feat: add support for iograph (#18)

Author: polesye

lib/wiregasm/bindings.cpp

@@ -32,6 +32,7 @@ EMSCRIPTEN_BINDINGS(DissectSession)
     .function("getFrame", &DissectSession::getFrame)
     .function("tap", &DissectSession::tap)
     .function("download", &DissectSession::download)
+    .function("iograph", &DissectSession::iograph)
     .function("follow", &DissectSession::follow);
 }
 
@@ -198,9 +199,25 @@ EMSCRIPTEN_BINDINGS(CompleteField)
     .field("name", &CompleteField::name);
 }
 
+EMSCRIPTEN_BINDINGS(IoGraph)
+{
+  value_object<IoGraph>("IoGraph")
+    .field("items", &IoGraph::items);
+}
+
+EMSCRIPTEN_BINDINGS(IoGraphResult)
+{
+  value_object<IoGraphResult>("IoGraphResult")
+    .field("error", &IoGraphResult::error)
+    .field("iograph", &IoGraphResult::iograph);
+
+  register_vector<IoGraph>("VectorIoGraph");
+}
+
 EMSCRIPTEN_BINDINGS(stl_wrappers)
 {
   register_vector<string>("VectorString");
+  register_vector<float>("VectorFloat");
   register_vector<FrameMeta>("VectorFrameMeta");
   register_vector<DataSource>("VectorDataSource");
   register_vector<ProtoTree>("VectorProtoTree");
@@ -303,6 +320,6 @@ EMSCRIPTEN_BINDINGS(ExportObject) {
 }
 
 
-EMSCRIPTEN_BINDINGS(TapInput) {
-  register_map<string, string>("TapInput");
+EMSCRIPTEN_BINDINGS(MapInput) {
+  register_map<string, string>("MapInput");
 }

lib/wiregasm/lib.cpp

@@ -1,12 +1,26 @@
 #include "lib.h"
-#include "wiregasm.h"
-#include <epan/conversation_table.h>
-#include <epan/maxmind_db.h>
 
 
 static guint32 cum_bytes;
 static frame_data ref_frame;
 
+
+#define WG_IOGRAPH_MAX_ITEMS 250000 /* 250k limit of items is taken from wireshark-qt, on x86_64 sizeof(io_graph_item_t) is 152, so single graph can take max 36 MB */
+
+struct wg_iograph
+{
+  /* config */
+  int hf_index;
+  io_graph_item_unit_t calc_type;
+  guint32 interval;
+
+  /* result */
+  int space_items;
+  int num_items;
+  io_graph_item_t *items;
+  GString *error;
+};
+
 struct wg_conv_tap_data
 {
   const char *type;
@@ -1639,7 +1653,7 @@ wg_session_process_tap_conv_cb(void *tapdata)
  *
  *   (m) err   - error code
  */
-TapResponse wg_session_process_tap(capture_file *cfile, TapInput taps)
+TapResponse wg_session_process_tap(capture_file *cfile, MapInput taps)
 {
   TapResponse buf;
   void *taps_data[16];
@@ -1785,3 +1799,205 @@ TapResponse wg_session_process_tap(capture_file *cfile, TapInput taps)
   }
   return buf;
 }
+
+
+static tap_packet_status
+wg_iograph_packet(void *g, packet_info *pinfo, epan_dissect_t *edt, const void *dummy _U_, tap_flags_t flags _U_)
+{
+  struct wg_iograph *graph = (struct wg_iograph *)g;
+  int idx;
+  bool update_succeeded;
+
+  idx = get_io_graph_index(pinfo, graph->interval);
+  if (idx < 0 || idx >= WG_IOGRAPH_MAX_ITEMS)
+    return TAP_PACKET_DONT_REDRAW;
+
+  if (idx + 1 > graph->num_items)
+  {
+    if (idx + 1 > graph->space_items)
+    {
+      int new_size = idx + 1024;
+
+      graph->items = (io_graph_item_t *)g_realloc(graph->items, sizeof(io_graph_item_t) * new_size);
+      reset_io_graph_items(&graph->items[graph->space_items], new_size - graph->space_items);
+
+      graph->space_items = new_size;
+    }
+    else if (graph->items == NULL)
+    {
+      graph->items = g_new(io_graph_item_t, graph->space_items);
+      reset_io_graph_items(graph->items, graph->space_items);
+    }
+
+    graph->num_items = idx + 1;
+  }
+
+  update_succeeded = update_io_graph_item(graph->items, idx, pinfo, edt, graph->hf_index, graph->calc_type, graph->interval);
+  /* XXX - TAP_PACKET_FAILED if the item couldn't be updated, with an error message? */
+  return update_succeeded ? TAP_PACKET_REDRAW : TAP_PACKET_DONT_REDRAW;
+}
+
+/**
+ * wg_session_process_iograph()
+ *
+ * Process iograph request
+ *
+ * Input:
+ *   (o) interval - interval time in ms, if not specified: 1000ms
+ *   (m) graph0             - First graph request
+ *   (o) graph1...graph9    - Other graph requests
+ *   (o) filter0            - First graph filter
+ *   (o) filter1...filter9  - Other graph filters
+ *
+ * Graph requests can be one of: "packets", "bytes", "bits", "sum:<field>", "frames:<field>", "max:<field>", "min:<field>", "avg:<field>", "load:<field>",
+ * if you use variant with <field>, you need to pass field name in filter request.
+ *
+ * Output object with attributes:
+ *       error   - graph cannot be constructed
+ *   (m) iograph - array of graph results with attributes:
+ *                  items  - graph values, zeros are skipped, if value is not a number it's next index encoded as hex string
+ */
+IoGraphResult wg_session_process_iograph(capture_file *cfile, MapInput input)
+{
+  IoGraphResult buf;
+  // interval should be an integer
+  const char *tok_interval = input["interval"].c_str();
+  struct wg_iograph graphs[10];
+  bool is_any_ok = false;
+  int graph_count;
+
+  guint32 interval_ms = 1000; /* default: one per second */
+  int i;
+
+  if (tok_interval)
+    ws_strtou32(tok_interval, NULL, &interval_ms);
+
+  for (i = graph_count = 0; i < (int)G_N_ELEMENTS(graphs); i++)
+  {
+    struct wg_iograph *graph = &graphs[graph_count];
+
+    const char *tok_graph;
+    const char *tok_filter;
+    char tok_format_buf[32];
+    const char *field_name;
+
+    snprintf(tok_format_buf, sizeof(tok_format_buf), "graph%d", i);
+    tok_graph = input[tok_format_buf].c_str();
+    if (!tok_graph)
+      break;
+
+    snprintf(tok_format_buf, sizeof(tok_format_buf), "filter%d", i);
+    tok_filter = input[tok_format_buf].c_str();
+
+    if (!strcmp(tok_graph, "packets"))
+      graph->calc_type = IOG_ITEM_UNIT_PACKETS;
+    else if (!strcmp(tok_graph, "bytes"))
+      graph->calc_type = IOG_ITEM_UNIT_BYTES;
+    else if (!strcmp(tok_graph, "bits"))
+      graph->calc_type = IOG_ITEM_UNIT_BITS;
+    else if (g_str_has_prefix(tok_graph, "sum:"))
+      graph->calc_type = IOG_ITEM_UNIT_CALC_SUM;
+    else if (g_str_has_prefix(tok_graph, "frames:"))
+      graph->calc_type = IOG_ITEM_UNIT_CALC_FRAMES;
+    else if (g_str_has_prefix(tok_graph, "fields:"))
+      graph->calc_type = IOG_ITEM_UNIT_CALC_FIELDS;
+    else if (g_str_has_prefix(tok_graph, "max:"))
+      graph->calc_type = IOG_ITEM_UNIT_CALC_MAX;
+    else if (g_str_has_prefix(tok_graph, "min:"))
+      graph->calc_type = IOG_ITEM_UNIT_CALC_MIN;
+    else if (g_str_has_prefix(tok_graph, "avg:"))
+      graph->calc_type = IOG_ITEM_UNIT_CALC_AVERAGE;
+    else if (g_str_has_prefix(tok_graph, "load:"))
+      graph->calc_type = IOG_ITEM_UNIT_CALC_LOAD;
+    else
+      break;
+
+    field_name = strchr(tok_graph, ':');
+    if (field_name)
+      field_name = field_name + 1;
+
+    graph->interval = interval_ms;
+
+    graph->hf_index = -1;
+    graph->error = check_field_unit(field_name, &graph->hf_index, graph->calc_type);
+
+    graph->space_items = 0; /* TODO, can avoid realloc()s in wg_iograph_packet() by calculating: capture_time / interval */
+    graph->num_items = 0;
+    graph->items = NULL;
+
+    if (!graph->error)
+      graph->error = register_tap_listener(
+        "frame",
+        graph,
+        tok_filter,
+        TL_REQUIRES_PROTO_TREE,
+        NULL,
+        wg_iograph_packet,
+        NULL,
+        NULL
+      );
+
+    graph_count++;
+
+    if (graph->error)
+    {
+      buf.error = graph->error->str;
+      return buf;
+    }
+
+    if (graph->error == NULL)
+      is_any_ok = true;
+  }
+
+  /* retap only if we have at least one ok */
+  if (is_any_ok)
+    wg_retap(cfile);
+
+  for (i = 0; i < graph_count; i++)
+  {
+    struct wg_iograph *graph = &graphs[i];
+    IoGraph g;
+
+    if (graph->error)
+    {
+      g_string_free(graph->error, true);
+      buf.error = g_strdup_printf("Error processing graph %d", i);
+      return buf;
+    }
+    else
+    {
+      int idx;
+      int next_idx = 0;
+
+      for (idx = 0; idx < graph->num_items; idx++)
+      {
+        double val;
+
+        val = get_io_graph_item(
+          graph->items,
+          graph->calc_type,
+          idx,
+          graph->hf_index,
+          cfile,
+          graph->interval,
+          graph->num_items
+        );
+
+        /* if it's zero, don't display */
+        if (val == 0.0)
+          continue;
+
+        /* cause zeros are not printed, need to output index */
+        if (next_idx != idx) {
+          g.items.push_back(idx);
+        }
+        g.items.push_back(val);
+        next_idx = idx + 1;
+      }
+    }
+    buf.iograph.push_back(g);
+    remove_tap_listener(graph);
+    g_free(graph->items);
+  }
+  return buf;
+}

lib/wiregasm/lib.h

@@ -4,6 +4,7 @@
 #include <glib.h>
 #include <epan/timestamp.h>
 #include <wiretap/wtap.h>
+#include <epan/epan_dissect.h>
 #include <epan/epan.h>
 #include <wireshark/cfile.h>
 #include <epan/addr_resolv.h>
@@ -15,13 +16,16 @@
 #include <epan/color_filters.h>
 #include <wsutil/filesystem.h>
 #include <epan/tap.h>
+#include <epan/conversation_table.h>
+#include <epan/maxmind_db.h>
+#include <common/io_graph_item.h>
 #include <common/frame_tvbuff.h>
-#include <epan/epan_dissect.h>
 #include <epan/tvbuff.h>
 #include <common/summary.h>
 #include <epan/exceptions.h>
 #include <epan/follow.h>
 #include <epan/expert.h>
+#include <wsutil/strtoi.h>
 #include "wiregasm.h"
 
 // callbacks, defined in lib.js (added through --js-library)
@@ -72,7 +76,8 @@ Frame wg_process_frame(capture_file *cfile, guint32 framenum, char **err_ret);
 Follow wg_process_follow(capture_file *cfile, const char *follow, const char *filter, char **err_ret);
 bool wg_session_eo_retap_listener(capture_file *cfile, const char *tap_type, char **err_ret);
 DownloadResponse wg_session_process_download(capture_file *cfile, const char *token);
-TapResponse wg_session_process_tap(capture_file *cfile, TapInput taps);
+TapResponse wg_session_process_tap(capture_file *cfile, MapInput taps);
+IoGraphResult wg_session_process_iograph(capture_file *cfile, MapInput input);
 vector<CompleteField> wg_session_process_complete(const char *field);
 void cf_close(capture_file *cf);
 

lib/wiregasm/wiregasm.cpp

@@ -480,7 +480,7 @@ Frame DissectSession::getFrame(int number)
   return f;
 }
 
-TapResponse DissectSession::tap(TapInput taps)
+TapResponse DissectSession::tap(MapInput taps)
 {
   return wg_session_process_tap(&this->capture_file, taps);
 }
@@ -510,3 +510,13 @@ FilterCompletionResponse wg_complete_filter(string field)
   res.fields = wg_session_process_complete(field.c_str());
   return res;
 }
+
+// {"graph0":"packets","filter0":"frame.number<=100"}
+IoGraphResult DissectSession::iograph(MapInput args)
+{
+  if (args["interval"].empty())
+  {
+    args["interval"] = "1000";
+  }
+  return wg_session_process_iograph(&this->capture_file, args);
+}

lib/wiregasm/wiregasm.h

@@ -104,6 +104,17 @@ struct CheckFilterResponse
   string error;
 };
 
+struct IoGraph
+{
+  vector<float> items;
+};
+
+struct IoGraphResult
+{
+  string error;
+  vector<IoGraph> iograph;
+};
+
 // base struct
 struct TapValue {
   string tap;
@@ -174,8 +185,7 @@ struct TapResponse {
 };
 
 
-using TapInput = std::map<string, string>;
-
+using MapInput = std::map<string, string>;
 
 struct PrefEnum
 {
@@ -271,7 +281,8 @@ class DissectSession
   FramesResponse getFrames(string filter, int skip, int limit);
   Frame getFrame(int number);
   Follow follow(string follow, string filter);
-  TapResponse tap(TapInput taps);
+  TapResponse tap(MapInput taps);
+  IoGraphResult iograph(MapInput args);
   DownloadResponse download(string token);
   ~DissectSession();
 };