Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 1 | -- Split trace based on SCCP Source |
Holger Hans Peter Freyther | babb528 | 2010-10-20 19:21:49 +0200 | [diff] [blame] | 2 | -- There are still bugs to find... bugs bugs bugs... hmm |
Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 3 | do |
| 4 | local function init_listener() |
| 5 | print("CREATED LISTENER") |
Holger Hans Peter Freyther | f62d31f | 2010-10-20 18:57:17 +0200 | [diff] [blame] | 6 | local tap = Listener.new("ip", "sccp && (ip.src == 172.16.1.81 || ip.dst == 172.16.1.81)") |
Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 7 | local sccp_type_field = Field.new("sccp.message_type") |
| 8 | local sccp_src_field = Field.new("sccp.slr") |
| 9 | local sccp_dst_field = Field.new("sccp.dlr") |
| 10 | local msg_type_field = Field.new("gsm_a.dtap_msg_mm_type") |
| 11 | local lu_rej_field = Field.new("gsm_a.dtap.rej_cause") |
| 12 | local ip_src_field = Field.new("ip.src") |
| 13 | local ip_dst_field = Field.new("ip.dst") |
| 14 | |
Holger Hans Peter Freyther | 8d4696f | 2010-10-20 18:58:12 +0200 | [diff] [blame] | 15 | -- |
| 16 | local bssmap_msgtype_field = Field.new("gsm_a.bssmap_msgtype") |
| 17 | -- assignment failure 0x03 |
| 18 | -- |
| 19 | |
| 20 | -- |
| 21 | local dtap_cause_field = Field.new("gsm_a_dtap.cause") |
| 22 | local dtap_cc_field = Field.new("gsm_a.dtap_msg_cc_type") |
| 23 | |
Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 24 | local connections = {} |
| 25 | |
| 26 | function check_failure(con) |
Holger Hans Peter Freyther | 8d4696f | 2010-10-20 18:58:12 +0200 | [diff] [blame] | 27 | check_lu_reject(con) |
| 28 | check_disconnect(con) |
Holger Hans Peter Freyther | 0c0fb1e | 2010-10-20 19:15:06 +0200 | [diff] [blame] | 29 | check_failures(con) |
Holger Hans Peter Freyther | d84fcba | 2010-10-20 19:08:49 +0200 | [diff] [blame] | 30 | end |
| 31 | |
| 32 | -- cipher mode reject |
Holger Hans Peter Freyther | 0c0fb1e | 2010-10-20 19:15:06 +0200 | [diff] [blame] | 33 | function check_failures(con) |
Holger Hans Peter Freyther | d84fcba | 2010-10-20 19:08:49 +0200 | [diff] [blame] | 34 | local msgtype = bssmap_msgtype_field() |
| 35 | if not msgtype then |
| 36 | return |
| 37 | end |
| 38 | |
Holger Hans Peter Freyther | 0c0fb1e | 2010-10-20 19:15:06 +0200 | [diff] [blame] | 39 | msgtype = tonumber(msgtype) |
| 40 | if msgtype == 89 then |
| 41 | print("Cipher mode reject") |
Holger Hans Peter Freyther | d84fcba | 2010-10-20 19:08:49 +0200 | [diff] [blame] | 42 | con[4] = true |
Holger Hans Peter Freyther | 0c0fb1e | 2010-10-20 19:15:06 +0200 | [diff] [blame] | 43 | elseif msgtype == 0x03 then |
| 44 | print("Assignment failure") |
Holger Hans Peter Freyther | 33e4281 | 2010-10-20 19:06:50 +0200 | [diff] [blame] | 45 | con[4] = true |
Holger Hans Peter Freyther | 5a7d48d | 2010-10-20 19:17:11 +0200 | [diff] [blame] | 46 | elseif msgtype == 0x22 then |
| 47 | print("Clear Request... RF failure?") |
| 48 | con[4] = true |
Holger Hans Peter Freyther | 33e4281 | 2010-10-20 19:06:50 +0200 | [diff] [blame] | 49 | end |
Holger Hans Peter Freyther | 8d4696f | 2010-10-20 18:58:12 +0200 | [diff] [blame] | 50 | end |
| 51 | |
| 52 | -- check if a DISCONNECT is normal |
| 53 | function check_disconnect(con) |
| 54 | local msg_type = dtap_cc_field() |
| 55 | if not msg_type then |
| 56 | return |
| 57 | end |
| 58 | |
| 59 | if tonumber(msg_type) ~= 0x25 then |
| 60 | return |
| 61 | end |
| 62 | |
| 63 | local cause = dtap_cause_field() |
| 64 | if not cause then |
| 65 | return |
| 66 | end |
| 67 | |
| 68 | cause = tonumber(cause) |
| 69 | if cause ~= 0x10 then |
| 70 | print("DISCONNECT != Normal") |
| 71 | con[4] = true |
| 72 | end |
| 73 | end |
| 74 | |
| 75 | -- check if we have a LU Reject |
| 76 | function check_lu_reject(con) |
Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 77 | local msg_type = msg_type_field() |
| 78 | if not msg_type then |
| 79 | return |
| 80 | end |
| 81 | |
| 82 | msg_type = tonumber(tostring(msg_type)) |
| 83 | if msg_type == 0x04 then |
| 84 | print("LU REJECT with " .. tostring(lu_rej_field())) |
| 85 | con[4] = true |
| 86 | end |
| 87 | end |
| 88 | |
| 89 | function tap.packet(pinfo,tvb,ip) |
| 90 | local ip_src = tostring(ip_src_field()) |
| 91 | local ip_dst = tostring(ip_dst_field()) |
| 92 | local sccp_type = tonumber(tostring(sccp_type_field())) |
| 93 | local sccp_src = sccp_src_field() |
| 94 | local sccp_dst = sccp_dst_field() |
| 95 | |
| 96 | local con |
| 97 | |
| 98 | if sccp_type == 0x01 then |
| 99 | elseif sccp_type == 0x2 then |
| 100 | local src = string.format("%s-%s", ip_src, tostring(sccp_src)) |
| 101 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 102 | local datestring = os.date("%Y%m%d%H%M%S") |
| 103 | local pcap_name = string.format("alink_trace_%s-%s_%s.pcap", src, dst, datestring) |
| 104 | local dumper = Dumper.new_for_current(pcap_name) |
| 105 | |
| 106 | local con = { ip_src, tostring(sccp_src), tostring(sccp_dst), false, dumper, pcap_name } |
| 107 | |
| 108 | dumper:dump_current() |
| 109 | connections[src] = con |
| 110 | connections[dst] = con |
| 111 | elseif sccp_type == 0x4 then |
| 112 | -- close a connection... remove it from the list |
| 113 | local src = string.format("%s-%s", ip_src, tostring(sccp_src)) |
| 114 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 115 | |
| 116 | local con = connections[src] |
| 117 | if not con then |
| 118 | return |
| 119 | end |
| 120 | |
| 121 | con[5]:dump_current() |
| 122 | con[5]:flush() |
| 123 | |
| 124 | -- this causes a crash on unpacted wireshark |
| 125 | con[5]:close() |
| 126 | |
| 127 | -- the connection had a failure |
| 128 | if con[4] == true then |
| 129 | local datestring = os.date("%Y%m%d%H%M%S") |
| 130 | local new_name = string.format("alink_failure_%s_%s-%s.pcap", datestring, con[2], con[3]) |
| 131 | os.rename(con[6], new_name) |
| 132 | else |
| 133 | os.remove(con[6]) |
| 134 | end |
| 135 | |
| 136 | |
| 137 | -- clear the old connection |
| 138 | connections[src] = nil |
| 139 | connections[dst] = nil |
| 140 | |
| 141 | elseif sccp_type == 0x5 then |
| 142 | -- not handled yet... we should verify stuff here... |
| 143 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 144 | local con = connections[dst] |
| 145 | if not con then |
| 146 | return |
| 147 | end |
| 148 | con[5]:dump_current() |
| 149 | elseif sccp_type == 0x6 then |
| 150 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 151 | local con = connections[dst] |
| 152 | if not con then |
| 153 | print("DON'T KNOW THIS CONNECTION for " .. ip_dst) |
| 154 | return |
| 155 | end |
| 156 | con[5]:dump_current() |
| 157 | check_failure(con) |
| 158 | end |
| 159 | |
| 160 | end |
| 161 | function tap.draw() |
| 162 | print("DRAW") |
| 163 | end |
| 164 | function tap.reset() |
| 165 | print("RESET") |
| 166 | end |
| 167 | end |
| 168 | |
| 169 | init_listener() |
| 170 | end |