Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 1 | -- Split trace based on SCCP Source |
| 2 | do |
| 3 | local function init_listener() |
| 4 | print("CREATED LISTENER") |
Holger Hans Peter Freyther | f62d31f | 2010-10-20 18:57:17 +0200 | [diff] [blame] | 5 | local tap = Listener.new("ip", "sccp && (ip.src == 172.16.1.81 || ip.dst == 172.16.1.81)") |
Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 6 | local sccp_type_field = Field.new("sccp.message_type") |
| 7 | local sccp_src_field = Field.new("sccp.slr") |
| 8 | local sccp_dst_field = Field.new("sccp.dlr") |
| 9 | local msg_type_field = Field.new("gsm_a.dtap_msg_mm_type") |
| 10 | local lu_rej_field = Field.new("gsm_a.dtap.rej_cause") |
| 11 | local ip_src_field = Field.new("ip.src") |
| 12 | local ip_dst_field = Field.new("ip.dst") |
| 13 | |
Holger Hans Peter Freyther | 8d4696f | 2010-10-20 18:58:12 +0200 | [diff] [blame] | 14 | -- |
| 15 | local bssmap_msgtype_field = Field.new("gsm_a.bssmap_msgtype") |
| 16 | -- assignment failure 0x03 |
| 17 | -- |
| 18 | |
| 19 | -- |
| 20 | local dtap_cause_field = Field.new("gsm_a_dtap.cause") |
| 21 | local dtap_cc_field = Field.new("gsm_a.dtap_msg_cc_type") |
| 22 | |
Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 23 | local connections = {} |
| 24 | |
| 25 | function check_failure(con) |
Holger Hans Peter Freyther | 8d4696f | 2010-10-20 18:58:12 +0200 | [diff] [blame] | 26 | check_lu_reject(con) |
| 27 | check_disconnect(con) |
Holger Hans Peter Freyther | 0c0fb1e | 2010-10-20 19:15:06 +0200 | [diff] [blame] | 28 | check_failures(con) |
Holger Hans Peter Freyther | d84fcba | 2010-10-20 19:08:49 +0200 | [diff] [blame] | 29 | end |
| 30 | |
| 31 | -- cipher mode reject |
Holger Hans Peter Freyther | 0c0fb1e | 2010-10-20 19:15:06 +0200 | [diff] [blame] | 32 | function check_failures(con) |
Holger Hans Peter Freyther | d84fcba | 2010-10-20 19:08:49 +0200 | [diff] [blame] | 33 | local msgtype = bssmap_msgtype_field() |
| 34 | if not msgtype then |
| 35 | return |
| 36 | end |
| 37 | |
Holger Hans Peter Freyther | 0c0fb1e | 2010-10-20 19:15:06 +0200 | [diff] [blame] | 38 | msgtype = tonumber(msgtype) |
| 39 | if msgtype == 89 then |
| 40 | print("Cipher mode reject") |
Holger Hans Peter Freyther | d84fcba | 2010-10-20 19:08:49 +0200 | [diff] [blame] | 41 | con[4] = true |
Holger Hans Peter Freyther | 0c0fb1e | 2010-10-20 19:15:06 +0200 | [diff] [blame] | 42 | elseif msgtype == 0x03 then |
| 43 | print("Assignment failure") |
Holger Hans Peter Freyther | 33e4281 | 2010-10-20 19:06:50 +0200 | [diff] [blame] | 44 | con[4] = true |
Holger Hans Peter Freyther | 5a7d48d | 2010-10-20 19:17:11 +0200 | [diff] [blame^] | 45 | elseif msgtype == 0x22 then |
| 46 | print("Clear Request... RF failure?") |
| 47 | con[4] = true |
Holger Hans Peter Freyther | 33e4281 | 2010-10-20 19:06:50 +0200 | [diff] [blame] | 48 | end |
Holger Hans Peter Freyther | 8d4696f | 2010-10-20 18:58:12 +0200 | [diff] [blame] | 49 | end |
| 50 | |
| 51 | -- check if a DISCONNECT is normal |
| 52 | function check_disconnect(con) |
| 53 | local msg_type = dtap_cc_field() |
| 54 | if not msg_type then |
| 55 | return |
| 56 | end |
| 57 | |
| 58 | if tonumber(msg_type) ~= 0x25 then |
| 59 | return |
| 60 | end |
| 61 | |
| 62 | local cause = dtap_cause_field() |
| 63 | if not cause then |
| 64 | return |
| 65 | end |
| 66 | |
| 67 | cause = tonumber(cause) |
| 68 | if cause ~= 0x10 then |
| 69 | print("DISCONNECT != Normal") |
| 70 | con[4] = true |
| 71 | end |
| 72 | end |
| 73 | |
| 74 | -- check if we have a LU Reject |
| 75 | function check_lu_reject(con) |
Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 76 | local msg_type = msg_type_field() |
| 77 | if not msg_type then |
| 78 | return |
| 79 | end |
| 80 | |
| 81 | msg_type = tonumber(tostring(msg_type)) |
| 82 | if msg_type == 0x04 then |
| 83 | print("LU REJECT with " .. tostring(lu_rej_field())) |
| 84 | con[4] = true |
| 85 | end |
| 86 | end |
| 87 | |
| 88 | function tap.packet(pinfo,tvb,ip) |
| 89 | local ip_src = tostring(ip_src_field()) |
| 90 | local ip_dst = tostring(ip_dst_field()) |
| 91 | local sccp_type = tonumber(tostring(sccp_type_field())) |
| 92 | local sccp_src = sccp_src_field() |
| 93 | local sccp_dst = sccp_dst_field() |
| 94 | |
| 95 | local con |
| 96 | |
| 97 | if sccp_type == 0x01 then |
| 98 | elseif sccp_type == 0x2 then |
| 99 | local src = string.format("%s-%s", ip_src, tostring(sccp_src)) |
| 100 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 101 | local datestring = os.date("%Y%m%d%H%M%S") |
| 102 | local pcap_name = string.format("alink_trace_%s-%s_%s.pcap", src, dst, datestring) |
| 103 | local dumper = Dumper.new_for_current(pcap_name) |
| 104 | |
| 105 | local con = { ip_src, tostring(sccp_src), tostring(sccp_dst), false, dumper, pcap_name } |
| 106 | |
| 107 | dumper:dump_current() |
| 108 | connections[src] = con |
| 109 | connections[dst] = con |
| 110 | elseif sccp_type == 0x4 then |
| 111 | -- close a connection... remove it from the list |
| 112 | local src = string.format("%s-%s", ip_src, tostring(sccp_src)) |
| 113 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 114 | |
| 115 | local con = connections[src] |
| 116 | if not con then |
| 117 | return |
| 118 | end |
| 119 | |
| 120 | con[5]:dump_current() |
| 121 | con[5]:flush() |
| 122 | |
| 123 | -- this causes a crash on unpacted wireshark |
| 124 | con[5]:close() |
| 125 | |
| 126 | -- the connection had a failure |
| 127 | if con[4] == true then |
| 128 | local datestring = os.date("%Y%m%d%H%M%S") |
| 129 | local new_name = string.format("alink_failure_%s_%s-%s.pcap", datestring, con[2], con[3]) |
| 130 | os.rename(con[6], new_name) |
| 131 | else |
| 132 | os.remove(con[6]) |
| 133 | end |
| 134 | |
| 135 | |
| 136 | -- clear the old connection |
| 137 | connections[src] = nil |
| 138 | connections[dst] = nil |
| 139 | |
| 140 | elseif sccp_type == 0x5 then |
| 141 | -- not handled yet... we should verify stuff here... |
| 142 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 143 | local con = connections[dst] |
| 144 | if not con then |
| 145 | return |
| 146 | end |
| 147 | con[5]:dump_current() |
| 148 | elseif sccp_type == 0x6 then |
| 149 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 150 | local con = connections[dst] |
| 151 | if not con then |
| 152 | print("DON'T KNOW THIS CONNECTION for " .. ip_dst) |
| 153 | return |
| 154 | end |
| 155 | con[5]:dump_current() |
| 156 | check_failure(con) |
| 157 | end |
| 158 | |
| 159 | end |
| 160 | function tap.draw() |
| 161 | print("DRAW") |
| 162 | end |
| 163 | function tap.reset() |
| 164 | print("RESET") |
| 165 | end |
| 166 | end |
| 167 | |
| 168 | init_listener() |
| 169 | end |