mate.h

/* mate.h
 * MATE -- Meta Analysis and Tracing Engine
 *
 * Copyright 2004, Luis E. Garcia Ontanon <[email protected]>
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <[email protected]>
 * Copyright 1998 Gerald Combs
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */
 
 
#ifndef __MATE_H_
#define __MATE_H_
 
#define WS_LOG_DOMAIN "MATE"
#include <wireshark.h>
 
#include <gmodule.h>
 
#include <stdio.h>
#include <string.h>
 
#include <wsutil/report_message.h>
#include <wsutil/wslog.h>
 
#include <epan/packet.h>
#include <epan/exceptions.h>
#include <epan/strutil.h>
#include <epan/prefs.h>
#include <epan/proto.h>
#include <epan/epan_dissect.h>
#include <wsutil/filesystem.h>
 
#include "mate_util.h"
 
/* defaults */
 
#define DEFAULT_GOG_EXPIRATION 2.0
 
#ifdef _WIN32
#define DIR_SEP '\\'
#else
#define DIR_SEP '/'
#endif
 
#define DEFAULT_MATE_LIB_PATH "matelib"
 
#define MATE_ITEM_ID_SIZE 24
 
#define VALUE_TOO ((void*)1)
 
#define MateConfigError 65535
 
typedef enum _gop_tree_mode_t {
    GOP_NULL_TREE,  
    GOP_BASIC_TREE, 
    GOP_FULL_TREE   
} gop_tree_mode_t;
 
 
typedef enum _gop_pdu_tree {
    GOP_NO_TREE,       
    GOP_PDU_TREE,      
    GOP_FRAME_TREE,    
    GOP_BASIC_PDU_TREE 
} gop_pdu_tree_t;
 
 
typedef enum _accept_mode_t {
    ACCEPT_MODE, 
    REJECT_MODE  
} accept_mode_t;
 
 
typedef struct _mate_cfg_pdu {
    char      *name;          
    GPtrArray *transforms;    
    int hfid;                 
    int hfid_proto;           
    int hfid_pdu_rel_time;    
    int hfid_pdu_time_in_gop; 
    GHashTable *my_hfids;     
    int ett;                  
    int ett_attr;             
    GHashTable *hfids_attr;   
    bool discard;             
    bool last_extracted;      
    bool drop_unassigned;     
    GPtrArray *transport_ranges; 
    GPtrArray *payload_ranges;   
    avpl_match_mode  criterium_match_mode;  
    accept_mode_t    criterium_accept_mode; 
    AVPL            *criterium;             
} mate_cfg_pdu;
 
 
typedef struct _mate_cfg_gop {
    char      *name;       
    GPtrArray *transforms; 
    const char *on_pdu;    
    AVPL *key;   
    AVPL *start; 
    AVPL *stop;  
    AVPL *extra; 
    double expiration;    
    double idle_timeout;  
    double lifetime;      
    bool           drop_unassigned; 
    gop_pdu_tree_t pdu_tree_mode;   
    bool           show_times;      
    GHashTable *my_hfids;       
    int hfid;                   
    int hfid_start_time;        
    int hfid_stop_time;         
    int hfid_last_time;         
    int hfid_gop_pdu;           
    int hfid_gop_num_pdus;      
    int ett;           
    int ett_attr;      
    int ett_times;     
    int ett_children;  
} mate_cfg_gop;
 
 
typedef struct _mate_cfg_gog {
    char      *name;       
    GPtrArray *transforms; 
    LoAL *keys;   
    AVPL *extra;  
    double          expiration;    
    gop_tree_mode_t gop_tree_mode; 
    bool            show_times;    
    GHashTable *my_hfids;          
    int hfid;                      
    int hfid_gog_num_of_gops;      
    int hfid_gog_gop;              
    int hfid_gog_gopstart;         
    int hfid_gog_gopstop;          
    int hfid_start_time;           
    int hfid_stop_time;            
    int hfid_last_time;            
    int ett;          
    int ett_attr;     
    int ett_times;    
    int ett_children; 
    int ett_gog_gop;  
} mate_cfg_gog;
 
 
typedef struct _mate_config {
    int hfid_mate; 
    GArray  *wanted_hfids;       
    unsigned num_fields_wanted;  
    FILE *dbg_facility;    
    char *mate_lib_path;   
    GHashTable *pducfgs; 
    GHashTable *gopcfgs; 
    GHashTable *gogcfgs; 
    GHashTable *transfs; 
    GPtrArray  *pducfglist;       
    GHashTable *gops_by_pduname;  
    GHashTable *gogs_by_gopname;  
    GArray *hfrs;    
    int     ett_root; 
    GArray *ett;      
    struct _mate_cfg_defaults {
 
        struct _pdu_defaults {
            avpl_match_mode   match_mode;      
            avpl_replace_mode replace_mode;    
            bool              last_extracted;  
            bool              drop_unassigned; 
            bool              discard;         
        } pdu;
 
        struct _gop_defaults {
            double         expiration;    
            double         idle_timeout;  
            double         lifetime;      
            gop_pdu_tree_t pdu_tree_mode; 
            bool           show_times;    
            bool           drop_unassigned; 
        } gop;
 
        struct _gog_defaults {
            double          expiration;    
            bool            show_times;    
            gop_tree_mode_t gop_tree_mode; 
        } gog;
 
    } defaults;
 
    /* Debug verbosity levels */
    int dbg_lvl;     
    int dbg_pdu_lvl; 
    int dbg_gop_lvl; 
    int dbg_gog_lvl; 
    GPtrArray *config_stack; 
    GString   *config_error; 
} mate_config;
 
 
typedef struct _mate_config_frame {
    char    *filename; 
    unsigned linenum;  
} mate_config_frame;
 
 
typedef struct _gopcfg_runtime_data {
    unsigned    last_id;   
    GHashTable *gop_index; 
    GHashTable *gog_index; 
} gopcfg_runtime_data;
 
 
typedef struct _mate_runtime_data {
    unsigned current_items;          
    double   now;                    
    unsigned highest_analyzed_frame; 
    GHashTable *frames; 
    GHashTable *gops;   
    GHashTable *gogs;   
    GHashTable *pdu_last_ids; 
    GHashTable *gopcfg_rd;    
    GHashTable *gog_last_ids; 
} mate_runtime_data;
 
 
typedef struct _mate_pdu mate_pdu;
typedef struct _mate_gop mate_gop;
typedef struct _mate_gog mate_gog;
 
 
struct _mate_pdu {
    uint32_t               id;           
    const mate_cfg_pdu    *cfg;          
    AVPL    *avpl;                        
    uint32_t frame;                       
    double   rel_time;                    
    mate_gop *gop;                        
    mate_pdu *next;                       
    double    time_in_gop;               
    bool first;         
    bool is_start;      
    bool is_stop;       
    bool after_release; 
};
 
 
struct _mate_gop {
    uint32_t            id;      
    const mate_cfg_gop *cfg;     
    char *gop_key; 
    AVPL *avpl;    
    unsigned last_n; 
    mate_gog *gog;  
    mate_gop *next; 
    double expiration;       
    double idle_expiration;  
    double time_to_die;      
    double time_to_timeout;  
    double start_time;    
    double release_time;  
    double last_time;     
    int num_of_pdus;                
    int num_of_after_release_pdus;  
    mate_pdu *pdus;                 
    mate_pdu *last_pdu;             
    bool released; 
};
 
 
struct _mate_gog {
    uint32_t            id;  
    const mate_cfg_gog *cfg; 
    AVPL    *avpl;   
    unsigned last_n; 
    bool released; 
    double expiration;      
    double idle_expiration; 
    double start_time;   
    double release_time; 
    double last_time;    
    mate_gop *gops;     
    mate_gop *last_gop; 
    int num_of_gops;              
    int num_of_counting_gops;     
    int num_of_released_gops;     
    GPtrArray *gog_keys;          
};
 
typedef union _mate_max_size {
    mate_pdu pdu; 
    mate_gop gop; 
    mate_gog gog; 
} mate_max_size;
 
/* from mate_runtime.c */
 
extern void initialize_mate_runtime(mate_config* mc);
 
extern GPtrArray* mate_get_pdus(uint32_t framenum);
 
extern void mate_analyze_frame(mate_config *mc, packet_info *pinfo, proto_tree* tree);
 
/* from mate_setup.c */
extern mate_config* mate_make_config(const char* filename, int mate_hfid);
 
extern mate_cfg_pdu* new_pducfg(mate_config* mc, char* name);
 
extern mate_cfg_gop* new_gopcfg(mate_config* mc, char* name);
 
extern mate_cfg_gog* new_gogcfg(mate_config* mc, char* name);
 
extern bool add_hfid(mate_config* mc, header_field_info* hfi, char* as, GHashTable* where);
 
extern char* add_ranges(char* range, GPtrArray* range_ptr_arr);
 
/* from mate_parser.l */
 
extern bool mate_load_config(const char* filename, mate_config* mc);
 
#define YYMALLOCARGTYPE size_t
 
void *MateParserAlloc(void* (*)(YYMALLOCARGTYPE));
 
void MateParserFree(void*, void (*)(void *));
 
 
void MateParser(void*, int, char*, mate_config*);
 
#endif