osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

MATE: Update examples 

Fix the distributed examples to use the "new" style configuration,
as shown in the WSUG and Wiki. Fix the FTP example in the WSUG,
as it's missing the Match keyword

Related to #12118.
Fix #16940
This commit is contained in:
John Thacker 2024-01-30 09:41:12 -05:00
parent 81d094d47f
commit 28e9035eec
6 changed files with 136 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docbook/wsug_src/wsug_mate.adoc
View File

@ -1205,7 +1205,7 @@ Pdu ftp_pdu Proto ftp Transport tcp/ip {
Extract server_addr From ftp.passive.ip;
Extract server_port From ftp.passive.port;
LastPdu;
LastPdu true;
};
Pdu ftp_data_pdu Proto ftp-data Transport tcp/ip{
@ -1214,11 +1214,11 @@ Pdu ftp_data_pdu Proto ftp-data Transport tcp/ip{
};
Gop ftp_data On ftp_data_pdu (server_addr, server_port) {
Gop ftp_data On ftp_data_pdu Match (server_addr, server_port) {
Start (server_addr);
};
Gop ftp_ctl On ftp_pdu (ftp_addr, ftp_addr, ftp_port, ftp_port) {
Gop ftp_ctl On ftp_pdu Match (ftp_addr, ftp_addr, ftp_port, ftp_port) {
Start (ftp_resp=220);
Stop (ftp_resp=221);
Extra (server_addr, server_port);

34
plugins/epan/mate/examples/call.mate
View File

@ -1,34 +0,0 @@
# call.mate
Action=Settings; DiscardPduData=TRUE; ShowGopTimes=FALSE; ShowPduTree=FALSE;
Action=PduDef; Name=q931_pdu; Proto=q931; Stop=TRUE; Transport=tcp/ip; addr=ip.addr; call_ref=q931.call_ref; q931_msg=q931.message_type;
Action=PduDef; Name=ras_pdu; Proto=h225.RasMessage; Transport=udp/ip; addr=ip.addr; ras_sn=h225.requestSeqNum; ras_msg=h225.RasMessage;
Action=PduDef; Name=isup_pdu; Proto=isup; Transport=mtp3; m3pc=mtp3.dpc; m3pc=mtp3.opc; cic=isup.cic; isup_msg=isup.message_type;
Action=PduExtra; For=q931_pdu; guid=h225.guid; calling=q931.calling_party_number.digits; q931_cause=q931.cause_value;
Action=PduExtra; For=isup_pdu; calling=isup.calling; isup_cause=isup.cause_indicator;
Action=PduExtra; For=ras_pdu; guid=h225.guid;
Action=GopDef; Name=q931_leg; On=q931_pdu; addr; addr; call_ref;
Action=GopStart; For=q931_leg; q931_msg=5;
Action=GopStop; For=q931_leg; q931_msg=90;
Action=GopExtra; For=q931_leg; calling; q931_cause; guid;
Action=GopDef; Name=isup_leg; On=isup_pdu; ShowPduTree=TRUE; ShowGopTimes=TRUE; m3pc; m3pc; cic;
Action=GopStart; For=isup_leg; isup_msg=1;
Action=GopStop; For=isup_leg; isup_msg=16;
Action=GopExtra; For=isup_leg; calling; isup_cause;
Action=GopDef; Name=ras_leg; On=ras_pdu; addr; addr; ras_sn;
Action=GopStart; For=ras_leg; ras_msg|0|3|6|9|12|15|18|21|26|30;
Action=GopStop; For=ras_leg; ras_msg|1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31;
Action=GopExtra; For=ras_leg; guid;
Action=GogDef; Name=call; GogExpiration=0.75;
Action=GogKey; For=call; On=isup_leg; calling;
Action=GogKey; For=call; On=q931_leg; calling;
Action=GogKey; For=call; On=q931_leg; guid;
Action=GogKey; For=call; On=ras_leg; guid;
Action=GogExtra; For=call; isup_cause;
Action=GogExtra; For=call; q931_cause;

83
plugins/epan/mate/examples/mms.mate
View File

@ -1,40 +1,57 @@
# mms.mate
Transform rm_client_from_http_resp1 {
Match (http_rq);
Match Every (addr) Insert (not_rq);
};
# MMSE over HTTP
Action=PduDef; Name=mmse_over_http_pdu; Proto=http; Transport=tcp/ip; Payload=mmse; addr=ip.addr; port=tcp.port; http_rq=http.request; content=http.content_type;
Action=PduExtra; For=mmse_over_http_pdu; resp=http.response.code; method=http.request.method; host=http.host; content=http.content_type;
Action=PduExtra; For=mmse_over_http_pdu; method=http.request.method; host=http.host;
Action=PduExtra; For=mmse_over_http_pdu; trx=mmse.transaction_id; msg_type=mmse.message_type; notify_status=mmse.status; send_status=mmse.response_status;
Transform rm_client_from_http_resp2 {
Match (not_rq,ue) Replace ();
};
Action=Transform; Name=rm_client_from_http_resp1; Mode=Insert; Match=Strict; http_rq;
Action=Transform; Name=rm_client_from_http_resp1; Mode=Insert; Match=Every; addr; .not_rq;
Pdu mmse_over_http_pdu Proto http Transport tcp/ip {
Payload mmse;
Extract addr From ip.addr;
Extract port From tcp.port;
Extract http_rq From http.request;
Extract content From http.content_type;
Extract resp From http.response.code;
Extract method From http.request.method;
Extract host From http.host;
Extract content From http.content_type;
Extract trx From mmse.transaction_id;
Extract msg_type From mmse.message_type;
Extract notify_status From mmse.status;
Extract send_status From mmse.response_status;
Transform rm_client_from_http_resp1, rm_client_from_http_resp2;
};
Action=Transform; Name=rm_client_from_http_resp2; Mode=Replace; Match=Strict; not_rq; ue;
Gop mmse_over_http On mmse_over_http_pdu Match (addr, addr, port, port) {
Start (http_rq);
Stop (http_rs);
Extra (host, ue, resp, notify_status, send_status, trx);
};
Action=PduTransform; For=mmse_over_http_pdu; Name=rm_client_from_http_resp1;
Action=PduTransform; For=mmse_over_http_pdu; Name=rm_client_from_http_resp2;
Transform mms_start {
Match Loose() Insert (mms_start);
};
Action=GopDef; Name=mmse_over_http; On=mmse_over_http_pdu; addr; addr; port; port;
Action=GopStart; For=mmse_over_http; http_rq;
Action=GopStop; For=mmse_over_http; http_rs;
Pdu mmse_over_wsp_pdu Proto wsp Transport ip {
Payload mmse;
Extract trx From mmse.transaction_id;
Extract msg_type From mmse.message_type;
Extract notify_status From mmse.status;
Extract send_status From mmse.response_status;
Transform mms_start;
};
Action=GopExtra; For=mmse_over_http; host; ue; resp; notify_status; send_status; trx;
Gop mmse_over_wsp On mmse_over_wsp_pdu Match (trx) {
Start (mms_start);
Stop (never);
Extra (ue, notify_status, send_status);
};
# MMSE over WSP
Action=PduDef; Name=mmse_over_wsp_pdu; Proto=wsp; Payload=mmse; Transport=ip; trx=mmse.transaction_id; msg_type=mmse.message_type; notify_status=mmse.status; send_status=mmse.response_status;
Action=Transform; Name=mms_start; Match=Loose; .mms_start;
Action=PduTransform; Name=mms_start; For=mmse_over_wsp_pdu;
Action=GopDef; Name=mmse_over_wsp; On=mmse_over_wsp_pdu; trx;
Action=GopStart; For=mmse_over_wsp; mms_start;
Action=GopStop; For=mmse_over_wsp; never;
Action=GopExtra; For=mmse_over_wsp; ue; notify_status; send_status;
# the MMS GoG
Action=GogDef; Name=mms; GogExpiration=60.0;
Action=GogKey; For=mms; On=mmse_over_http; trx;
Action=GogKey; For=mms; On=mmse_over_wsp; trx;
Action=GogExtra; For=mms; ue; notify_status; send_status; resp; host; trx;
Gog mms {
Member mmse_over_http (trx);
Member mmse_over_wsp (trx);
Extra (ue, notify_status, send_status, resp, host, trx);
Expiration 60.0;
};

39
plugins/epan/mate/examples/pasv_ftp.mate
View File

@ -1,18 +1,33 @@
# pasv_ftp.mate
Pdu ftp_pdu Proto ftp Transport tcp/ip {
Extract ftp_addr From ip.addr;
Extract ftp_port From tcp.port;
Extract ftp_resp From ftp.response.code;
Extract ftp_req From ftp.request.command;
Extract server_addr From ftp.passive.ip;
Extract server_port From ftp.passive.port;
Action=PduDef; Name=ftp_pdu; Proto=ftp; Transport=tcp/ip; Stop=TRUE; ftp_addr=ip.addr; ftp_port=tcp.port; ftp_resp=ftp.response.code; ftp_req=ftp.request.command; server_addr=ftp.passive.ip; server_port=ftp.passive.port;
LastPdu true;
};
Action=PduDef; Name=ftp_data_pdu; Proto=ftp-data; Transport=tcp/ip; server_addr=ip.src; server_port=tcp.srcport;
Pdu ftp_data_pdu Proto ftp-data Transport tcp/ip{
Extract server_addr From ip.src;
Extract server_port From tcp.srcport;
Action=GopDef; Name=ftp_data; On=ftp_data_pdu; server_addr; server_port;
Action=GopStart; For=ftp_data; server_addr;
};
Action=GopDef; Name=ftp_ctl; On=ftp_pdu; ftp_addr; ftp_addr; ftp_port; ftp_port;
Action=GopStart; For=ftp_ctl; ftp_resp=220;
Action=GopStop; For=ftp_ctl; ftp_resp=221;
Action=GopExtra; For=ftp_ctl; server_addr; server_port;
Gop ftp_data On ftp_data_pdu Match (server_addr, server_port) {
Start (server_addr);
};
Action=GogDef; Name=ftp_ses;
Action=GogKey; For=ftp_ses; On=ftp_ctl; ftp_addr; ftp_addr; ftp_port; ftp_port;
Action=GogKey; For=ftp_ses; On=ftp_data; server_addr; server_port;
Gop ftp_ctl On ftp_pdu Match (ftp_addr, ftp_addr, ftp_port, ftp_port) {
Start (ftp_resp=220);
Stop (ftp_resp=221);
Extra (server_addr, server_port);
};
Gog ftp_ses {
Member ftp_ctl (ftp_addr, ftp_addr, ftp_port, ftp_port);
Member ftp_data (server_addr, server_port);
};
Done;

17
plugins/epan/mate/examples/tcp.mate
View File

@ -1,7 +1,14 @@
# tcp.mate
Pdu tcp_pdu Proto tcp Transport ip {
Extract addr From ip.addr;
Extract port From tcp.port;
Extract tcp_start From tcp.flags.syn;
Extract tcp_stop From tcp.flags.reset;
Extract tcp_stop From tcp.flags.fin;
};
Action=PduDef; Name=tcp_pdu; Proto=tcp; Transport=ip; addr=ip.addr; port=tcp.port; tcp_start=tcp.flags.syn; tcp_stop=tcp.flags.fin; tcp_stop=tcp.flags.reset;
Action=GopDef; Name=tcp_session; On=tcp_pdu; addr; addr; port; port;
Action=GopStart; For=tcp_session; tcp_start=1;
Action=GopStop; For=tcp_session; tcp_stop=1;
Gop tcp_ses On tcp_pdu Match (addr, addr, port, port) {
Start (tcp_start=1);
Stop (tcp_stop=1);
};
Done;

63
plugins/epan/mate/examples/web.mate
View File

@ -1,27 +1,52 @@
# web.mate
Transform rm_client_from_dns_resp {
Match (dns_resp=1, client) Replace (dns_resp=1);
};
Action=PduDef; Name=dns_pdu; Proto=dns; Transport=ip; addr=ip.addr; dns_resp=dns.flags.response; host=dns.qry.name; client_addr=ip.src; dns_id=dns.id;
Action=PduDef; Name=http_pdu; Proto=http; Transport=tcp/ip; addr=ip.addr; port=tcp.port; http_rq=http.request.method; http_rs=http.response; host=http.host; client_addr=ip.src;
Pdu dns_pdu Proto dns Transport ip {
Extract addr From ip.addr;
Extract dns_id From dns.id;
Extract dns_resp From dns.flags.response;
Extract host From dns.qry.name;
Extract client From ip.src;
Transform rm_client_from_dns_resp;
};
Action=GopDef; Name=dns_req; On=dns_pdu; addr; addr; dns_id;
Action=GopStart; For=dns_req; dns_resp=0;
Action=GopStop; For=dns_req; dns_resp=1;
Gop dns_req On dns_pdu Match (addr,addr,dns_id) {
Start (dns_resp=0);
Stop (dns_resp=1);
Extra (host, client);
};
Action=GopDef; Name=http_req; On=http_pdu; addr; addr; port; port;
Action=GopStart; For=http_req; http_rq;
Action=GopStop; For=http_req; http_rs;
Transform rm_client_from_http_resp1 {
Match (http_rq);
Match Every (addr) Insert (not_rq);
};
Action=Transform; Name=rm_client_from_dns_resp; Mode=Replace; Match=Every; dns_resp=1; client_addr; .dns_resp=1;
Action=PduTransform; For=dns_pdu; Name=rm_client_from_dns_resp;
Transform rm_client_from_http_resp2 {
Match (not_rq, client) Replace ();
};
Action=Transform; Name=rm_client_from_http_resp; Mode=Replace; Match=Every; http_rs; client_addr; .http_rs=;
Action=PduTransform; For=http_pdu; Name=rm_client_from_http_resp;
Pdu http_pdu Proto http Transport tcp/ip {
Extract addr From ip.addr;
Extract port From tcp.port;
Extract http_rq From http.request.method;
Extract http_rs From http.response;
Extract host From http.host;
Extract client From ip.src;
Transform rm_client_from_http_resp1, rm_client_from_http_resp2;
DiscardPduData true;
};
Action=GopExtra; For=http_req; host; client_addr;
Action=GopExtra; For=dns_req; host; client_addr;
Gop http_req On http_pdu Match (addr, addr, port, port) {
Start (http_rq);
Stop (http_rs);
Extra (host, client);
};
Action=GogDef; Name=http_use; GogExpiration=0.75;
Action=GogKey; For=http_use; On=http_req; host; client_addr;
Action=GogKey; For=http_use; On=dns_req; host;client_addr;
Gog http_use {
Member http_req (host, client);
Member dns_req (host, client);
Expiration 0.75;
};
Action=GogExtra; For=http_use; host; client_addr;
Done;