From 8561645aa2cf797b33a3d262463e41eac46fdb15 Mon Sep 17 00:00:00 2001 From: guy Date: Sun, 1 May 2005 19:46:27 +0000 Subject: [PATCH] Add the SS7 encapsulations to pcap-bpf.h, replacing the unused "raw SS7" encapsulation with an "MTP2 plus pseudo-header" encapsulation. Get rid of "rawss7.h", as the LINKTYPE_RAWSS7 it's mainly dedicated to explain was never implemented. Update savefile.c for the changes. --- FILES | 1 - pcap-bpf.h | 9 ++++- rawss7.h | 105 ----------------------------------------------------- savefile.c | 16 +++++--- 4 files changed, 18 insertions(+), 113 deletions(-) delete mode 100644 rawss7.h diff --git a/FILES b/FILES index 95b75cf..b81b489 100644 --- a/FILES +++ b/FILES @@ -96,7 +96,6 @@ pcap.c pcap.h pf.h ppp.h -rawss7.h savefile.c scanner.l sll.h diff --git a/pcap-bpf.h b/pcap-bpf.h index 7dc0b94..91c14b4 100644 --- a/pcap-bpf.h +++ b/pcap-bpf.h @@ -37,7 +37,7 @@ * * @(#)bpf.h 7.1 (Berkeley) 5/7/91 * - * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.36 2005-04-09 21:15:13 guy Exp $ (LBL) + * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.37 2005-05-01 19:46:27 guy Exp $ (LBL) */ /* @@ -423,8 +423,13 @@ struct bpf_version { #define DLT_APPLE_IP_OVER_IEEE1394 138 /* - * 139 through 142 are reserved for SS7. + * Various SS7 encapsulations, as per a request from Jeff Morriss + * and subsequent discussions. */ +#define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */ +#define DLT_MTP2 140 /* MTP2, without pseudo-header */ +#define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */ +#define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */ /* * DOCSIS MAC frames. diff --git a/rawss7.h b/rawss7.h deleted file mode 100644 index 0e12f50..0000000 --- a/rawss7.h +++ /dev/null @@ -1,105 +0,0 @@ -/* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */ -/* - * Copyright (c) 2003 - The tcpdump group. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor of the Laboratory may be used - * to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#) $Header: /tcpdump/master/libpcap/Attic/rawss7.h,v 1.1 2003-09-10 19:55:36 mcr Exp $ (LBL) - */ - -/* - * This file is never used in libpcap or tcpdump. It is provided as - * documentation linktypes 139 through 142 only. - */ - -/* - * Date: Tue, 09 Sep 2003 09:41:04 -0400 - * From: Jeff Morriss - * To: tcpdump-workers@tcpdump.org - * Subject: [tcpdump-workers] request for LINKTYPE_ - * - * We've had some discussion over on ethereal-dev about a "fake link" or - * "raw SS7" dissector that allows dumping an arbitrary protocol into a - * file without any (otherwise necessary) lower level protocols. The - * common example has been dumping MTP3 into a file without, well, MTP2 or - * M2PA. - * - * We want to store these protocols directly in PCAP file format because - * it's well defined and there isn't another (popular) file format for - * capturing SS7 messages that we can reverse engineer (and we want to read - * these files into Ethereal). Rather than creating a new file format, it's - * a lot easier to just allocate a LINKTYPE_. - * - * Here is the original post thread: - * - * http://ethereal.com/lists/ethereal-dev/200306/threads.html#00200 - * - * July's thread on the subject: - * - * http://ethereal.com/lists/ethereal-dev/200307/threads.html#00124 - * - * August's thread: - * - * http://ethereal.com/lists/ethereal-dev/200308/threads.html#00193 - * - * - * and one of the last messages--which is why I'm mailing you today: - * - * http://ethereal.com/lists/ethereal-dev/200308/msg00193.html - * - * - * Based on the message in the last URL, I'd like to request a new - * LINKTYPE_: LINKTYPE_RAWSS7. - * - * This packets in this file type will contain a header: - */ - -typedef struct _rawss7_hdr { - /* NOTE: These are in network-byte order. */ - guint32 type; - guint16 length; - guint16 spare; -} rawss7_hdr; - -/* - * - * followed by protocol data for whatever protocol 'type' indicates. - * - * There was some discussion about these protocol 'type's being allocated by - * tcpdump-workers as well. In fact it would be handy to have one place to - * allocate such numbers, so what do you think about allocating 3 more (for - * now) LINKTYPE_'s: - */ - -#define LINKTYPE_RAWSS7_MTP2 140 -#define LINKTYPE_RAWSS7_MTP3 141 -#define LINKTYPE_RAWSS7_SCCP 142 - -/* - * - * There is no reason this can't be used to store non-SS7 protocols, but - * it's what we need to use it for now... - * - */ diff --git a/savefile.c b/savefile.c index 9156b5a..10ea70f 100644 --- a/savefile.c +++ b/savefile.c @@ -30,7 +30,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.129 2005-04-26 00:54:23 risso Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.130 2005-05-01 19:46:28 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -269,10 +269,10 @@ static const char rcsid[] _U_ = #define LINKTYPE_APPLE_IP_OVER_IEEE1394 138 /* Apple IP-over-IEEE 1394 cooked header */ -#define LINKTYPE_RAWSS7 139 /* see rawss7.h for */ -#define LINKTYPE_RAWSS7_MTP2 140 /* information on these */ -#define LINKTYPE_RAWSS7_MTP3 141 /* definitions */ -#define LINKTYPE_RAWSS7_SCCP 142 +#define LINKTYPE_MTP2_WITH_PHDR 139 +#define LINKTYPE_MTP2 140 +#define LINKTYPE_MTP3 141 +#define LINKTYPE_SCCP 142 #define LINKTYPE_DOCSIS 143 /* DOCSIS MAC frames */ @@ -538,6 +538,12 @@ static struct linktype_map { /* Apple IP-over-IEEE 1394 cooked header */ { DLT_APPLE_IP_OVER_IEEE1394, LINKTYPE_APPLE_IP_OVER_IEEE1394 }, + /* SS7 */ + { DLT_MTP2_WITH_PHDR, LINKTYPE_MTP2_WITH_PHDR }, + { DLT_MTP2, LINKTYPE_MTP2 }, + { DLT_MTP3, LINKTYPE_MTP3 }, + { DLT_SCCP, LINKTYPE_SCCP }, + /* DOCSIS MAC frames */ { DLT_DOCSIS, LINKTYPE_DOCSIS },