/src/wireshark/epan/dissectors/packet-ppcap.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* packet-ppcap.c |
2 | | * Copyright 2012, 2014, Ericsson AB |
3 | | * |
4 | | * Wireshark - Network traffic analyzer |
5 | | * By Gerald Combs <gerald@wireshark.org> |
6 | | * Copyright 1998 Gerald Combs |
7 | | * |
8 | | * SPDX-License-Identifier: GPL-2.0-or-later |
9 | | * |
10 | | */ |
11 | | |
12 | | #include "config.h" |
13 | | #include <epan/packet.h> |
14 | | #include <epan/address_types.h> |
15 | | #include "packet-mtp3.h" |
16 | | |
17 | 0 | #define INVALID_SSN 0xff |
18 | | |
19 | | void proto_register_ppcap(void); |
20 | | |
21 | | static uint8_t ssn; |
22 | | |
23 | | static dissector_handle_t ppcap_handle; |
24 | | static dissector_handle_t mtp3_handle; /* MTP3 handle */ |
25 | | static dissector_handle_t tcap_handle; /* TCAP handle */ |
26 | | static dissector_handle_t bssap_handle; /* BSSAP handle */ |
27 | | static dissector_handle_t ranap_handle; /* RANAP handle */ |
28 | | static dissector_handle_t h248_handle; /* H248 handle */ |
29 | | static dissector_handle_t sip_handle; /* SIP handle */ |
30 | | static dissector_handle_t sccp_handle; /* SCCP handle */ |
31 | | static dissector_handle_t sgsap_handle; /* SGSAP handle */ |
32 | | static dissector_handle_t gtpv2_handle; /* GTPv2 handle */ |
33 | | |
34 | | static dissector_table_t sccp_ssn_dissector_table; |
35 | | |
36 | | static mtp3_addr_pc_t* mtp3_addr_opc; |
37 | | static mtp3_addr_pc_t* mtp3_addr_dpc; |
38 | | |
39 | | static int ss7pc_address_type = -1; |
40 | | |
41 | | static int ett_ppcap; |
42 | | static int ett_ppcap1; |
43 | | static int ett_ppcap_new; |
44 | | |
45 | | static const value_string payload_tag_values[] = { |
46 | | { 1, "Payload Type"}, |
47 | | { 2, "Payload Data"}, |
48 | | { 3, "Source Address"}, |
49 | | { 4, "Destination Address"}, |
50 | | { 5, "Local Port"}, |
51 | | { 6, "Remote Port"}, |
52 | | { 7, "Transfer Protocol used for message"}, |
53 | | { 8, "SCTP association ID" }, |
54 | | {256, "Info String"}, |
55 | | {0, NULL}, |
56 | | |
57 | | }; |
58 | | |
59 | | static const value_string address_type_values[] = { |
60 | | {1, "SSN+SPC"}, |
61 | | {2, "SPC"}, |
62 | | {3, "IP Address"}, |
63 | | {4, "Node Id"}, |
64 | | {0, NULL}, |
65 | | |
66 | | }; |
67 | | |
68 | | /* Initialise the header fields */ |
69 | | |
70 | | static int proto_ppcap; |
71 | | static int hf_ppcap_length; |
72 | | static int hf_ppcap_payload_type; |
73 | | static int hf_ppcap_ssn; |
74 | | static int hf_ppcap_spc; |
75 | | static int hf_ppcap_ssn1; |
76 | | static int hf_ppcap_spc1; |
77 | | static int hf_ppcap_opc; |
78 | | static int hf_ppcap_dpc; |
79 | | static int hf_ppcap_source_nodeid; |
80 | | static int hf_ppcap_destination_nodeid; |
81 | | /*static int hf_ppcap_source_address_type; */ |
82 | | /*static int hf_ppcap_destination_address_type; */ |
83 | | static int hf_ppcap_address_type; |
84 | | static int hf_ppcap_source_ip_address1; |
85 | | static int hf_ppcap_source_ip_address2; |
86 | | static int hf_ppcap_destination_ip_address1; |
87 | | static int hf_ppcap_destination_ip_address2; |
88 | | static int hf_ppcap_reserved; |
89 | | static int hf_ppcap_destreserved; |
90 | | static int hf_ppcap_info; |
91 | | static int hf_ppcap_payload_data; |
92 | | static int hf_ppcap_local_port; |
93 | | static int hf_ppcap_remote_port; |
94 | | static int hf_ppcap_transport_prot; |
95 | | static int hf_ppcap_sctp_assoc; |
96 | | |
97 | | /* Initialize the subtree pointers */ |
98 | | |
99 | | void proto_reg_handoff_ppcap(void); |
100 | | |
101 | | |
102 | | /* PPCAP payload types */ |
103 | | typedef enum { |
104 | | PPCAP_UNKNOWN = 0, |
105 | | PPCAP_MTP3 = 1, |
106 | | PPCAP_TCAP = 2, |
107 | | PPCAP_BSSAP = 3, |
108 | | PPCAP_RANAP = 4, |
109 | | PPCAP_H248 = 5, |
110 | | PPCAP_SIP = 6, |
111 | | PPCAP_SCCP = 7, |
112 | | PPCAP_SGSAP = 8, |
113 | | PPCAP_GTPV2 = 9 |
114 | | } payload_type_type; |
115 | | |
116 | | static int dissect_ppcap_payload_type(tvbuff_t *, packet_info *, proto_tree *, int, payload_type_type *); |
117 | | static int dissect_ppcap_source_address(tvbuff_t *, packet_info *, proto_tree *, int); |
118 | | static int dissect_ppcap_destination_address(tvbuff_t *, packet_info *, proto_tree *, int); |
119 | | static int dissect_ppcap_info_string(tvbuff_t *, proto_tree *, int); |
120 | | static int dissect_ppcap_local_port(tvbuff_t *, proto_tree *, int); |
121 | | static int dissect_ppcap_remote_port(tvbuff_t *,proto_tree *, int); |
122 | | static int dissect_ppcap_transport_protocol(tvbuff_t *,proto_tree *, int); |
123 | | static int dissect_ppcap_sctp_assoc(tvbuff_t *, proto_tree *, int); |
124 | | static int dissect_ppcap_payload_data(tvbuff_t *, packet_info *, proto_tree *, int, proto_tree *, payload_type_type); |
125 | | |
126 | | /*Dissecting the function PPCAP */ |
127 | | |
128 | | static int |
129 | | dissect_ppcap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
130 | 0 | { |
131 | 0 | proto_item *ti; |
132 | 0 | proto_tree *ppcap_tree, *ppcap_tree1; |
133 | 0 | uint16_t msg_type; |
134 | 0 | int offset = 0; |
135 | 0 | payload_type_type payload_type = PPCAP_UNKNOWN; |
136 | |
|
137 | 0 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "PPCAP"); |
138 | 0 | col_clear(pinfo->cinfo, COL_INFO); |
139 | |
|
140 | 0 | ti = proto_tree_add_item(tree, proto_ppcap, tvb, 0, -1, ENC_NA); |
141 | 0 | ppcap_tree = proto_item_add_subtree(ti, ett_ppcap); |
142 | |
|
143 | 0 | while (tvb_reported_length_remaining(tvb, offset) > 0) |
144 | 0 | { |
145 | 0 | msg_type = tvb_get_ntohs(tvb, offset); |
146 | 0 | ppcap_tree1 = proto_tree_add_subtree(ppcap_tree, tvb, offset, 2, ett_ppcap1, NULL, |
147 | 0 | val_to_str(msg_type, payload_tag_values, "Unknown PPCAP message type (%u)")); |
148 | 0 | offset = offset + 2; |
149 | 0 | switch (msg_type) { |
150 | 0 | case 1: |
151 | 0 | payload_type = PPCAP_UNKNOWN; |
152 | 0 | offset = dissect_ppcap_payload_type(tvb, pinfo, ppcap_tree1, offset, &payload_type); |
153 | 0 | break; |
154 | 0 | case 2: |
155 | 0 | offset = dissect_ppcap_payload_data(tvb, pinfo, ppcap_tree1, offset, tree, payload_type); |
156 | 0 | break; |
157 | 0 | case 3: |
158 | 0 | offset = dissect_ppcap_source_address(tvb, pinfo, ppcap_tree1, offset); |
159 | 0 | break; |
160 | 0 | case 4: |
161 | 0 | offset = dissect_ppcap_destination_address(tvb, pinfo, ppcap_tree1, offset); |
162 | 0 | break; |
163 | 0 | case 5: |
164 | 0 | offset = dissect_ppcap_local_port(tvb,ppcap_tree1, offset); |
165 | 0 | break; |
166 | 0 | case 6: |
167 | 0 | offset = dissect_ppcap_remote_port(tvb,ppcap_tree1, offset); |
168 | 0 | break; |
169 | 0 | case 7: |
170 | 0 | offset = dissect_ppcap_transport_protocol(tvb,ppcap_tree1, offset); |
171 | 0 | break; |
172 | 0 | case 8: |
173 | 0 | offset = dissect_ppcap_sctp_assoc(tvb, ppcap_tree1, offset); |
174 | 0 | break; |
175 | 0 | case 256: |
176 | 0 | offset = dissect_ppcap_info_string(tvb, ppcap_tree1, offset); |
177 | 0 | break; |
178 | 0 | } |
179 | 0 | } |
180 | 0 | return tvb_captured_length(tvb); |
181 | 0 | } |
182 | | |
183 | | |
184 | | /* Dissecting the function Payload type to compare the protocol type */ |
185 | | |
186 | | /* |
187 | | ******************************************************* |
188 | | * Payload Type * |
189 | | * * |
190 | | ******************************************************* |
191 | | */ |
192 | | |
193 | | |
194 | | |
195 | | static int |
196 | | dissect_ppcap_payload_type(tvbuff_t *tvb, packet_info *pinfo, proto_tree * ppcap_tree1, int offset, payload_type_type *payload_type) |
197 | 0 | { |
198 | 0 | char *string; |
199 | 0 | uint16_t msg_len =0; |
200 | 0 | msg_len = tvb_get_ntohs(tvb, offset); |
201 | 0 | proto_tree_add_item( ppcap_tree1, hf_ppcap_length, tvb, offset, 2, ENC_BIG_ENDIAN); |
202 | 0 | offset = offset + 2; |
203 | 0 | string = tvb_get_string_enc(pinfo->pool, tvb, offset, msg_len, ENC_UTF_8|ENC_NA); |
204 | 0 | if (strcmp(string,"mtp3") == 0) { |
205 | 0 | *payload_type = PPCAP_MTP3; |
206 | 0 | }else if (strcmp(string,"tcap") == 0) { |
207 | 0 | *payload_type = PPCAP_TCAP; |
208 | 0 | }else if (strcmp(string,"bssap") == 0) { |
209 | 0 | *payload_type = PPCAP_BSSAP; |
210 | 0 | }else if (strcmp(string,"ranap") == 0) { |
211 | 0 | *payload_type = PPCAP_RANAP; |
212 | 0 | }else if (strcmp(string,"h248") == 0) { |
213 | 0 | *payload_type = PPCAP_H248; |
214 | 0 | }else if (strcmp(string,"sip") == 0) { |
215 | 0 | *payload_type = PPCAP_SIP; |
216 | 0 | }else if (strcmp(string,"sccp") == 0) { |
217 | 0 | *payload_type = PPCAP_SCCP; |
218 | 0 | }else if (strcmp(string, "sgsap") == 0) { |
219 | 0 | *payload_type = PPCAP_SGSAP; |
220 | 0 | }else if (strcmp(string, "gtpv2") == 0) { |
221 | 0 | *payload_type = PPCAP_GTPV2; |
222 | 0 | } |
223 | |
|
224 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_payload_type, tvb, offset, msg_len, ENC_UTF_8); |
225 | |
|
226 | 0 | if (msg_len%4) |
227 | 0 | msg_len = msg_len+(4-(msg_len%4)); |
228 | 0 | offset += msg_len; |
229 | 0 | return offset; |
230 | 0 | } |
231 | | |
232 | | /* Dissecting the function Source Address */ |
233 | | |
234 | | /* |
235 | | |
236 | | ******************************************************* |
237 | | * Reserved * Address Type * |
238 | | * * * |
239 | | ******************************************************* |
240 | | * Address Value * |
241 | | * * |
242 | | ******************************************************* |
243 | | */ |
244 | | |
245 | | static int |
246 | | dissect_ppcap_source_address(tvbuff_t *tvb, packet_info *pinfo, proto_tree * ppcap_tree1, int offset) |
247 | 0 | { |
248 | 0 | int key1; |
249 | 0 | uint16_t msg_len; |
250 | 0 | msg_len = tvb_get_ntohs(tvb, offset); |
251 | 0 | proto_tree_add_item( ppcap_tree1, hf_ppcap_length, tvb, offset, 2, ENC_BIG_ENDIAN); |
252 | 0 | offset = offset + 2; |
253 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_reserved, tvb, offset, 2, ENC_BIG_ENDIAN); |
254 | 0 | offset += 2; |
255 | |
|
256 | 0 | key1 = tvb_get_ntohs(tvb, offset); |
257 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_address_type, tvb, offset, 2, ENC_BIG_ENDIAN); |
258 | 0 | offset += 2; |
259 | |
|
260 | 0 | if (key1 == 1) |
261 | 0 | { |
262 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_ssn, tvb, offset, 1, ENC_BIG_ENDIAN); |
263 | 0 | offset += 1; |
264 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_spc, tvb, offset, 3, ENC_BIG_ENDIAN); |
265 | | /*src_addr1 = (uint32_t )tvb_get_ntoh24(tvb, offset);*/ |
266 | 0 | mtp3_addr_opc = wmem_new0(pinfo->pool, mtp3_addr_pc_t); |
267 | 0 | mtp3_addr_opc->pc = (uint32_t )tvb_get_ntoh24(tvb, offset); |
268 | 0 | mtp3_addr_opc->type = ITU_STANDARD; |
269 | 0 | mtp3_addr_opc->ni = 0; |
270 | | /*set_address(&pinfo->net_src, ss7pc_address_type, sizeof(mtp3_addr_pc_t), (uint8_t *) mtp3_addr_opc);*/ |
271 | 0 | set_address(&pinfo->src, ss7pc_address_type, sizeof(mtp3_addr_pc_t), (uint8_t *) mtp3_addr_opc); |
272 | 0 | if (msg_len%4) |
273 | 0 | msg_len = msg_len + (4 - (msg_len%4)); |
274 | |
|
275 | 0 | offset += msg_len-1; |
276 | 0 | return offset; |
277 | 0 | } |
278 | 0 | else if (key1 == 2) |
279 | 0 | { |
280 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_opc, tvb, offset, msg_len, ENC_BIG_ENDIAN); |
281 | | |
282 | | /*src_addr1 = (uint32_t )tvb_get_ntoh24(tvb, offset);*/ |
283 | 0 | mtp3_addr_opc = wmem_new0(pinfo->pool, mtp3_addr_pc_t); |
284 | 0 | mtp3_addr_opc->pc = tvb_get_ntohl(tvb, offset); |
285 | 0 | mtp3_addr_opc->type = ITU_STANDARD; |
286 | 0 | mtp3_addr_opc->ni = 0; |
287 | 0 | set_address(&pinfo->src, ss7pc_address_type, sizeof(mtp3_addr_pc_t), (uint8_t *) mtp3_addr_opc); |
288 | 0 | } |
289 | 0 | else if (key1 == 3) |
290 | 0 | { |
291 | 0 | if (msg_len%16 != 0) |
292 | 0 | { |
293 | |
|
294 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_source_ip_address1, tvb, offset, msg_len, ENC_NA); |
295 | 0 | set_address_tvb(&pinfo->net_src, AT_IPv4, 4, tvb, offset); |
296 | 0 | copy_address_shallow(&pinfo->src, &pinfo->net_src); |
297 | 0 | } |
298 | 0 | else |
299 | 0 | { |
300 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_source_ip_address2, tvb, offset, msg_len, ENC_NA); |
301 | 0 | set_address_tvb(&pinfo->net_src, AT_IPv6, 6, tvb, offset); |
302 | 0 | copy_address_shallow(&pinfo->src, &pinfo->net_src); |
303 | 0 | } |
304 | 0 | } |
305 | | |
306 | 0 | else if (key1 == 4) |
307 | | |
308 | 0 | { |
309 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_source_nodeid, tvb, offset, msg_len, ENC_ASCII); |
310 | 0 | set_address_tvb(&pinfo->net_src, AT_STRINGZ, msg_len, tvb, offset); |
311 | 0 | copy_address_shallow(&pinfo->src, &pinfo->net_src); |
312 | 0 | } |
313 | 0 | if (msg_len%4) |
314 | 0 | msg_len = msg_len + (4 - (msg_len%4)); |
315 | 0 | offset += msg_len; |
316 | 0 | return offset; |
317 | 0 | } |
318 | | |
319 | | /* Dissecting the function Destination Address */ |
320 | | |
321 | | /* |
322 | | ******************************************************* |
323 | | * Reserved * Address Type * |
324 | | * * * |
325 | | ******************************************************* |
326 | | * Address Value * |
327 | | * * |
328 | | ******************************************************* |
329 | | */ |
330 | | |
331 | | |
332 | | static int |
333 | | dissect_ppcap_destination_address(tvbuff_t *tvb, packet_info * pinfo, proto_tree * ppcap_tree1, int offset) |
334 | 0 | { |
335 | 0 | int key2; |
336 | 0 | uint16_t msg_len; |
337 | 0 | msg_len = tvb_get_ntohs(tvb, offset); |
338 | 0 | proto_tree_add_item( ppcap_tree1, hf_ppcap_length, tvb, offset, 2, ENC_BIG_ENDIAN); |
339 | 0 | offset = offset + 2; |
340 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_destreserved, tvb, offset, 2, ENC_BIG_ENDIAN); |
341 | 0 | offset += 2; |
342 | |
|
343 | 0 | key2 = tvb_get_ntohs(tvb, offset); |
344 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_address_type, tvb, offset, 2, ENC_BIG_ENDIAN); |
345 | 0 | offset += 2; |
346 | |
|
347 | 0 | if (key2 == 1) |
348 | 0 | { |
349 | 0 | ssn = tvb_get_uint8(tvb, offset); |
350 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_ssn1, tvb, offset, 1, ENC_BIG_ENDIAN); |
351 | 0 | offset += 1; |
352 | |
|
353 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_spc1, tvb, offset, 3, ENC_BIG_ENDIAN); |
354 | | |
355 | | /*dst_addr1 = (uint32_t )tvb_get_ntoh24(tvb, offset);*/ |
356 | 0 | mtp3_addr_dpc = wmem_new0(pinfo->pool, mtp3_addr_pc_t); |
357 | 0 | mtp3_addr_dpc->pc = (uint32_t)tvb_get_ntoh24(tvb, offset); |
358 | 0 | mtp3_addr_dpc->type = ITU_STANDARD; |
359 | 0 | mtp3_addr_dpc->ni = 0; |
360 | 0 | set_address(&pinfo->dst, ss7pc_address_type, sizeof(mtp3_addr_pc_t), (uint8_t *) mtp3_addr_dpc); |
361 | |
|
362 | 0 | if (msg_len%4) |
363 | 0 | msg_len = msg_len + (4 - (msg_len%4)); |
364 | |
|
365 | 0 | offset += msg_len-1; |
366 | 0 | return offset; |
367 | |
|
368 | 0 | } |
369 | 0 | else if (key2 == 2) |
370 | 0 | { |
371 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_dpc, tvb, offset, 4, ENC_BIG_ENDIAN); |
372 | | |
373 | | /*dst_addr1 = (uint32_t )tvb_get_ntoh24(tvb, offset);*/ |
374 | 0 | mtp3_addr_dpc = wmem_new0(pinfo->pool, mtp3_addr_pc_t); |
375 | 0 | mtp3_addr_dpc->pc = tvb_get_ntohl(tvb, offset); |
376 | 0 | mtp3_addr_dpc->type = ITU_STANDARD; |
377 | 0 | mtp3_addr_dpc->ni = 0; |
378 | 0 | set_address(&pinfo->dst, ss7pc_address_type, sizeof(mtp3_addr_pc_t), (uint8_t *) mtp3_addr_dpc); |
379 | 0 | } |
380 | 0 | else if (key2 == 3) |
381 | 0 | { |
382 | 0 | if (msg_len%16 != 0) |
383 | 0 | { |
384 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_destination_ip_address1, tvb, offset, msg_len, ENC_NA); |
385 | 0 | set_address_tvb(&pinfo->net_dst, AT_IPv4, 4, tvb, offset); |
386 | 0 | copy_address_shallow(&pinfo->dst, &pinfo->net_dst); |
387 | 0 | } |
388 | 0 | else |
389 | 0 | { |
390 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_destination_ip_address2, tvb, offset, msg_len, ENC_NA); |
391 | 0 | set_address_tvb(&pinfo->net_dst, AT_IPv6, 6, tvb, offset); |
392 | 0 | copy_address_shallow(&pinfo->dst, &pinfo->net_dst); |
393 | 0 | } |
394 | 0 | } |
395 | | |
396 | 0 | else if (key2 == 4) |
397 | 0 | { |
398 | 0 | const uint8_t *string; |
399 | 0 | proto_tree_add_item_ret_string(ppcap_tree1, hf_ppcap_destination_nodeid, tvb, offset, msg_len, ENC_UTF_8|ENC_NA, pinfo->pool, &string); |
400 | 0 | set_address_tvb(&pinfo->net_dst, AT_STRINGZ, msg_len, tvb, offset); |
401 | 0 | copy_address_shallow(&pinfo->dst, &pinfo->net_dst); |
402 | 0 | } |
403 | | |
404 | 0 | if (msg_len%4) |
405 | 0 | msg_len = msg_len+(4-(msg_len%4)); |
406 | |
|
407 | 0 | offset += msg_len; |
408 | |
|
409 | 0 | return offset; |
410 | 0 | } |
411 | | |
412 | | /* Dissecting the function Info String */ |
413 | | |
414 | | /* |
415 | | ******************************************************* |
416 | | * Info * |
417 | | * * |
418 | | ******************************************************* |
419 | | */ |
420 | | |
421 | | static int |
422 | | dissect_ppcap_info_string(tvbuff_t *tvb, proto_tree * ppcap_tree1, int offset) |
423 | 0 | { |
424 | 0 | uint16_t msg_len; |
425 | 0 | msg_len = tvb_get_ntohs(tvb, offset); |
426 | 0 | proto_tree_add_item( ppcap_tree1, hf_ppcap_length, tvb, offset, 2, ENC_BIG_ENDIAN); |
427 | 0 | offset = offset + 2; |
428 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_info, tvb, offset, msg_len, ENC_ASCII); |
429 | |
|
430 | 0 | if (msg_len%4) |
431 | 0 | msg_len = msg_len +( 4- (msg_len%4)); |
432 | 0 | offset += msg_len; |
433 | 0 | return offset; |
434 | 0 | } |
435 | | |
436 | | /* Dissecting the function Local Port */ |
437 | | |
438 | | /* |
439 | | ******************************************************* |
440 | | * Local Port * |
441 | | * * |
442 | | ******************************************************* |
443 | | */ |
444 | | static int |
445 | | dissect_ppcap_local_port(tvbuff_t *tvb,proto_tree * ppcap_tree1, int offset) |
446 | 0 | { |
447 | 0 | proto_tree_add_item(ppcap_tree1,hf_ppcap_local_port,tvb,offset,2,ENC_BIG_ENDIAN); |
448 | 0 | offset = offset+6; /*Adding offset of filler bytes without text*/ |
449 | 0 | return offset; |
450 | 0 | } |
451 | | |
452 | | /* Dissecting the function Remote Port */ |
453 | | |
454 | | /* |
455 | | ******************************************************* |
456 | | * Remote Port * |
457 | | * * |
458 | | ******************************************************* |
459 | | */ |
460 | | |
461 | | static int |
462 | | dissect_ppcap_remote_port(tvbuff_t *tvb,proto_tree * ppcap_tree1, int offset) |
463 | 0 | { |
464 | 0 | proto_tree_add_item(ppcap_tree1,hf_ppcap_remote_port,tvb,offset,2,ENC_BIG_ENDIAN); |
465 | 0 | offset = offset+6; /*Adding offset of filler bytes without text*/ |
466 | 0 | return offset; |
467 | 0 | } |
468 | | |
469 | | /* Dissecting the function TCP SIP Message */ |
470 | | |
471 | | /* |
472 | | ******************************************************* |
473 | | * Transport protocol * |
474 | | * * |
475 | | ******************************************************* |
476 | | */ |
477 | | |
478 | | static int |
479 | | dissect_ppcap_transport_protocol(tvbuff_t *tvb,proto_tree * ppcap_tree1, int offset) |
480 | 0 | { |
481 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_length, tvb, offset, 2, ENC_BIG_ENDIAN); |
482 | 0 | offset = offset + 2; |
483 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_transport_prot, tvb, offset, 4, ENC_ASCII | ENC_NA); |
484 | 0 | offset += 4; |
485 | |
|
486 | 0 | return offset; |
487 | 0 | } |
488 | | |
489 | | static int |
490 | | dissect_ppcap_sctp_assoc(tvbuff_t *tvb _U_, proto_tree * tree _U_, int offset) |
491 | 0 | { |
492 | 0 | uint16_t length; |
493 | 0 | length = tvb_get_ntohs(tvb, offset); |
494 | |
|
495 | 0 | proto_tree_add_item(tree, hf_ppcap_length, tvb, offset, 2, ENC_BIG_ENDIAN); |
496 | 0 | offset = offset + 2; |
497 | |
|
498 | 0 | proto_tree_add_item(tree, hf_ppcap_sctp_assoc, tvb, offset, length, ENC_ASCII | ENC_NA); |
499 | | |
500 | | /* The string can be 1 -15 characters long but the IE is padded to 16 bytes*/ |
501 | |
|
502 | 0 | return offset + 16; |
503 | 0 | } |
504 | | |
505 | | /* Dissecting the function Payload Data to call the protocol that based upon the type decided in the Payload Type */ |
506 | | |
507 | | /* |
508 | | ******************************************************* |
509 | | * Payload Data * |
510 | | * * |
511 | | ******************************************************* |
512 | | */ |
513 | | |
514 | | |
515 | | static int |
516 | | dissect_ppcap_payload_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree * ppcap_tree1, int offset, proto_tree *tree, payload_type_type payload_type) |
517 | 0 | { |
518 | 0 | tvbuff_t *next_tvb; |
519 | 0 | uint16_t msg_len; |
520 | 0 | msg_len = tvb_get_ntohs(tvb, offset); |
521 | 0 | proto_tree_add_item( ppcap_tree1, hf_ppcap_length, tvb, offset, 2, ENC_BIG_ENDIAN); |
522 | 0 | offset = offset + 2; |
523 | 0 | proto_tree_add_item(ppcap_tree1, hf_ppcap_payload_data, tvb, offset, msg_len, ENC_NA); |
524 | |
|
525 | 0 | if (msg_len%4) |
526 | 0 | msg_len = msg_len +( 4- (msg_len%4)); |
527 | |
|
528 | 0 | next_tvb = tvb_new_subset_remaining(tvb, offset); |
529 | |
|
530 | 0 | switch (payload_type) { |
531 | 0 | case PPCAP_MTP3: |
532 | 0 | call_dissector(mtp3_handle, next_tvb, pinfo, tree); /* calling the MTP3 handle */ |
533 | 0 | break; |
534 | 0 | case PPCAP_TCAP: |
535 | | /* |
536 | | * The protocol which runs on TCAP takes the SSN value from the SCCP layer which is missing in this case. |
537 | | * So we have made code changes for TCAP handle as below for taking the SSN value from ppcap. |
538 | | */ |
539 | 0 | if (ssn != INVALID_SSN && dissector_try_uint(sccp_ssn_dissector_table, ssn, next_tvb, pinfo, tree)) { |
540 | 0 | return offset+msg_len; |
541 | 0 | }else{ |
542 | 0 | call_dissector(tcap_handle, next_tvb, pinfo, tree); /* calling the TCAP handle */ |
543 | 0 | } |
544 | 0 | break; |
545 | 0 | case PPCAP_BSSAP: |
546 | 0 | call_dissector(bssap_handle, next_tvb, pinfo, tree); /* calling the BSSAP handle */ |
547 | 0 | break; |
548 | 0 | case PPCAP_RANAP: |
549 | 0 | call_dissector(ranap_handle, next_tvb, pinfo, tree); /* calling the RANAP handle */ |
550 | 0 | break; |
551 | 0 | case PPCAP_H248: |
552 | 0 | call_dissector(h248_handle, next_tvb, pinfo, tree); /* calling the H248 handle */ |
553 | 0 | break; |
554 | 0 | case PPCAP_SIP: |
555 | 0 | call_dissector(sip_handle, next_tvb, pinfo, tree); /* calling the SIP handle */ |
556 | 0 | break; |
557 | 0 | case PPCAP_SCCP: |
558 | 0 | call_dissector(sccp_handle, next_tvb, pinfo, tree); /* calling the SCCP handle */ |
559 | 0 | break; |
560 | 0 | case PPCAP_SGSAP: |
561 | 0 | call_dissector(sgsap_handle, next_tvb, pinfo, tree); /* calling the SGSAP handle */ |
562 | 0 | break; |
563 | 0 | case PPCAP_GTPV2: |
564 | 0 | call_dissector(gtpv2_handle, next_tvb, pinfo, tree); /* calling the GTPv2 handle */ |
565 | 0 | break; |
566 | 0 | default: |
567 | 0 | call_data_dissector(next_tvb, pinfo, tree); /* calling the DATA handle */ |
568 | 0 | break; |
569 | 0 | } |
570 | | |
571 | 0 | offset += msg_len; |
572 | 0 | return offset; |
573 | 0 | } |
574 | | |
575 | | /* Registering the hf variables */ |
576 | | |
577 | | void proto_register_ppcap(void) |
578 | 14 | { |
579 | | |
580 | 14 | static hf_register_info hf[] = { |
581 | 14 | { &hf_ppcap_length, |
582 | 14 | { "Length", "ppcap.length", |
583 | 14 | FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
584 | 14 | { &hf_ppcap_payload_type, |
585 | 14 | { "Payload Type", "ppcap.payload_type", FT_STRING, |
586 | 14 | BASE_NONE, NULL, 0x0 , NULL, HFILL}}, |
587 | 14 | { &hf_ppcap_reserved, |
588 | 14 | { "Reserved", "ppcap.reserved", FT_UINT16, |
589 | 14 | BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
590 | 14 | { &hf_ppcap_address_type, |
591 | 14 | { "Address Type", "ppcap.address_type", FT_UINT16, |
592 | 14 | BASE_DEC, VALS(address_type_values), 0x00 , NULL, HFILL}}, |
593 | | #if 0 |
594 | | { &hf_ppcap_source_address_type, |
595 | | { "Source Address Type", "ppcap.source_address_type", FT_UINT16, |
596 | | BASE_DEC, VALS(address_type_values), 0x00 , NULL, HFILL}}, |
597 | | #endif |
598 | 14 | { &hf_ppcap_ssn, |
599 | 14 | { "SSN", "ppcap.ssn", FT_UINT16, |
600 | 14 | BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
601 | 14 | { &hf_ppcap_spc, |
602 | 14 | {"OPC", "ppcap.spc", FT_UINT24, |
603 | 14 | BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
604 | 14 | { &hf_ppcap_opc, |
605 | 14 | { "OPC", "ppcap.opc", FT_UINT16, |
606 | 14 | BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
607 | 14 | { &hf_ppcap_source_ip_address1, |
608 | 14 | { "Source IP Address", "ppcap.source_ip_address1", FT_IPv4, |
609 | 14 | BASE_NONE, NULL, 0x00, NULL, HFILL}}, |
610 | 14 | { &hf_ppcap_source_ip_address2, |
611 | 14 | { "Source IP Address", "ppcap.source_ip_address2", FT_IPv6, |
612 | 14 | BASE_NONE, NULL, 0x00, NULL, HFILL}}, |
613 | 14 | { &hf_ppcap_destreserved, |
614 | 14 | { "Reserved", "ppcap.destreserved", FT_UINT16, |
615 | 14 | BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
616 | | #if 0 |
617 | | { &hf_ppcap_destination_address_type, |
618 | | { "Destination Address Type", "ppcap.destination_address_type", FT_UINT16, |
619 | | BASE_DEC, VALS(address_type_values), 0x00, NULL, HFILL}}, |
620 | | #endif |
621 | 14 | { &hf_ppcap_ssn1, |
622 | 14 | { "SSN", "ppcap.ssn1", FT_UINT8, |
623 | 14 | BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
624 | 14 | { &hf_ppcap_spc1, |
625 | 14 | { "DPC", "ppcap.spc1", FT_UINT24, |
626 | 14 | BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
627 | 14 | { &hf_ppcap_dpc, |
628 | 14 | { "DPC", "ppcap.dpc", FT_UINT32, |
629 | 14 | BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
630 | 14 | { &hf_ppcap_destination_ip_address1, |
631 | 14 | { "Destination IP Address", "ppcap.destination_ip_address1", FT_IPv4, |
632 | 14 | BASE_NONE, NULL, 0x0, NULL, HFILL}}, |
633 | 14 | { &hf_ppcap_destination_ip_address2, |
634 | 14 | { "Destination IP Address", "ppcap.destination_ip_address2", FT_IPv6, |
635 | 14 | BASE_NONE, NULL, 0x0, NULL, HFILL}}, |
636 | 14 | { &hf_ppcap_source_nodeid, |
637 | 14 | { "Source Node ID", "ppcap.source_nodeid", FT_STRING, |
638 | 14 | BASE_NONE, NULL, 0x0, NULL, HFILL}}, |
639 | 14 | { &hf_ppcap_destination_nodeid, |
640 | 14 | { "Destination Node ID", "ppcap.destination_address", FT_STRING, |
641 | 14 | BASE_NONE, NULL, 0x0, NULL, HFILL}}, |
642 | 14 | { &hf_ppcap_info, |
643 | 14 | { "Info", "ppcap.info", FT_STRING, |
644 | 14 | BASE_NONE, NULL, 0x0, NULL, HFILL}}, |
645 | 14 | { &hf_ppcap_payload_data, |
646 | 14 | { "Payload Data", "ppcap.payload_data", FT_BYTES, |
647 | 14 | BASE_NONE, NULL, 0x0, NULL, HFILL}}, |
648 | 14 | { &hf_ppcap_local_port, |
649 | 14 | { "Local Port", "ppcap.local_port", FT_UINT16, |
650 | 14 | BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
651 | 14 | { &hf_ppcap_remote_port, |
652 | 14 | { "Remote Port", "ppcap.remote_port", FT_UINT16, |
653 | 14 | BASE_DEC, NULL, 0x00, NULL, HFILL}}, |
654 | 14 | { &hf_ppcap_transport_prot, |
655 | 14 | { "Transport Protocol", "ppcap.transport_prot", FT_STRING, |
656 | 14 | BASE_NONE, NULL, 0x0 , NULL, HFILL}}, |
657 | 14 | { &hf_ppcap_sctp_assoc, |
658 | 14 | { "SCTP Association ID", "ppcap.sctp_assoc", FT_STRING, |
659 | 14 | BASE_NONE, NULL, 0x0 , NULL, HFILL } }, |
660 | 14 | }; |
661 | | |
662 | 14 | static int *ett[]= { |
663 | 14 | &ett_ppcap, |
664 | 14 | &ett_ppcap1, |
665 | 14 | &ett_ppcap_new, |
666 | 14 | }; |
667 | 14 | proto_ppcap = proto_register_protocol("Proprietary PCAP", "PPCAP", "ppcap"); |
668 | 14 | proto_register_field_array(proto_ppcap , hf , array_length(hf)); |
669 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
670 | 14 | register_dissector("ppcap", dissect_ppcap, proto_ppcap); |
671 | | |
672 | 14 | } |
673 | | |
674 | | void proto_reg_handoff_ppcap(void) |
675 | 14 | { |
676 | 14 | ppcap_handle = find_dissector_add_dependency("ppcap", proto_ppcap); |
677 | 14 | mtp3_handle = find_dissector_add_dependency("mtp3", proto_ppcap); /* calling the protocol MTP3 */ |
678 | 14 | tcap_handle = find_dissector_add_dependency("tcap", proto_ppcap); /* calling the protocol TCAP */ |
679 | 14 | bssap_handle = find_dissector_add_dependency("bssap", proto_ppcap); /* calling the protocol BSSAP */ |
680 | 14 | ranap_handle = find_dissector_add_dependency("ranap", proto_ppcap); /* calling the protocol RANAP */ |
681 | 14 | h248_handle = find_dissector_add_dependency("h248", proto_ppcap); /* calling the protocol H248 */ |
682 | 14 | sip_handle = find_dissector_add_dependency("sip", proto_ppcap); /* calling the protocol SIP */ |
683 | 14 | sccp_handle = find_dissector_add_dependency("sccp", proto_ppcap); /* calling the protocol SCCP */ |
684 | 14 | sgsap_handle = find_dissector_add_dependency("sgsap", proto_ppcap); /* calling the protocol SGSAP */ |
685 | 14 | gtpv2_handle = find_dissector_add_dependency("gtpv2", proto_ppcap); /* calling the protocol GTPv2 */ |
686 | | |
687 | 14 | sccp_ssn_dissector_table = find_dissector_table("sccp.ssn"); |
688 | | |
689 | 14 | ss7pc_address_type = address_type_get_by_name("AT_SS7PC"); |
690 | 14 | } |
691 | | |
692 | | /* |
693 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
694 | | * |
695 | | * Local variables: |
696 | | * c-basic-offset: 8 |
697 | | * tab-width: 8 |
698 | | * indent-tabs-mode: t |
699 | | * End: |
700 | | * |
701 | | * vi: set shiftwidth=8 tabstop=8 noexpandtab: |
702 | | * :indentSize=8:tabSize=8:noTabs=false: |
703 | | */ |