osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Fixes for Mate Plugin: 

As suggested by Martin Regner:
- Use strtod() instead of strtof()

From Luis Ontanon:
- changes the id of mate items to be integer (the old string ID
imposed a lenght limit and as mate fileds had become dynamic it makes
no more sense anymore)

- fixes a huge avp leak on reinit (every avp object was leaked when a
new file was loaded)

- adds the "Lib" AVP to the Action=Include AVPL to include definitions
>from matelib

- rename mate.[dll/so] to zzmate.[dll/so] so it gets initialized as
the very last protocol (so that fields from every dissector can be
used).

svn path=/trunk/; revision=12728
This commit is contained in:
Lars Roland 2004-12-12 16:58:59 +00:00
parent e0245dbffd
commit 62506c09d6
16 changed files with 140 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/mate/Makefile.am
View File

@ -26,10 +26,10 @@ INCLUDES = -I$(top_srcdir)
plugindir = @plugindir@
plugin_LTLIBRARIES = mate.la
mate_la_SOURCES = moduleinfo.h mate.h mate_util.h packet-mate.c mate_runtime.c mate_setup.c mate_util.c mate_plugin.c
mate_la_LDFLAGS = -module -avoid-version
mate_la_LIBADD = @PLUGIN_LIBS@
plugin_LTLIBRARIES = zzmate.la
zzmate_la_SOURCES = moduleinfo.h mate.h mate_util.h packet-mate.c mate_runtime.c mate_setup.c mate_util.c mate_plugin.c
zzmate_la_LDFLAGS = -module -avoid-version
zzmate_la_LIBADD = @PLUGIN_LIBS@
# Libs must be cleared, or else libtool won't create a shared module.
# If your module needs to be linked against any particular libraries,

6
plugins/mate/Makefile.nmake
View File

@ -20,11 +20,11 @@ LINK_PLUGIN_WITH=..\plugin_api.obj
OBJECTS=packet-mate.obj mate_setup.obj mate_runtime.obj mate_util.obj mate_plugin.obj
mate.dll mate.exp mate.lib : $(OBJECTS) $(LINK_PLUGIN_WITH)
link -dll /out:mate.dll $(LDFLAGS) $(OBJECTS) $(LINK_PLUGIN_WITH) \
zzmate.dll zzmate.exp zzmate.lib : $(OBJECTS) $(LINK_PLUGIN_WITH)
link -dll /out:zzmate.dll $(LDFLAGS) $(OBJECTS) $(LINK_PLUGIN_WITH) \
$(GLIB_LIBS)
clean:
rm -f $(OBJECTS) mate.dll mate.exp mate.lib *.pdb
rm -f $(OBJECTS) zzmate.dll zzmate.exp zzmate.lib *.pdb
distclean: clean

5
plugins/mate/mate.h
View File

@ -44,6 +44,7 @@
#include <epan/proto.h>
#include <epan/epan_dissect.h>
#include <epan/tap.h>
#include <epan/filesystem.h>
#include "mate_util.h"
#include "plugins/plugin_api_defs.h"
@ -107,6 +108,7 @@
#define KEYWORD_STOP "Stop"
#define KEYWORD_DROPGOP "DiscardUnassignedGop"
#define KEYWORD_DROPPDU "DiscardUnassignedPdu"
#define KEYWORD_LIB "Lib"
#define KEYWORD_DEBUGFILENAME "Debug_File"
#define KEYWORD_DBG_GENERAL "Debug_General"
@ -148,6 +150,7 @@ typedef struct _mate_cfg_item {
guint last_id; /* keeps the last id given to an item of this kind */
int hfid;
GHashTable* my_hfids; /* for creating register info */
GHashTable* items; /* all the items of this type */
/* pdu */
gboolean discard_pdu_attributes;
@ -235,7 +238,7 @@ typedef struct _mate_runtime_data {
/* these are used to contain information regarding pdus, gops and gogs */
struct _mate_item {
/* all three of them */
guint8 id[MATE_ITEM_ID_SIZE]; /* 1:1 -> saving a g_malloc */
guint32 id; /* 1:1 -> saving a g_malloc */
mate_cfg_item* cfg; /* the type of this item */
AVPL* avpl; /* the attributes of the pdu/gop/gog */

44
plugins/mate/mate_runtime.c
View File

@ -72,14 +72,19 @@ static gboolean destroy_mate_items(gpointer k _U_, gpointer v, gpointer p _U_) {
return TRUE;
}
static gboolean destroy_items_in_cfg(gpointer k _U_, gpointer v, gpointer p _U_) {
g_hash_table_foreach_remove(((mate_cfg_item*)v)->items,destroy_mate_items,NULL);
}
static void delete_mate_runtime_data(mate_runtime_data* rdat) {
g_hash_table_destroy(rdat->gops);
g_hash_table_destroy(rdat->frames);
g_hash_table_destroy(rdat->gogs);
g_hash_table_foreach_remove(mc->pducfgs,destroy_items_in_cfg,NULL);
g_hash_table_foreach_remove(mc->gopcfgs,destroy_items_in_cfg,NULL);
g_hash_table_foreach_remove(mc->gogcfgs,destroy_items_in_cfg,NULL);
g_hash_table_foreach_remove(rdat->items,destroy_mate_items,FALSE);
g_hash_table_destroy(rdat->items);
g_mem_chunk_destroy (rdat->mate_items);
g_free(rdat);
@ -99,7 +104,6 @@ extern void init_mate_runtime_data(void) {
rd->current_items = 0;
rd->now = -1.0;
rd->frames = g_hash_table_new(g_direct_hash,g_direct_equal);
rd->items = g_hash_table_new(g_str_hash,g_str_equal);
rd->gops = g_hash_table_new(g_str_hash,g_str_equal);
rd->gogs = g_hash_table_new(g_str_hash,g_str_equal);
rd->mate_items = g_mem_chunk_new("mate_items",sizeof(mate_item),1024,G_ALLOC_AND_FREE);
@ -112,8 +116,7 @@ static mate_item* new_mate_item(mate_cfg_item* cfg) {
it->cfg = cfg;
cfg->last_id++;
g_snprintf(it->id,MATE_ITEM_ID_SIZE,"%s:%i",cfg->name,cfg->last_id);
it->id = cfg->last_id;
it->avpl = NULL ;
it->start = 0 ;
it->end = 0 ;
@ -124,6 +127,8 @@ static mate_item* new_mate_item(mate_cfg_item* cfg) {
rd->current_items++;
g_hash_table_insert(cfg->items,GUINT_TO_POINTER(it->id),it);
return it;
}
@ -131,7 +136,7 @@ static mate_item* new_mate_item(mate_cfg_item* cfg) {
static mate_gop* new_gop(mate_cfg_gop* cfg, mate_pdu* pdu, guint8* key) {
mate_gop* gop = new_mate_item(cfg);
dbg_print (dbg_gop,1,dbg_facility,"new_gop: %s: ``%s''",gop->id,key);
dbg_print (dbg_gop,1,dbg_facility,"new_gop: %s: ``%s:%d''",gop->cfg->name,gop->id,key);
gop->avpl = new_avpl("attributes");
@ -177,10 +182,10 @@ static void adopt_gop(mate_gog* gog, mate_gop* gop) {
static mate_gog* new_gog(mate_cfg_gog* cfg, mate_gop* gop) {
mate_gog* gog = new_mate_item(cfg);
dbg_print (dbg_gog,1,dbg_facility,"new_gog: %s for %s",gog->id,gop->id);
dbg_print (dbg_gog,1,dbg_facility,"new_gog: %s:d for %s:%d",gog->cfg->name,gog->id,gog->cfg->name,gop->id);
gog->cfg = cfg;
gog->avpl = new_avpl("");
gog->avpl = new_avpl(cfg->name);
gog->gops = NULL;
gog->last_n = 0;
gog->gog_keys = g_ptr_array_new();
@ -213,7 +218,7 @@ static void apply_extras(AVPL* from, AVPL* to, mate_cfg_item* cfg) {
dbg_print (dbg,3,dbg_facility,"apply_extras: entering: from='%s' to='%s' for='%s'\n",from->name,to->name,cfg->name);
our_extras = new_avpl_loose_match("",from, cfg->extra, FALSE) ;
if (our_extras) {
merge_avpl(to,our_extras,TRUE);
delete_avpl(our_extras,FALSE);
@ -238,10 +243,10 @@ static void reanalyze_gop(mate_gop* gop) {
AVPL* gogkey_match = NULL;
mate_gog* gog = gop->gog;
guint8* key;
if ( ! gog ) return;
dbg_print (dbg_gog,1,dbg_facility,"reanalize_gop: gop=%s gog=%s\n",gop->id,gog->id);
dbg_print (dbg_gog,1,dbg_facility,"reanalize_gop: gop=%s gog=%s\n",gog->cfg->name,gog->id,gog->cfg->name,gop->id);
apply_extras(gop->avpl,gog->avpl,gog->cfg);
@ -257,7 +262,7 @@ static void reanalyze_gop(mate_gop* gop) {
if ( g_hash_table_lookup(rd->gogs,key) ) {
g_free(key);
} else {
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: new key for gog=%s : %s\n",gog->id,key);
dbg_print (dbg_gog,1,dbg_facility,"analize_gop: new key for gog=%s:%d : %s\n",gog->cfg->name,gog->id,key);
g_hash_table_insert(rd->gogs,key,gog);
g_ptr_array_add(gog->gog_keys,key);
}
@ -365,7 +370,6 @@ static void analize_pdu(mate_pdu* pdu) {
AVPL* candidate_gop_key_match = NULL;
AVPL* candidate_start = NULL;
AVPL* candidate_stop = NULL;
AVPL* our_extras = NULL;
AVPL* is_start = NULL;
AVPL* is_stop = NULL;
AVPL* gopkey_match = NULL;
@ -499,9 +503,9 @@ static void analize_pdu(mate_pdu* pdu) {
dbg_print (dbg_gop,4,dbg_facility,"analize_pdu: is not a stop\n");
}
}
if (gop->last_n != gop->avpl->len) apply_transforms(gop);
gop->last_n = gop->avpl->len;
if (gop->gog) {
@ -580,10 +584,10 @@ static mate_pdu* new_pdu(mate_cfg_pdu* cfg, guint32 framenum, field_info* proto,
field_info* range_fi;
gint32 last_start;
int hfid;
dbg_print (dbg_pdu,2,dbg_facility,"new_pdu: type=%s framenum=%i\n",cfg->name,framenum);
pdu->avpl = new_avpl(pdu->id);
pdu->avpl = new_avpl(cfg->name);
pdu->cfg = cfg;
pdu->gop = NULL;
pdu->next_in_frame = NULL;
@ -723,7 +727,7 @@ extern mate_pdu* mate_get_pdus(guint32 framenum) {
}
/* this will be called when the mate's dissector is initialized */
extern void initialize_mate(guint8* configuration_filename) {
extern void initialize_mate_runtime(void) {
dbg_print (dbg,5,dbg_facility,"initialize_mate: entering");
if (( mc = mate_cfg() )) {

50
plugins/mate/mate_setup.c
View File

@ -129,7 +129,8 @@ static mate_cfg_item* new_mate_cfg_item(guint8* name) {
new->hfid = -1;
new->hfid_pdu_rel_time = -1;
new->my_hfids = g_hash_table_new(g_str_hash,g_str_equal);
new->items = g_hash_table_new(g_direct_hash,g_direct_equal);
new->hfid_gop_pdu = -1;
new->hfid_gop_start_time = -1;
new->hfid_gop_stop_time = -1;
@ -457,19 +458,31 @@ static gboolean config_pduextra(AVPL* avpl) {
static gboolean config_include(AVPL* avpl) {
guint8* filename = extract_named_str(avpl,KEYWORD_FILENAME,NULL);
/* TODO: use library path */
if( ! filename ) {
mate_config_error(NULL,NULL,"mate: Include file error: no filename");
guint8* lib = extract_named_str(avpl,KEYWORD_LIB,NULL);
if ( ! filename && ! lib ) {
mate_config_error(NULL,NULL,"mate: Include file error: no Filename or Lib given");
return FALSE;
}
if ( filename && lib ) {
mate_config_error(NULL,NULL,"mate: Include file error: use either Filename or Lib, not both.");
return FALSE;
}
if (lib) {
filename = g_strdup_printf("%s%s.mate",matecfg->mate_lib_path,lib);
}
/* FIXME: stop recursion */
if ( ! mate_load_config(filename) ) {
mate_config_error(NULL,NULL,"mate: Error Loading '%s'",filename);
if (lib) g_free(filename);
return FALSE;
}
if (lib) g_free(filename);
return TRUE;
}
@ -1053,7 +1066,7 @@ static void new_attr_hfri(mate_cfg_item* cfg, guint8* name) {
}
static void analyze_pdu_hfids(gpointer k, gpointer v, gpointer p) {
static void analyze_pdu_hfids(gpointer k _U_, gpointer v, gpointer p) {
new_attr_hfri((mate_cfg_pdu*) p,(guint8*) v);
}
@ -1080,8 +1093,10 @@ static void analyze_pdu_config(mate_cfg_pdu* cfg) {
hfri.p_id = &(cfg->hfid);
hfri.hfinfo.name = g_strdup_printf("%s",cfg->name);
hfri.hfinfo.abbrev = g_strdup_printf("mate.%s",cfg->name);
hfri.hfinfo.blurb = g_strdup_printf("PDU of type %s",cfg->name);
hfri.hfinfo.abbrev = g_strdup_printf("mate.%s.Id",cfg->name);
hfri.hfinfo.blurb = g_strdup_printf("%s id",cfg->name);
hfri.hfinfo.type = FT_UINT32;
hfri.hfinfo.display = BASE_DEC;
g_array_append_val(matecfg->hfrs,hfri);
@ -1107,8 +1122,10 @@ static void analyze_gop_config(gpointer k _U_, gpointer v, gpointer p _U_) {
hfri.p_id = &(cfg->hfid);
hfri.hfinfo.name = g_strdup_printf("%s",cfg->name);
hfri.hfinfo.abbrev = g_strdup_printf("mate.%s",cfg->name);
hfri.hfinfo.blurb = g_strdup_printf("GOP of type %s",cfg->name);
hfri.hfinfo.abbrev = g_strdup_printf("mate.%s.Id",cfg->name);
hfri.hfinfo.blurb = g_strdup_printf("%s id",cfg->name);
hfri.hfinfo.type = FT_UINT32;
hfri.hfinfo.display = BASE_DEC;
g_array_append_val(matecfg->hfrs,hfri);
@ -1192,8 +1209,10 @@ static void analyze_gog_config(gpointer k _U_, gpointer v, gpointer p _U_) {
hfri.p_id = &(cfg->hfid);
hfri.hfinfo.name = g_strdup_printf("%s",cfg->name);
hfri.hfinfo.abbrev = g_strdup_printf("mate.%s",cfg->name);
hfri.hfinfo.blurb = g_strdup_printf("GOG of type %s",cfg->name);
hfri.hfinfo.abbrev = g_strdup_printf("mate.%s.Id",cfg->name);
hfri.hfinfo.blurb = g_strdup_printf("%s Id",cfg->name);
hfri.hfinfo.type = FT_UINT32;
hfri.hfinfo.display = BASE_DEC;
g_array_append_val(matecfg->hfrs,hfri);
@ -1298,6 +1317,7 @@ static void init_actions() {
insert_avp(all_keywords,new_avp(KEYWORD_STOP,"",'='));
insert_avp(all_keywords,new_avp(KEYWORD_DROPPDU,"",'='));
insert_avp(all_keywords,new_avp(KEYWORD_DROPGOP,"",'='));
insert_avp(all_keywords,new_avp(KEYWORD_LIB,"",'='));
insert_avp(all_keywords,new_avp(KEYWORD_DBG_GENERAL,"",'='));
insert_avp(all_keywords,new_avp(KEYWORD_DBG_CFG,"",'='));
@ -1368,7 +1388,7 @@ extern mate_config* mate_make_config(guint8* filename) {
matecfg->last_to_be_created = FALSE;
matecfg->match_mode = AVPL_STRICT;
matecfg->replace_mode = AVPL_INSERT;
matecfg->mate_lib_path = g_strdup_printf("%s%c%s",get_datafile_dir(),DIR_SEP,DEFAULT_MATE_LIB_PATH);
matecfg->mate_lib_path = g_strdup_printf("%s%c%s%c",get_datafile_dir(),DIR_SEP,DEFAULT_MATE_LIB_PATH,DIR_SEP);
matecfg->mate_config_file = g_strdup(filename);
matecfg->mate_attrs_filter = g_string_new("");
matecfg->mate_protos_filter = g_string_new("");
@ -1405,7 +1425,7 @@ extern mate_config* mate_make_config(guint8* filename) {
g_string_erase(matecfg->mate_protos_filter,0,2);
} else {
mate_config_error(NULL,NULL,"mate: Failed: nothing left to tap on");
if (matecfg) destroy_mate_config(matecfg,FALSE);
destroy_mate_config(matecfg,FALSE);
matecfg = NULL;
return NULL;
}

4
plugins/mate/mate_util.c
View File

@ -1041,8 +1041,8 @@ extern AVP* match_avp(AVP* src, AVP* op) {
lower = TRUE;
case AVP_OP_HIGHER:
fs = strtof(src->v, NULL);
fo = strtof(src->v, NULL);
fs = (float) strtod(src->v, NULL);
fo = (float) strtod(src->v, NULL);
if (lower) {
if (fs<fo) return src;

24
plugins/mate/matelib/dns.mate
View File

@ -1,19 +1,7 @@
# dns.thing
Action=Settings; SessionExpiration=300;
Action=PDU; Proto=ftp; Transport=ip; addr=ip.addr; port=ftp.passive.port;
Action=LegKey; On=ftp; addr!65.;
Action=LegStart; On=ftp; addr!;
Action=PDU; Proto=tcp; Transport=ip; addr=ip.addr; port=tcp.port; tcp_start=tcp.flags.syn; tcp_stop=tcp.flags.reset; tcp_stop=tcp.flags.fin;
Action=LegKey; On=tcp; addr!21; addr; port; port;
Action=LegStart; On=tcp; tcp_start=1;
Action=LegStop; On=tcp; tcp_stop=1;
Action=PDU; Proto=dns; Transport=ip; addr=ip.addr; dns_id=dns.id; dns_rsp=dns.flags.response; dns_name=dns.name;
Action=LegKey; On=dns; addr; addr; dns_id;
Action=LegStart; On=dns; dns_rsp=0;
Action=LegStop; On=dns; dns_rsp=1;
Action=LegExtra; On=dns; dns_name;
# dns.mate
# $Id$
Action=PduDef; Name=dns_pdu; Proto=dns; Transport=udp/ip; addr=ip.addr; port=udp.port; dns_id=dns.id; dns_rsp=dns.flags.response;
Action=GopDef; Name=dns_req; On=dns_pdu; addr; addr; port!53; dns_id;
Action=GopStart; For=dns_req; dns_rsp=0;
Action=GopStop; For=dns_req; dns_rsp=1;

15
plugins/mate/matelib/h225_ras.mate
View File

@ -1,7 +1,10 @@
# h225_ras.thing
# (c) 2004 Luis E. Garcia Ontanon
# h225_ras.mate
# $Id$
Action=PDU; Proto=h225.RasMessage; Transport=ip; ras_msg=h225.RasMessage; addr=ip.addr; guid=h225.guid; seqnum=h225.RequestSeqNum;
Action=LegKey; On=h225.RasMessage; addr; addr; seqnum;
Action=LegStart; On=h225.RasMessage; ras_msg|0|3|6|9|12|15|18|21|26|30;
Action=LegStop; On=h225.RasMessage; ras_msg|1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31;
Action=PduDef; Name=ras_pdu; Proto=h225.RasMessage; Transport=udp/ip; addr=ip.addr; ras_sn=h225.RequestSeqNum; ras_msg=h225.RasMessage;
Action=GopDef; Name=ras_leg; On=ras_pdu; addr; addr; ras_sn;
Action=GopStart; For=ras_leg; ras_msg|0|3|6|9|12|15|18|21|26|30;
Action=GopStop; For=ras_leg; ras_msg|1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31;
Action=PduExtra; For=ras_pdu; guid=h225.guid;
Action=GopExtra; For=ras_leg; guid;

11
plugins/mate/matelib/isup.mate
View File

@ -1,6 +1,7 @@
# isup.thing
# isup.mate
# $Id$
Action=PDU; Proto=isup; Transport=mtp3; mtp3pc=mtp3.dpc; mtp3pc=mtp3.opc; cic=isup.cic; isup_msg=isup.message_type; called=isup.called; calling=isup.calling; isup_cause=isup.cause_indicator;
Action=LegKey; On=isup; cic; mtp3pc; mtp3pc;
Action=LegStart; On=isup; isup_msg=1;
Action=LegStop; On=isup; isup_msg=16;
Action=PduDef; Name=isup_pdu; Proto=isup; Transport=mtp3; mtp3pc=mtp3.dpc; mtp3pc=mtp3.opc; cic=isup.cic; isup_msg=isup.message_type;
Action=GopDef; Name=isup_leg; On=isup_pdu; ShowPduTree=TRUE; mtp3pc; mtp3pc; cic;
Action=GopStart; For=isup_leg; isup_msg=1;
Action=GopStop; For=isup_leg; isup_msg=16;

13
plugins/mate/matelib/megaco.mate
View File

@ -1,6 +1,9 @@
# megaco.thing
# megaco.mate
# $Id$
Action=PDU; Proto=megaco; Transport=ip; addr=ip.addr; megaco_ctx=megaco.context; megaco_trx=megaco.transid; megaco_msg=megaco.transaction; term=megaco.termid;
Action=LegKey; On=megaco; addr; addr; megaco_trx;
Action=LegStart; On=megaco; megaco_msg|Request|Notify;
Action=LegStop; On=megaco; megaco_msg=Reply;
Action=PduDef; Name=mgc_pdu; Proto=megaco; Transport=ip; addr=ip.addr; megaco_ctx=megaco.context; megaco_trx=megaco.transid; megaco_msg=megaco.transaction; term=megaco.termid;
Action=GopDef; Name=mgc_tr; On=mgc_pdu; addr; addr; megaco_trx;
Action=GopStart; For=mgc_tr; megaco_msg|Request|Notify;
Action=GopStop; For=mgc_tr; megaco_msg=Reply;
Action=GopExtra; For=mgc_tr; term^DS1; megaco_ctx!Choose one;

9
plugins/mate/matelib/q931.mate
View File

@ -1,6 +1,7 @@
# q931.thing
# $Id$
Action=PDU; Proto=q931; Transport=ip; addr=ip.addr; call_ref=q931.call_ref; q931_msg=q931.message_type; guid=h225.guid; called=q931.called_party_number.digits; calling=q931.calling_party_number.digits; q931_cause=q931.cause_value; h225_cause=h225.ReleaseCompleteReason;
Action=LegKey; On=q931; call_ref; addr; addr;
Action=LegStart; On=q931; q931_msg=5;
Action=LegStop; On=q931; q931_msg=90;
Action=PduDef; Name=q931_pdu; Proto=q931; Stop=TRUE; Transport=tcp/ip; addr=ip.addr; call_ref=q931.call_ref; q931_msg=q931.message_type;
Action=GopDef; Name=q931_leg; On=q931_pdu; addr; addr; call_ref;
Action=GopStart; For=q931_leg; q931_msg=5;
Action=GopStop; For=q931_leg; q931_msg=90;

12
plugins/mate/matelib/radius.mate
View File

@ -1,7 +1,7 @@
# radius.thing
# radius.mate
# $Id$
Action=pdu; Proto=radius; Transport=ip; addr=ip.addr; radius_id=radius.id; radius_code=radius.code; calling=radius.calling;
Action=pdukey; On=radius; radius_id; addr; addr;
Action=start; On=radius; radius_code=4;
Action=stop; On=radius; radius_code=5;
Action=PduDef; Name=radius_pdu; Proto=radius; Transport=udp/ip; addr=ip.addr; port=udp.port; radius_id=radius.id; radius_code=radius.code;
Action=GopDef; Name=radius_req; On=radius_pdu; radius_id; addr; addr; port; port;
Action=GopStart; For=radius_req; radius_code|1|4|7;
Action=GopStop; For=radius_req; radius_code|2|3|5|8|9;

14
plugins/mate/matelib/rtsp.mate
View File

@ -1,5 +1,11 @@
# rtsp.mate
# $Id$
Action=PduDef; Name=rtsp_pdu; Proto=rtsp; Transport=tcp/ip; addr=ip.addr; port=tcp.port; rtsp_method=rtsp.method;
Action=PduExtra; For=rtsp_pdu; rtsp_ses=rtsp.session; rtsp_url=rtsp.url;
Action=GopDef; Name=rtsp_ses; On=rtsp_pdu; addr; addr; port; port;
Action=GopStart; For=rtsp_ses; rtsp_method=DESCRIBE;
Action=GopStop; For=rtsp_ses; rtsp_method=TEARDOWN;
Action=GopExtra; For=rtsp_ses; rtsp_ses; rtsp_url;
Action=PDU; Proto=rtsp; Transport=ip; isup_msg=isup.message_type; calling=X_Vig_Msisdn; rtsp_method=rtsp.method; rtsp_ses=rtsp.session; addr=ip.addr; rtsp_url=rtsp.url;
Action=LegKey; On=rtsp; rtsp_ses;
Action=LegStart; On=rtsp; rtsp_method=SETUP;
Action=LegStop; On=rtsp; rtsp_method=TEARDOWN;

11
plugins/mate/matelib/sip.mate
View File

@ -1,6 +1,7 @@
# sip.thing
# sip.mate
# $Id$
Action=PDU; Proto=sip; Transport=ip; addr=ip.addr; sip_method=sip.Method; sip_callid=sip.Call-ID; calling=sdp.owner.username;
Action=LegKey; On=sip; sip_callid; addr; addr;
Action=LegStart; On=sip; sip_method=INVITE;
Action=LegStop; On=sip; sip_method=BYE;
Action=PduDef; Proto=sip_pdu; Transport=tcp/ip; addr=ip.addr; port=tcp.port; sip_method=sip.Method; sip_callid=sip.Call-ID; calling=sdp.owner.username;
Action=GopDef; Name=sip_leg; On=sip_pdu; addr; addr; port; port;
Action=GopStart; For=sip; sip_method=INVITE;
Action=GopStop; For=sip; sip_method=BYE;

19
plugins/mate/packet-mate.c
View File

@ -107,7 +107,7 @@ void mate_gog_tree(proto_tree* tree, tvbuff_t *tvb, mate_gog* gog, mate_gop* gop
guint i;
#endif
gog_item = proto_tree_add_string(tree,gog->cfg->hfid,tvb,0,0,gog->id);
gog_item = proto_tree_add_uint(tree,gog->cfg->hfid,tvb,0,0,gog->id);
gog_tree = proto_item_add_subtree(gog_item,ett_mate_gog);
attrs_tree(gog_tree,tvb,gog);
@ -122,7 +122,7 @@ void mate_gog_tree(proto_tree* tree, tvbuff_t *tvb, mate_gog* gog, mate_gop* gop
if (gop != gog_gops) {
mate_gop_tree(gog_gop_tree, tvb, gog_gops, ett_mate_gop_in_gog);
} else {
proto_tree_add_string_format(gog_gop_tree,gop->cfg->hfid,tvb,0,0,gop->id,"GOP of current frame: %s",gop->id);
proto_tree_add_uint_format(gog_gop_tree,gop->cfg->hfid,tvb,0,0,gop->id,"%s of current frame: %d",gop->cfg->name,gop->id);
}
}
@ -139,7 +139,7 @@ void mate_gop_tree(proto_tree* tree, tvbuff_t *tvb, mate_gop* gop, gint gop_ett)
float rel_time;
float gop_time;
gop_item = proto_tree_add_string(tree,gop->cfg->hfid,tvb,0,0,gop->id);
gop_item = proto_tree_add_uint(tree,gop->cfg->hfid,tvb,0,0,gop->id);
gop_tree = proto_item_add_subtree(gop_item, gop_ett);
if (gop->gop_key) proto_tree_add_text(gop_tree,tvb,0,0,"GOP Key: %s",gop->gop_key);
@ -213,15 +213,20 @@ void mate_pdu_tree(mate_pdu *pdu, tvbuff_t *tvb, proto_tree* tree) {
if ( ! pdu ) return;
if (pdu->gop && pdu->gop->gog) {
proto_item_append_text(mate_i," %s->%s->%s",pdu->id,pdu->gop->id,pdu->gop->gog->id);
proto_item_append_text(mate_i," %s:%d->%s:%d->%s:%d",
pdu->cfg->name,pdu->id,
pdu->gop->cfg->name,pdu->gop->id,
pdu->gop->gog->cfg->name,pdu->gop->gog->id);
} else if (pdu->gop) {
proto_item_append_text(mate_i," %s->%s",pdu->id,pdu->gop->id);
proto_item_append_text(mate_i," %s:%d->%s:%d",
pdu->cfg->name,pdu->id,
pdu->gop->cfg->name,pdu->gop->id);
} else {
proto_item_append_text(mate_i," %s",pdu->id);
proto_item_append_text(mate_i," %s:%d",pdu->cfg->name,pdu->id);
}
len = pdu->end - pdu->start;
pdu_item = proto_tree_add_string(tree,pdu->cfg->hfid,tvb,pdu->start,len,pdu->id);
pdu_item = proto_tree_add_uint(tree,pdu->cfg->hfid,tvb,pdu->start,len,pdu->id);
pdu_tree = proto_item_add_subtree(pdu_item, ett_mate_pdu);
proto_tree_add_float(pdu_tree,pdu->cfg->hfid_pdu_rel_time, tvb, 0, 0, pdu->rel_time);

39
plugins/mate/presentation.txt
View File

@ -4,42 +4,6 @@ Hi,
look almost as "production" code, please tell me if it doesn't. I do not plan
to rewrite it again. I'm realy happy with what it has become.
This has surpassed my initial goal by far. It had just to to be a filter for
packets of calls, using few protocols, based on the calling number.
My original idea was just to rewrite inside ethereal a perl script I had
written to split calls. I needed to decode h225 and could not get Decode::ASN1
to compile the h225 syntax, I thought that migrating it into ethereal would
had been easy. I was *VERY* wrong.
At the begining it was ECTAF it extracted data from ISUP and Q931. I hard
coded the extraction code directly in the dissectors and did an ugly job
putting it into several hashes but kida threaded the PDUs.
Later I wrote the AVP Lib for it. So that I would converge dealing with the
different protocols into a single mechanism. H225 got into the picture but
wasn't versatile enough. Still I used code in the dissectors to extract the
data.
As I tried to get MEGACO into the picture I wrote a parser to import the
dpc+cic->term mapping. It took me a day to "see the light", ECTAF used the
AVPLs as a logical engine already, I had a parser for AVPLs, 1+1=2, so:
importing the logic from a config file wasa natuiral step for it. STTF was
the name then (I never got it to be usable, that's why I did not release then).
At that point I started working into fetching data from the tree, getting it
into avpls match the avpls to group the pdus etc... the nice "thing" was that
it was configurable. I called it TTT.
I released about a month ago something called "Thing" that was the result of
that metamorphosis. A configurable tool that allows to use ethereal to do
analysis at the session and application level. Not only on what the frames
carry but on how they interact.
Now I release a nicelly wrapped version of it. I fixed many things and made
code that I believe to be versatile enough to be able to grow, clean enough to
be mantainable.
Anyway today's MATE is just the core of an application in the application. It
has plenty of room to grow.
@ -73,9 +37,6 @@ There are still things I will be doing on MATE's code in the very next future:
There are things other I cannot/"do not plan to" do that would be nice
if someone else did:
- build it as a plugin on Win32. However it may be better to get it in epan and
forget about pluginizing it.
- make it work with tethereal. This has frustrated me twice:
first because I meant it to be used as a filter on live capture to save only
packets of a call from a given number. And, second, because I tried very hard