cli_string);
return FALSE;
}
void
register_tap_listener_follow(void)
{
follow_iterate_followers(follow_register, NULL);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local Variables:
* c-basic-offset: 2
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* ex: set shiftwidth=2 tabstop=8 expandtab:
* :indentSize=2:tabSize=8:noTabs=true:
*/
View Git Blame Copy Permalink