GPRS: Add wireshark lua script to split a trace by TLLI

This is currently only looking at one TLLI and is splitting the trace by that TLLI...
2010-06-07 18:09:54 +08:00 · 2010-06-07 18:09:54 +08:00 · 8acedec8c9
parent 98b15034b3
commit 8acedec8c9
1 changed files with 45 additions and 0 deletions
--- a/openbsc/contrib/gprs/gprs-split-trace-by-tlli.lua
+++ b/openbsc/contrib/gprs/gprs-split-trace-by-tlli.lua
@ -0,0 +1,45 @@
+-- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only)
+-- Dump files are created for both source and destination hosts
+do
+	local dir = "by_tlli"
+	local dumpers = {}
+	local function init_listener()
+		local udp_port_table = DissectorTable.get("udp.port")
+		local gprs_ns_dis = Dissector.get("gprs_ns")
+		udp_port_table:add(23000,gprs_ns_dis)
+
+		local field_tlli = Field.new("bssgp.tlli")
+		local tap = Listener.new("ip", "udp.port == 23000")
+
+		-- we will be called once for every IP Header.
+		-- If there's more than one IP header in a given packet we'll dump the packet once per every header
+		function tap.packet(pinfo,tvb,ip)
+			local ttli = field_tlli()
+			if not ttli then
+				return
+			end
+
+			local ttli_str = tostring(ttli)
+			ttli_dmp = dumpers[ttli_str]
+			if not ttli_dmp then
+				print("Creating TLLI " .. tostring(ttli) .. " " .. ttli_str)
+				ttli_dmp = Dumper.new_for_current(dir .. "/" .. ttli_str .. ".pcap")
+				dumpers[ttli_str] = ttli_dmp
+			end
+			ttli_dmp:dump_current()
+			ttli_dmp:flush()
+		end
+		function tap.draw()
+			for ttli,dumper in pairs(dumpers) do
+				 dumper:flush()
+			end
+		end
+		function tap.reset()
+			for ttli,dumper in pairs(dumpers) do
+				 dumper:close()
+			end
+			dumpers = {}
+		end
+	end
+	init_listener()
+end