tm_export.cpp File Reference

#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <glib.h>
#include "import.h"
#include "cfile.h"
#include "wtap.h"
#include "buffer.h"
#include "libpcap.h"
#include "wtap-int.h"
#include "file_wrappers.h"
#include "file_util.h"
#include "packet-frame.h"
#include "packet-data.h"
#include "proto.h"
#include "epan/to_str.h"
#include "ftypes/ftypes.h"
#include <io.h>
#include <fcntl.h>
#include "tm_export.h"


Classes
struct	hf_prototree_data
	Structure representing a protocol tree for Wireshark dissection process. More...
Defines
#define	HF_DISSECT_OK 0;
#define	HF_DISSECT_ERR -1;
#define	NODEBUG_MODE 0
#define	DEBUG_MODE 1
#define	GLOBAL_HEADER_LENGTH 24
#define	PACKET_HEADER_LENGTH 16
#define	HF_FAKE_FD 3000;
Enumerations
enum	cf_status_t { CF_OK, CF_ERROR }
Functions
void	hf_init_timestructs ()
int	hf_parse_global_header (wtap wth, unsigned char in_data)
int	hf_parse_packet_header (wtap wth, unsigned char in_data)
wtap *	hf_create_fakewth (unsigned char *in_data)
static const guint8 *	get_field_data (GSList src_list, field_info fi)
char *	generate_seq_name ()
int	hf_ftype_to_int (ftenum ftype)
guint8 *	hf_copy_value (const guint8 *value, int size)
guchar *	hf_copy_value_to_hexa (const guint8 *value, int size)
char *	hf_copy_string (const char *to_copy)
guchar *	hf_extract_value (hf_prototree_data pdata, field_info fi)
void	hf_print_datamodel (hf_datanode *node, int level, int position)
hf_datanode *	hf_transform_ptree_node_to_datamodel_node (proto_node *node, gpointer data)
hf_datanode *	hf_transform_ptree_to_datamodel (epan_dissect_t *edt)
void	hf_skip_duplicates (hf_datanode *node)
void	hf_print_only_last_proto (hf_datanode *root_packet)
hf_datanode *	hf_return_only_payload (hf_datanode *root)
void	hf_free_datamodel (hf_datanode *root)
void	hf_dissect_init ()
void	hf_dissect_cleanup ()
void	hf_one_iteration_cleanup ()
void	hf_one_iteration_init ()
hf_datanode *	hf_dissect_one_packet (unsigned char *in_data, int mode)
Variables
static nstime_t	first_ts
static nstime_t	prev_dis_ts
static nstime_t	prev_cap_ts
static guint32	cum_bytes
static int	name_number
static int	debug_mode = NODEBUG_MODE

Define Documentation

#define DEBUG_MODE 1

Debug macro value for DEBUG mode

#define GLOBAL_HEADER_LENGTH 24

Static length of a pcap global header

#define HF_DISSECT_ERR -1;

HotFuzz internal ERROR mark

#define HF_DISSECT_OK 0;

HotFuzz internal OK mark

#define HF_FAKE_FD 3000;

Fake filedescriptor. In case we missed some fake parts the Wireshark needs this should generate an error

#define NODEBUG_MODE 0

Debug macro value for NODEBUG mode

#define PACKET_HEADER_LENGTH 16

Static length of a pcap packet header

Enumeration Type Documentation

enum cf_status_t

Enumerator:

CF_OK	operation succeeded
CF_ERROR	operation got an error (function may provide err with details)

Function Documentation

char* generate_seq_name ( )

Creates a universal sequential name for unnamed fields in the packet. Universal pattern for the artificial name is hf_NUMBER, numbers are generated sequentially.

Returns:: generated name or NULL if failed

static const guint8* get_field_data	(	GSList *	src_list,
		field_info *	fi
	)			`[static]`

Finds the data source for a specified field.

Parameters:

	src_list	list of possible sources
	fi	filed info structure for store&compare extracted attributes

Returns:: found data or NULL if data were not found

char* hf_copy_string ( const char * to_copy )

Simple function to copy a string represented by char*

Parameters:

to_copy

string to be copied

Returns:: duplicate of the string

guint8* hf_copy_value	(	const guint8 *	value,
		int	size
	)

Copies the right part of the value into a new backslashzero-delimited guint8 array

Parameters:

	value	original value array
	size	number of gints to be copied

Returns:: copied part of the value delimited by backslashzero, or NULL if failed or if there is no value to copy

guchar* hf_copy_value_to_hexa	(	const guint8 *	value,
		int	size
	)

Copies the right part of the value into a new array using hexadecimal representation

Parameters:

	value	original value array
	size	number of gints to be copied

Returns:: copied part of the value in hex, or NULL if failed or if there is no value to copy

wtap* hf_create_fakewth ( unsigned char * in_data )

Creates a fake wiretap header structure as a wrapper around the actual raw binary data to make them an appropriate input for the dissection process.

Parameters:

in_data

raw binary data of the packet to be dissected

Returns:: created wiretap header structure filled in with all the necessary fields(or NULL if it fails)

void hf_dissect_cleanup ( )

Wrapper for top level dissection structures cleanup

void hf_dissect_init ( )

Wrapper for top level dissection structures initialization

hf_datanode* hf_dissect_one_packet	(	unsigned char *	in_data,
		int	mode
	)

Does the dissection of one packet.

Parameters:

	in_data	raw binary data of the packet to be processed
	mode	specifies the debug mode

Returns:: dissected packet payload in a form of hf_datanode tree if everything went OK, NULL otherwise

guchar* hf_extract_value	(	hf_prototree_data *	pdata,
		field_info *	fi
	)

Extracts concrete data for a specified field_info label

Parameters:

	pdata	supporting structure containing concrete data in byte arrays
	fi	field_info label of extracted data

Returns:: extracted data in a form of byte array or NULL if failed

void hf_free_datamodel ( hf_datanode * root )

Wrapper for a datamodel free function

Parameters:

root

root of the datamodel tree to be freed

int hf_ftype_to_int ( ftenum ftype )

Translates an ftype from Wireshark enum representation to an integer representation for HotFuzz

Parameters:

ftype

Wireshark type to be translated

Returns:: integer representation of the type ftype for HotFuzz

void hf_init_timestructs ( )

Initializes global time variables

void hf_one_iteration_cleanup ( )

Wrapper for dissection structures cleanup

void hf_one_iteration_init ( )

Wrapper for dissection structures initialization

int hf_parse_global_header	(	wtap *	wth,
		unsigned char *	in_data
	)

Parses information from global pcap header to a wiretap header structure

Parameters:

	in_data	packet data with pcap file structure(contains both pcap global header and pcap packet header at the beginning)
	wth	wiretap header structure to store extracted information

Returns:: whether the parse process was succesfull or not

int hf_parse_packet_header	(	wtap *	wth,
		unsigned char *	in_data
	)

Parses information from packet pcap header to a wiretap header structure

Parameters:

	in_data	packet data with pcap file structure(without pcap global header, starts with pcap packet header)
	wth	wiretap header structure to store extracted information

Returns:: whether the parse process was succesfull or not

void hf_print_datamodel	(	hf_datanode *	node,
		int	level,
		int	position
	)

Simple printer for a datamodel

Parameters:

	node	root of the datamodel tree to be printed
	level	current depth of the tree in which we actually are
	position	current horizontal position in the actual level of the tree

void hf_print_only_last_proto ( hf_datanode * root_packet )

Prints only the contents of the last protocol in the packet(since we do not care about the previous ones much)

Parameters:

root_packet

root node of the packet tree\

hf_datanode* hf_return_only_payload ( hf_datanode * root )

Returns only the "payload" of the packet(e.g. without the artificially generated eth,ip adn tcp/udp headers)

Parameters:

root

root node of the packet tree

void hf_skip_duplicates ( hf_datanode * node )

Deletes duplicate nodes from children of a datamodel node Some nodes are duplicate because of precise description(eg. tcp.flags and all the tcp.flags.***)

Parameters:

node

processed datamodel node

Returns:: node wih deduplicated children

hf_datanode* hf_transform_ptree_node_to_datamodel_node	(	proto_node *	node,
		gpointer	data
	)

Convert a proto_node to a datamodel node(hf_datanode), preserve only necessary information

Parameters:

	node	actually processed node of the proto_tree
	data	supporting structure containing concrete data in byte arrays

Returns:: newly created node of a datamodel or NULL if failed

hf_datanode* hf_transform_ptree_to_datamodel ( epan_dissect_t * edt )

Extracts all the necessary information from a protocol tree and creates a datamodel tree

Parameters:

edt

structure containing information from dissected packet

Variable Documentation

guint32 cum_bytes [static]

Cummulative counter for bytes that were already processed.

int debug_mode = NODEBUG_MODE [static]

Specifies the current debug mode e.g. DEBUG or NODEBUG.

nstime_t first_ts [static]

Timestamp of the first frame processed.

int name_number [static]

The local number representing the counter for creation of artificial blocks.

nstime_t prev_cap_ts [static]

Timestamp of the previous capture processed.

nstime_t prev_dis_ts [static]

Timestamp of the previous frame processed.

tm_export.cpp File Reference

Classes

Defines

Enumerations

Functions

Variables

Define Documentation

Enumeration Type Documentation

Function Documentation

Variable Documentation