1 /* follow.h
2  *
3  * Copyright 1998 Mike Hall <mlh@io.com>
4  *
5  * Wireshark - Network traffic analyzer
6  * By Gerald Combs <gerald@wireshark.org>
7  * Copyright 1998 Gerald Combs
8  *
9  * SPDX-License-Identifier: GPL-2.0-or-later
10  *
11  */
12 
13 #ifndef __FOLLOW_H__
14 #define __FOLLOW_H__
15 
16 #include <epan/epan.h>
17 #include <epan/packet.h>
18 #include <epan/ipv6.h>
19 #include <epan/tap.h>
20 #include <epan/wmem_scopes.h>
21 #include "ws_symbol_export.h"
22 
23 #ifdef __cplusplus
24 extern "C" {
25 #endif /* __cplusplus */
26 
27 typedef enum {
28   TCP_STREAM = 0,
29   UDP_STREAM,
30   MAX_STREAM
31 } stream_type;
32 
33 typedef enum {
34     FRS_OK,
35     FRS_OPEN_ERROR,
36     FRS_READ_ERROR,
37     FRS_PRINT_ERROR
38 } frs_return_t;
39 
40 /* Type of follow we are doing */
41 typedef enum {
42     FOLLOW_TCP,
43     FOLLOW_TLS,
44     FOLLOW_UDP,
45     FOLLOW_DCCP,
46     FOLLOW_HTTP,
47     FOLLOW_HTTP2,
48     FOLLOW_QUIC,
49     FOLLOW_SIP,
50 } follow_type_t;
51 
52 /* Show Type */
53 typedef enum {
54     SHOW_ASCII,
55     SHOW_CARRAY,
56     SHOW_EBCDIC,
57     SHOW_HEXDUMP,
58     SHOW_RAW,
59     SHOW_CODEC, // Ordered to match UTF-8 combobox index
60     SHOW_YAML
61 } show_type_t;
62 
63 
64 /* Show Stream */
65 typedef enum {
66     FROM_CLIENT,
67     FROM_SERVER,
68     BOTH_HOSTS
69 } show_stream_t;
70 
71 typedef union _stream_addr {
72   guint32 ipv4;
73   ws_in6_addr ipv6;
74 } stream_addr;
75 
76 struct _follow_info;
77 
78 typedef gboolean (*follow_print_line_func)(char *, size_t, gboolean, void *);
79 typedef frs_return_t (*follow_read_stream_func)(struct _follow_info *follow_info, follow_print_line_func follow_print, void *arg);
80 
81 #define SUBSTREAM_UNUSED	G_GUINT64_CONSTANT(0xFFFFFFFFFFFFFFFF)
82 
83 typedef struct {
84     gboolean is_server;
85     guint32 packet_num;
86     guint32 seq; /* TCP only */
87     nstime_t abs_ts; /**< Packet absolute time stamp */
88     GByteArray *data;
89 } follow_record_t;
90 
91 typedef struct _follow_info {
92     show_stream_t   show_stream;
93     char            *filter_out_filter;
94     GList           *payload;   /* "follow_record_t" entries, in reverse order. */
95     guint           bytes_written[2]; /* Index with FROM_CLIENT or FROM_SERVER for readability. */
96     guint32         seq[2]; /* TCP only */
97     GList           *fragments[2]; /* TCP only */
98     guint           client_port;
99     guint           server_port;
100     address         client_ip;
101     address         server_ip;
102     void*           gui_data;
103     guint64         substream_id;  /**< Sub-stream; used only by HTTP2 and QUIC */
104 } follow_info_t;
105 
106 struct register_follow;
107 typedef struct register_follow register_follow_t;
108 
109 typedef gchar* (*follow_conv_filter_func)(epan_dissect_t *edt, packet_info *pinfo, guint *stream, guint *sub_stream);
110 typedef gchar* (*follow_index_filter_func)(guint stream, guint sub_stream);
111 typedef gchar* (*follow_address_filter_func)(address* src_addr, address* dst_addr, int src_port, int dst_port);
112 typedef gchar* (*follow_port_to_display_func)(wmem_allocator_t *allocator, guint port);
113 
114 WS_DLL_PUBLIC
115 void register_follow_stream(const int proto_id, const char* tap_listener,
116                             follow_conv_filter_func conv_filter, follow_index_filter_func index_filter, follow_address_filter_func address_filter,
117                             follow_port_to_display_func port_to_display, tap_packet_cb tap_handler);
118 
119 /** Get protocol ID from registered follower
120  *
121  * @param follower Registered follower
122  * @return protocol id of follower
123  */
124 WS_DLL_PUBLIC int get_follow_proto_id(register_follow_t* follower);
125 
126 /** Get tap name string from registered follower (used for register_tap_listener)
127  *
128  * @param follower Registered follower
129  * @return tap name string of follower
130  */
131 WS_DLL_PUBLIC const char* get_follow_tap_string(register_follow_t* follower);
132 
133 /** Get a registered follower by protocol short name
134  *
135  * @param proto_short_name Protocol short name
136  * @return tap registered follower if match, otherwise NULL
137  */
138 WS_DLL_PUBLIC register_follow_t* get_follow_by_name(const char* proto_short_name);
139 
140 /** Provide function that builds a follow filter based on the current packet's conversation.
141  *
142  * @param follower [in] Registered follower
143  * @return A filter function handler
144  */
145 WS_DLL_PUBLIC follow_conv_filter_func get_follow_conv_func(register_follow_t* follower);
146 
147 /** Provide function that builds a follow filter based on stream.
148  *
149  * @param follower [in] Registered follower
150  * @return A filter function handler
151  */
152 WS_DLL_PUBLIC follow_index_filter_func get_follow_index_func(register_follow_t* follower);
153 
154 /** Provide function that builds a follow filter based on address/port pairs.
155  *
156  * @param follower [in] Registered follower
157  * @return A filter function handler
158  */
159 WS_DLL_PUBLIC follow_address_filter_func get_follow_address_func(register_follow_t* follower);
160 
161 /** Provide function that resolves port number to name based on follower.
162  *
163  * @param follower [in] Registered follower
164  * @return A port resolver function handler
165  */
166 WS_DLL_PUBLIC follow_port_to_display_func get_follow_port_to_display(register_follow_t* follower);
167 
168 /** Provide function that handles tap data (tap_packet_cb parameter of register_tap_listener)
169  *
170  * @param follower [in] Registered follower
171  * @return A tap packet handler
172  */
173 WS_DLL_PUBLIC tap_packet_cb get_follow_tap_handler(register_follow_t* follower);
174 
175 
176 /** Tap function handler when dissector's tap provides follow data as a tvb.
177  * Used by TCP, UDP and HTTP followers
178  */
179 WS_DLL_PUBLIC tap_packet_status
180 follow_tvb_tap_listener(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_, const void *data);
181 
182 /** Interator to walk all registered followers and execute func
183  *
184  * @param func action to be performed on all converation tables
185  * @param user_data any data needed to help perform function
186  */
187 WS_DLL_PUBLIC void follow_iterate_followers(wmem_foreach_func func, gpointer user_data);
188 
189 /** Generate -z stat (tap) name for a follower
190  * Currently used only by TShark
191  *
192  * @param follower [in] Registered follower
193  * @return A tap data handler
194  */
195 WS_DLL_PUBLIC gchar* follow_get_stat_tap_string(register_follow_t* follower);
196 
197 /** Clear counters, addresses and ports of follow_info_t
198  *
199  * @param info [in] follower info
200  */
201 WS_DLL_PUBLIC void follow_reset_stream(follow_info_t* info);
202 
203 /** Free follow_info_t structure
204  * Free everything except the GUI element
205  *
206  * @param follow_info [in] follower info
207  */
208 WS_DLL_PUBLIC void follow_info_free(follow_info_t* follow_info);
209 
210 #ifdef __cplusplus
211 }
212 #endif /* __cplusplus */
213 
214 #endif
215