Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame^] | 1 | -- Split trace based on SCCP Source |
| 2 | do |
| 3 | local function init_listener() |
| 4 | print("CREATED LISTENER") |
| 5 | local tap = Listener.new("ip", "sccp && (ip.src == 172.16.1.81 || ip.dst == 172.16.1.81)") |
| 6 | local sccp_type_field = Field.new("sccp.message_type") |
| 7 | local sccp_src_field = Field.new("sccp.slr") |
| 8 | local sccp_dst_field = Field.new("sccp.dlr") |
| 9 | local msg_type_field = Field.new("gsm_a.dtap_msg_mm_type") |
| 10 | local lu_rej_field = Field.new("gsm_a.dtap.rej_cause") |
| 11 | local ip_src_field = Field.new("ip.src") |
| 12 | local ip_dst_field = Field.new("ip.dst") |
| 13 | |
| 14 | local connections = {} |
| 15 | |
| 16 | function check_failure(con) |
| 17 | local msg_type = msg_type_field() |
| 18 | if not msg_type then |
| 19 | return |
| 20 | end |
| 21 | |
| 22 | msg_type = tonumber(tostring(msg_type)) |
| 23 | if msg_type == 0x04 then |
| 24 | print("LU REJECT with " .. tostring(lu_rej_field())) |
| 25 | con[4] = true |
| 26 | end |
| 27 | end |
| 28 | |
| 29 | function tap.packet(pinfo,tvb,ip) |
| 30 | local ip_src = tostring(ip_src_field()) |
| 31 | local ip_dst = tostring(ip_dst_field()) |
| 32 | local sccp_type = tonumber(tostring(sccp_type_field())) |
| 33 | local sccp_src = sccp_src_field() |
| 34 | local sccp_dst = sccp_dst_field() |
| 35 | |
| 36 | local con |
| 37 | |
| 38 | if sccp_type == 0x01 then |
| 39 | elseif sccp_type == 0x2 then |
| 40 | local src = string.format("%s-%s", ip_src, tostring(sccp_src)) |
| 41 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 42 | local datestring = os.date("%Y%m%d%H%M%S") |
| 43 | local pcap_name = string.format("alink_trace_%s-%s_%s.pcap", src, dst, datestring) |
| 44 | local dumper = Dumper.new_for_current(pcap_name) |
| 45 | |
| 46 | local con = { ip_src, tostring(sccp_src), tostring(sccp_dst), false, dumper, pcap_name } |
| 47 | |
| 48 | dumper:dump_current() |
| 49 | connections[src] = con |
| 50 | connections[dst] = con |
| 51 | elseif sccp_type == 0x4 then |
| 52 | -- close a connection... remove it from the list |
| 53 | local src = string.format("%s-%s", ip_src, tostring(sccp_src)) |
| 54 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 55 | |
| 56 | local con = connections[src] |
| 57 | if not con then |
| 58 | return |
| 59 | end |
| 60 | |
| 61 | con[5]:dump_current() |
| 62 | con[5]:flush() |
| 63 | |
| 64 | -- this causes a crash on unpacted wireshark |
| 65 | con[5]:close() |
| 66 | |
| 67 | -- the connection had a failure |
| 68 | if con[4] == true then |
| 69 | local datestring = os.date("%Y%m%d%H%M%S") |
| 70 | local new_name = string.format("alink_failure_%s_%s-%s.pcap", datestring, con[2], con[3]) |
| 71 | os.rename(con[6], new_name) |
| 72 | else |
| 73 | os.remove(con[6]) |
| 74 | end |
| 75 | |
| 76 | |
| 77 | -- clear the old connection |
| 78 | connections[src] = nil |
| 79 | connections[dst] = nil |
| 80 | |
| 81 | elseif sccp_type == 0x5 then |
| 82 | -- not handled yet... we should verify stuff here... |
| 83 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 84 | local con = connections[dst] |
| 85 | if not con then |
| 86 | return |
| 87 | end |
| 88 | con[5]:dump_current() |
| 89 | elseif sccp_type == 0x6 then |
| 90 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 91 | local con = connections[dst] |
| 92 | if not con then |
| 93 | print("DON'T KNOW THIS CONNECTION for " .. ip_dst) |
| 94 | return |
| 95 | end |
| 96 | con[5]:dump_current() |
| 97 | check_failure(con) |
| 98 | end |
| 99 | |
| 100 | end |
| 101 | function tap.draw() |
| 102 | print("DRAW") |
| 103 | end |
| 104 | function tap.reset() |
| 105 | print("RESET") |
| 106 | end |
| 107 | end |
| 108 | |
| 109 | init_listener() |
| 110 | end |