2 * MATE -- Meta Analysis and Tracing Engine
4 * Copyright 2004, Luis E. Garcia Ontanon <luis@ontanon.org>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * SPDX-License-Identifier: GPL-2.0-or-later
17 #define WS_LOG_DOMAIN "MATE"
18 #include <wireshark.h>
25 #include <wsutil/report_message.h>
26 #include <wsutil/wslog.h>
28 #include <epan/packet.h>
29 #include <epan/exceptions.h>
30 #include <epan/strutil.h>
31 #include <epan/prefs.h>
32 #include <epan/proto.h>
33 #include <epan/epan_dissect.h>
34 #include <wsutil/filesystem.h>
36 #include "mate_util.h"
40 #define DEFAULT_GOG_EXPIRATION 2.0
48 #define DEFAULT_MATE_LIB_PATH "matelib"
50 #define MATE_ITEM_ID_SIZE 24
52 #define VALUE_TOO ((void*)1)
54 #define MateConfigError 65535
56 typedef enum _gop_tree_mode_t
{
62 typedef enum _gop_pdu_tree
{
69 typedef enum _accept_mode_t
{
75 typedef struct _mate_cfg_pdu
{
77 unsigned last_id
; /* keeps the last id given to an item of this kind */
79 GHashTable
* items
; /* all the items of this type */
80 GPtrArray
* transforms
; /* transformations to be applied */
85 int hfid_pdu_rel_time
;
86 int hfid_pdu_time_in_gop
;
88 GHashTable
* my_hfids
; /* for creating register info */
93 GHashTable
* hfids_attr
; /* k=hfid v=avp_name */
99 GPtrArray
* transport_ranges
; /* hfids of candidate transport ranges from which to extract attributes */
100 GPtrArray
* payload_ranges
; /* hfids of candidate payload ranges from which to extract attributes */
102 avpl_match_mode criterium_match_mode
;
103 accept_mode_t criterium_accept_mode
;
108 typedef struct _mate_cfg_gop
{
110 unsigned last_id
; /* keeps the last id given to an item of this kind */
111 GHashTable
* items
; /* all the items of this type */
113 GPtrArray
* transforms
; /* transformations to be applied */
116 AVPL
* key
; /* key candidate avpl */
117 AVPL
* start
; /* start candidate avpl */
118 AVPL
* stop
; /* stop candidate avpl */
119 AVPL
* extra
; /* attributes to be added */
125 bool drop_unassigned
;
126 gop_pdu_tree_t pdu_tree_mode
;
129 GHashTable
* my_hfids
; /* for creating register info */
135 int hfid_gop_num_pdus
;
142 GHashTable
* gop_index
;
143 GHashTable
* gog_index
;
147 typedef struct _mate_cfg_gog
{
150 GHashTable
* items
; /* all the items of this type */
151 unsigned last_id
; /* keeps the last id given to an item of this kind */
153 GPtrArray
* transforms
; /* transformations to be applied */
156 AVPL
* extra
; /* attributes to be added */
159 gop_tree_mode_t gop_tree_mode
;
162 GHashTable
* my_hfids
; /* for creating register info */
164 int hfid_gog_num_of_gops
;
166 int hfid_gog_gopstart
;
167 int hfid_gog_gopstop
;
178 typedef struct _mate_config
{
179 char* mate_config_file
; /* name of the config file */
183 GArray
*wanted_hfids
; /* hfids of protocols and fields MATE needs */
184 unsigned num_fields_wanted
; /* number of fields MATE will look at */
186 FILE* dbg_facility
; /* where to dump dbgprint output ws_message if null */
188 char* mate_lib_path
; /* where to look for "Include" files first */
190 GHashTable
* pducfgs
; /* k=pducfg->name v=pducfg */
191 GHashTable
* gopcfgs
; /* k=gopcfg->name v=gopcfg */
192 GHashTable
* gogcfgs
; /* k=gogcfg->name v=gogcfg */
193 GHashTable
* transfs
; /* k=transform->name v=transform */
195 GPtrArray
* pducfglist
; /* pducfgs in order of "execution" */
196 GHashTable
* gops_by_pduname
; /* k=pducfg->name v=gopcfg */
197 GHashTable
* gogs_by_gopname
; /* k=gopname v=loal where avpl->name == matchedgop->name */
204 struct _mate_cfg_defaults
{
205 struct _pdu_defaults
{
206 avpl_match_mode match_mode
;
207 avpl_replace_mode replace_mode
;
210 bool drop_unassigned
;
214 struct _gop_defaults
{
219 gop_pdu_tree_t pdu_tree_mode
;
221 bool drop_unassigned
;
225 struct _gog_defaults
{
228 gop_tree_mode_t gop_tree_mode
;
232 /* what to dbgprint */
238 GPtrArray
* config_stack
;
239 GString
* config_error
;
244 typedef struct _mate_config_frame
{
250 typedef struct _mate_runtime_data
{
251 unsigned current_items
; /* a count of items */
253 unsigned highest_analyzed_frame
;
255 GHashTable
* frames
; /* k=frame.num v=pdus */
259 typedef struct _mate_pdu mate_pdu
;
260 typedef struct _mate_gop mate_gop
;
261 typedef struct _mate_gog mate_gog
;
263 /* these are used to contain information regarding pdus, gops and gogs */
265 uint32_t id
; /* 1:1 -> saving a g_malloc */
266 mate_cfg_pdu
* cfg
; /* the type of this item */
270 uint32_t frame
; /* which frame I belong to? */
271 mate_pdu
* next_in_frame
; /* points to the next pdu in this frame */
272 double rel_time
; /* time since start of capture */
274 mate_gop
* gop
; /* the gop the pdu belongs to (if any) */
275 mate_pdu
* next
; /* next in gop */
276 double time_in_gop
; /* time since gop start */
278 bool first
; /* is this the first pdu in this frame? */
279 bool is_start
; /* this is the start pdu for this gop */
280 bool is_stop
; /* this is the stop pdu for this gop */
281 bool after_release
; /* this pdu comes after the stop */
291 AVPL
* avpl
; /* the attributes of the pdu/gop/gog */
294 mate_gog
* gog
; /* the gog of a gop */
295 mate_gop
* next
; /* next in gog; */
297 double expiration
; /* when will it expire after release (all gops releases if gog)? */
298 double idle_expiration
; /* when will it expire if no new pdus are assigned to it */
300 double time_to_timeout
;
302 double start_time
; /* time of start */
303 double release_time
; /* when this gop/gog was released */
304 double last_time
; /* the rel_time at which the last pdu has been added (to gop or gog's gop) */
307 int num_of_pdus
; /* how many gops a gog has? */
308 int num_of_after_release_pdus
; /* how many pdus have arrived since it's been released */
309 mate_pdu
* pdus
; /* pdus that belong to a gop (NULL in gog) */
310 mate_pdu
* last_pdu
; /* last pdu in pdu's list */
312 bool released
; /* has this gop been released? */
320 AVPL
* avpl
; /* the attributes of the pdu/gop/gog */
321 unsigned last_n
; /* the number of attributes the avpl had the last time we checked */
323 bool released
; /* has this gop been released? */
325 double expiration
; /* when will it expire after release (all gops releases if gog)? */
326 double idle_expiration
; /* when will it expire if no new pdus are assigned to it */
328 /* on gop and gog: */
329 double start_time
; /* time of start */
330 double release_time
; /* when this gog was released */
331 double last_time
; /* the rel_time at which the last pdu has been added */
333 mate_gop
* gops
; /* gops that belong to a gog (NULL in gop) */
334 mate_gop
* last_gop
; /* last gop in gop's list */
336 int num_of_gops
; /* how many gops a gog has? */
337 int num_of_counting_gops
; /* how many of them count for gog release */
338 int num_of_released_gops
; /* how many of them have already been released */
339 GPtrArray
* gog_keys
; /* the keys under which this gog is stored in the gogs hash */
342 typedef union _mate_max_size
{
348 /* from mate_runtime.c */
349 extern void initialize_mate_runtime(mate_config
* mc
);
350 extern mate_pdu
* mate_get_pdus(uint32_t framenum
);
351 extern void mate_analyze_frame(mate_config
*mc
, packet_info
*pinfo
, proto_tree
* tree
);
353 /* from mate_setup.c */
354 extern mate_config
* mate_make_config(const char* filename
, int mate_hfid
);
356 extern mate_cfg_pdu
* new_pducfg(mate_config
* mc
, char* name
);
357 extern mate_cfg_gop
* new_gopcfg(mate_config
* mc
, char* name
);
358 extern mate_cfg_gog
* new_gogcfg(mate_config
* mc
, char* name
);
360 extern bool add_hfid(mate_config
* mc
, header_field_info
* hfi
, char* as
, GHashTable
* where
);
361 extern char* add_ranges(char* range
, GPtrArray
* range_ptr_arr
);
364 /* from mate_parser.l */
365 extern bool mate_load_config(const char* filename
, mate_config
* mc
);
367 /* Constructor/Destructor prototypes for Lemon Parser */
368 #define YYMALLOCARGTYPE size_t
369 void *MateParserAlloc(void* (*)(YYMALLOCARGTYPE
));
370 void MateParserFree(void*, void (*)(void *));
371 void MateParser(void*, int, char*, mate_config
*);
