Add the SS7 encapsulations to pcap-bpf.h, replacing the unused "raw SS7"
encapsulation with an "MTP2 plus pseudo-header" encapsulation. Get rid of "rawss7.h", as the LINKTYPE_RAWSS7 it's mainly dedicated to explain was never implemented. Update savefile.c for the changes.
This commit is contained in:
guy
parent
574c8c863c
commit
8561645aa2
|
|
@ -37,7 +37,7 @@
|
|||
*
|
||||
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.36 2005-04-09 21:15:13 guy Exp $ (LBL)
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.37 2005-05-01 19:46:27 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
/*
|
||||
|
|
@ -423,8 +423,13 @@ struct bpf_version {
|
|||
#define DLT_APPLE_IP_OVER_IEEE1394 138
|
||||
|
||||
/*
|
||||
* 139 through 142 are reserved for SS7.
|
||||
* Various SS7 encapsulations, as per a request from Jeff Morriss
|
||||
* <jeff.morriss[AT]ulticom.com> and subsequent discussions.
|
||||
*/
|
||||
#define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */
|
||||
#define DLT_MTP2 140 /* MTP2, without pseudo-header */
|
||||
#define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */
|
||||
#define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */
|
||||
|
||||
/*
|
||||
* DOCSIS MAC frames.
|
||||
|
|
|
|||
105
rawss7.h
105
rawss7.h
|
|
@ -1,105 +0,0 @@
|
|||
/* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */
|
||||
/*
|
||||
* Copyright (c) 2003 - The tcpdump group.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the University nor of the Laboratory may be used
|
||||
* to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/Attic/rawss7.h,v 1.1 2003-09-10 19:55:36 mcr Exp $ (LBL)
|
||||
*/
|
||||
|
||||
/*
|
||||
* This file is never used in libpcap or tcpdump. It is provided as
|
||||
* documentation linktypes 139 through 142 only.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Date: Tue, 09 Sep 2003 09:41:04 -0400
|
||||
* From: Jeff Morriss <jeff.morriss[AT]ulticom.com>
|
||||
* To: tcpdump-workers@tcpdump.org
|
||||
* Subject: [tcpdump-workers] request for LINKTYPE_
|
||||
*
|
||||
* We've had some discussion over on ethereal-dev about a "fake link" or
|
||||
* "raw SS7" dissector that allows dumping an arbitrary protocol into a
|
||||
* file without any (otherwise necessary) lower level protocols. The
|
||||
* common example has been dumping MTP3 into a file without, well, MTP2 or
|
||||
* M2PA.
|
||||
*
|
||||
* We want to store these protocols directly in PCAP file format because
|
||||
* it's well defined and there isn't another (popular) file format for
|
||||
* capturing SS7 messages that we can reverse engineer (and we want to read
|
||||
* these files into Ethereal). Rather than creating a new file format, it's
|
||||
* a lot easier to just allocate a LINKTYPE_.
|
||||
*
|
||||
* Here is the original post thread:
|
||||
*
|
||||
* http://ethereal.com/lists/ethereal-dev/200306/threads.html#00200
|
||||
*
|
||||
* July's thread on the subject:
|
||||
*
|
||||
* http://ethereal.com/lists/ethereal-dev/200307/threads.html#00124
|
||||
*
|
||||
* August's thread:
|
||||
*
|
||||
* http://ethereal.com/lists/ethereal-dev/200308/threads.html#00193
|
||||
*
|
||||
*
|
||||
* and one of the last messages--which is why I'm mailing you today:
|
||||
*
|
||||
* http://ethereal.com/lists/ethereal-dev/200308/msg00193.html
|
||||
*
|
||||
*
|
||||
* Based on the message in the last URL, I'd like to request a new
|
||||
* LINKTYPE_: LINKTYPE_RAWSS7.
|
||||
*
|
||||
* This packets in this file type will contain a header:
|
||||
*/
|
||||
|
||||
typedef struct _rawss7_hdr {
|
||||
/* NOTE: These are in network-byte order. */
|
||||
guint32 type;
|
||||
guint16 length;
|
||||
guint16 spare;
|
||||
} rawss7_hdr;
|
||||
|
||||
/*
|
||||
*
|
||||
* followed by protocol data for whatever protocol 'type' indicates.
|
||||
*
|
||||
* There was some discussion about these protocol 'type's being allocated by
|
||||
* tcpdump-workers as well. In fact it would be handy to have one place to
|
||||
* allocate such numbers, so what do you think about allocating 3 more (for
|
||||
* now) LINKTYPE_'s:
|
||||
*/
|
||||
|
||||
#define LINKTYPE_RAWSS7_MTP2 140
|
||||
#define LINKTYPE_RAWSS7_MTP3 141
|
||||
#define LINKTYPE_RAWSS7_SCCP 142
|
||||
|
||||
/*
|
||||
*
|
||||
* There is no reason this can't be used to store non-SS7 protocols, but
|
||||
* it's what we need to use it for now...
|
||||
*
|
||||
*/
|
||||
16
savefile.c
16
savefile.c
|
|
@ -30,7 +30,7 @@
|
|||
|
||||
#ifndef lint
|
||||
static const char rcsid[] _U_ =
|
||||
"@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.129 2005-04-26 00:54:23 risso Exp $ (LBL)";
|
||||
"@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.130 2005-05-01 19:46:28 guy Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
@ -269,10 +269,10 @@ static const char rcsid[] _U_ =
|
|||
|
||||
#define LINKTYPE_APPLE_IP_OVER_IEEE1394 138 /* Apple IP-over-IEEE 1394 cooked header */
|
||||
|
||||
#define LINKTYPE_RAWSS7 139 /* see rawss7.h for */
|
||||
#define LINKTYPE_RAWSS7_MTP2 140 /* information on these */
|
||||
#define LINKTYPE_RAWSS7_MTP3 141 /* definitions */
|
||||
#define LINKTYPE_RAWSS7_SCCP 142
|
||||
#define LINKTYPE_MTP2_WITH_PHDR 139
|
||||
#define LINKTYPE_MTP2 140
|
||||
#define LINKTYPE_MTP3 141
|
||||
#define LINKTYPE_SCCP 142
|
||||
|
||||
#define LINKTYPE_DOCSIS 143 /* DOCSIS MAC frames */
|
||||
|
||||
|
|
@ -538,6 +538,12 @@ static struct linktype_map {
|
|||
/* Apple IP-over-IEEE 1394 cooked header */
|
||||
{ DLT_APPLE_IP_OVER_IEEE1394, LINKTYPE_APPLE_IP_OVER_IEEE1394 },
|
||||
|
||||
/* SS7 */
|
||||
{ DLT_MTP2_WITH_PHDR, LINKTYPE_MTP2_WITH_PHDR },
|
||||
{ DLT_MTP2, LINKTYPE_MTP2 },
|
||||
{ DLT_MTP3, LINKTYPE_MTP3 },
|
||||
{ DLT_SCCP, LINKTYPE_SCCP },
|
||||
|
||||
/* DOCSIS MAC frames */
|
||||
{ DLT_DOCSIS, LINKTYPE_DOCSIS },
|
||||
|
||||
|
|
|
|||
Reference in New Issue