asn2eth generated h225 dissector

svn path=/trunk/; revision=12930
This commit is contained in:
Anders Broman 2005-01-02 22:01:32 +00:00
parent edc4b8fff5
commit 422d331c09
5 changed files with 2988 additions and 0 deletions

6
asn1/h225/h225-exp.cnf Normal file
View File

@ -0,0 +1,6 @@
#.TYPE_ATTR
NonStandardParameter TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0
AliasAddress TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(AliasAddress_vals) BITMASK = 0
RasMessage TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(RasMessage_vals) BITMASK = 0
#.END

2150
asn1/h225/h225.asn Normal file

File diff suppressed because it is too large Load Diff

294
asn1/h225/h225.cnf Normal file
View File

@ -0,0 +1,294 @@
# h225.cnf
# H.225 conformation file
# Copyright 2004 Anders Broman
# $Id$
#.MODULE_IMPORT
H235-SECURITY-MESSAGES h235
MULTIMEDIA-SYSTEM-CONTROL h245
#.END
#.INCLUDE ../h235/h235-exp.cnf
#.INCLUDE ../h245/h245-exp.cnf
#----------------------------------------------------------------------------------------
#.EXPORTS
#----------------------------------------------------------------------------------------
NonStandardParameter
RasMessage WITH_VALS ETH_VAR
H323-UU-PDU/h323-message-body ONLY_VALS ETH_VAR
FacilityReason ONLY_VALS ETH_VAR
GatekeeperRejectReason ONLY_VALS ETH_VAR
UnregRequestReason ONLY_VALS ETH_VAR
UnregRejectReason ONLY_VALS ETH_VAR
BandRejectReason ONLY_VALS ETH_VAR
DisengageReason ONLY_VALS ETH_VAR
DisengageRejectReason ONLY_VALS ETH_VAR
InfoRequestNakReason ONLY_VALS ETH_VAR
ReleaseCompleteReason ONLY_VALS ETH_VAR
AdmissionRejectReason ONLY_VALS ETH_VAR
LocationRejectReason ONLY_VALS ETH_VAR
RegistrationRejectReason ONLY_VALS ETH_VAR
AliasAddress
#----------------------------------------------------------------------------------------
#.TYPE_RENAME
CallCreditServiceControl/callStartingPoint CallCreditServiceControl_callStartingPoint
TunnelledProtocol/id TunnelledProtocol_id
ServiceControlSession/reason ServiceControlSession_reason
RasUsageSpecification/callStartingPoint RasUsageSpecificationcallStartingPoint
CapacityReportingSpecification/when CapacityReportingSpecification_when
RasUsageSpecification/when RasUsageSpecification_when
TransportAddress/ipAddress/ip IpV4
#----------------------------------------------------------------------------------------
#.FIELD_RENAME
RasUsageSpecification/callStartingPoint/alerting alerting_flg
CallCreditServiceControl/callStartingPoint/alerting alerting_flg
UseSpecifiedTransport/annexE annexE_flg
UUIEsRequested/callProceeding callProceeding_flg
CicInfo/cic cic_2_4
UUIEsRequested/connect connect_bool
NonStandardParameter/data data_oct_str
H323-UU-PDU/h323-message-body/empty empty_flg
RasUsageInfoTypes/endTime endTime_flg
UUIEsRequested/facility facility_bool
CallsAvailable/group group_IA5String
GroupID/group group_IA5String
Setup-UUIE/hopCount hopCount_1_31
UUIEsRequested/information information_bool
TransportAddress/ip6Address/ip ipV6
TransportAddress/ipAddress/ip ipV4
TransportAddress/ipSourceRoute/ip src_route_ipV4
RTPSession/multicast multicast_flg
UUIEsRequested/notify notify_bool
TransportAddress/ipxAddress/port ipx_port
TransportAddress/ipAddress/port ipV4_port
TransportAddress/ipSourceRoute/port ipV4_src_port
TransportAddress/ip6Address/port ipV6_port
UUIEsRequested/progress progress_bool
Facility-UUIE/reason facilityReason
UnregistrationRequest/reason unregRequestReason
ReleaseComplete-UUIE/reason releaseCompleteReason
BandwidthReject/rejectReason bandRejectReason
UnregistrationReject/rejectReason unregRejectReason
RegistrationReject/rejectReason registrationRejectReason
LocationReject/rejectReason locationRejectReason
DisengageReject/rejectReason disengageRejectReason
GatekeeperReject/rejectReason gatekeeperRejectReason
UUIEsRequested/releaseComplete releaseComplete_bool
UseSpecifiedTransport/sctp sctp_flg
ServiceControlSession/sessionId sessionId_0_255
UUIEsRequested/setup setup_bool
UUIEsRequested/setupAcknowledge setupAcknowledge_bool
Setup-UUIE/sourceInfo Setup-UUIE_sourceInfo
UUIEsRequested/status status_bool
UUIEsRequested/statusInquiry statusInquiry_bool
RasUsageInfoTypes/terminationCause terminationCause_flg
CapacityReportingSpecification/when capacityReportingSpecification_when
UUIEsRequested/alerting alerting_bool
LocationConfirm/callSignalAddress locationConfirm_callSignalAddress
RasUsageSpecification/callStartingPoint/connect connect_flg
CallCreditServiceControl/callStartingPoint/connect connect_flg
Alerting-UUIE/destinationInfo uUIE_destinationInfo
CallProceeding-UUIE/destinationInfo uUIE_destinationInfo
Connect-UUIE/destinationInfo uUIE_destinationInfo
Facility-UUIE/destinationInfo uUIE_destinationInfo
Progress-UUIE/destinationInfo uUIE_destinationInfo
TunnelledProtocol/id tunnelledProtocol_id
SecurityCapabilities/integrity securityCapabilities_integrity
GenericIdentifier/nonStandard genericIdentifier_nonStandard
AlternateGK/rasAddress alternateGK_rasAddress
GatekeeperRequest/rasAddress gatekeeperRequest_rasAddress
GatekeeperConfirm/rasAddress gatekeeperConfirm_rasAddress
LocationConfirm/rasAddress locationConfirm_rasAddress
InfoRequestResponse/rasAddress infoRequestResponse_rasAddress
Setup-UUIE/remoteExtensionAddress uUIE_remoteExtensionAddress
Facility-UUIE/remoteExtensionAddress uUIE_remoteExtensionAddress
VendorIdentifier/vendor vendorIdentifier_vendor
RasUsageSpecification/callStartingPoint ras_callStartingPoint
ReleaseCompleteReason/securityError rLC_securityError
GatekeeperRejectReason/securityError gkRej_securityError
RegistrationRejectReason/securityError reg_securityError
#----------------------------------------------------------------------------------------
#.FN_BODY H323-UU-PDU/h323-message-body
guint32 message_body_val;
contains_faststart = FALSE;
offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index,
ett_h225_T_h323_message_body, T_h323_message_body_choice, "T_h323_message_body",
&message_body_val);
if (check_col(pinfo->cinfo, COL_INFO)){
col_append_fstr(pinfo->cinfo, COL_INFO, "CS: %s ",
val_to_str(message_body_val, T_h323_message_body_vals, "<unknown>"));
}
if (h225_pi.msg_type == H225_CS) {
/* Don't override msg_tag value from IRR */
h225_pi.msg_tag = value;
}
if (contains_faststart == TRUE )
{
if (check_col(pinfo->cinfo, COL_INFO))
{
col_append_str(pinfo->cinfo, COL_INFO, "OpenLogicalChannel " );
}
}
col_set_fence(pinfo->cinfo,COL_INFO);
#.END
#----------------------------------------------------------------------------------------
#.FN_BODY FastStart/_item
guint32 newoffset;
guint32 length;
offset=dissect_per_length_determinant(tvb, offset, pinfo, tree, hf_h225_fastStart_item_length, &length);
newoffset=offset + (length<<3); /* please note that offset is in bits in
PER dissectors, but the item length
is in octets */
offset=dissect_h245_OpenLogicalChannel(tvb,offset, pinfo, tree, hf_index);
contains_faststart = TRUE;
h225_pi.is_faststart = TRUE;
return newoffset;
#.END
#----------------------------------------------------------------------------------------
#.FN_BODY RasMessage
offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index,
ett_h225_RasMessage, RasMessage_choice, "RasMessage",
&value);
#.END
#----------------------------------------------------------------------------------------
# TODO asn2eth can't handle restriced string ?
#.FN_BODY DialedDigits
offset=dissect_per_restricted_character_string(tvb, offset, pinfo, tree, hf_index, 1, 128, "#,*0123456789", 13);
#.END
#----------------------------------------------------------------------------------------
# TODO asn2eth can't handle restriced string ?
#.FN_BODY NumberDigits
offset=dissect_per_restricted_character_string(tvb, offset, pinfo, tree, hf_index, 1, 128, "#,*0123456789", 13);
#.END
#----------------------------------------------------------------------------------------
#.FN_BODY H221NonStandard/t35CountryCode
offset = dissect_per_constrained_integer(tvb, offset, pinfo, tree, hf_index,
0U, 255U, &value, NULL, FALSE);
T38_manufacturer_code = value << 24;
#.END
#----------------------------------------------------------------------------------------
#.FN_BODY H221NonStandard/t35Extension
offset = dissect_per_constrained_integer(tvb, offset, pinfo, tree, hf_index,
0U, 255U, &value, NULL, FALSE);
T38_manufacturer_code = T38_manufacturer_code ^ (value << 16);
#.END
#----------------------------------------------------------------------------------------
#.FN_BODY H221NonStandard/manufacturerCode
offset = dissect_per_constrained_integer(tvb, offset, pinfo, tree, hf_index,
0U, 65535U, &value, NULL, FALSE);
T38_manufacturer_code = T38_manufacturer_code ^ value;
proto_tree_add_uint(tree, hf_h221Manufacturer, tvb, (offset)-4,4,T38_manufacturer_code);
#.END
#----------------------------------------------------------------------------------------
#.FN_BODY H245TransportAddress/h245ipAddress/h245ipv4
guint32 value_offset;
guint32 value_len;
offset = dissect_per_octet_string(tvb, offset, pinfo, tree, hf_index,
4, 4,
&value_offset, &value_len);
tvb_memcpy(tvb, (char *)&ipv4_address, value_offset, 4);
#.END
#----------------------------------------------------------------------------------------
#.FN_BODY H245TransportAddress/h245ipAddress/h245ipv4port
offset = dissect_per_constrained_integer(tvb, offset, pinfo, tree, hf_index,
0U, 65535U, &ipv4_port, NULL, FALSE);
#.END
#----------------------------------------------------------------------------------------
#.FN_BODY H245Control/_item
tvbuff_t *h245_tvb;
guint32 h245_offset=0;
guint32 h245_len=0;
offset=dissect_per_octet_string(tvb, offset, pinfo, tree, -1, -1, -1, &h245_offset, &h245_len);
if(h245_len){
h245_tvb = tvb_new_subset(tvb, h245_offset, h245_len, h245_len);
call_dissector(h245dg_handle, h245_tvb, pinfo, tree);
}
#.END
#----------------------------------------------------------------------------------------
#.FN_HDR H323-UU-PDU/h323-message-body/setup
contains_faststart = FALSE;
#.END
#----------------------------------------------------------------------------------------
#.FN_FTR H323-UU-PDU/h323-message-body/setup
h225_pi.cs_type = H225_SETUP;
#.END
#----------------------------------------------------------------------------------------
#.FN_HDR H245TransportAddress
ipv4_address=0;
ipv4_port=0;
#.END
#----------------------------------------------------------------------------------------
#.FN_FTR H245TransportAddress
/* we need this info for TAPing */
h225_pi.is_h245 = TRUE;
h225_pi.h245_address = ipv4_address;
h225_pi.h245_port = ipv4_port;
if((!pinfo->fd->flags.visited) && ipv4_address!=0 && ipv4_port!=0 && h245_handle){
address src_addr;
conversation_t *conv=NULL;
src_addr.type=AT_IPv4;
src_addr.len=4;
src_addr.data=(const guint8 *)&ipv4_address;
conv=find_conversation(&src_addr, &src_addr, PT_TCP, ipv4_port, ipv4_port, NO_ADDR_B|NO_PORT_B);
if(!conv){
conv=conversation_new(&src_addr, &src_addr, PT_TCP, ipv4_port, ipv4_port, NO_ADDR2|NO_PORT2);
conversation_set_dissector(conv, h245_handle);
}
}
#.END
#----------------------------------------------------------------------------------------
#.TYPE_ATTR
H221NonStandard/t35CountryCode TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(T35CountryCode_vals)
TransportAddress/ipAddress/ip TYPE = FT_IPv4 DISPLAY = BASE_NONE STRINGS = NULL
TransportAddress/ip6Address/ip TYPE = FT_IPv6 DISPLAY = BASE_NONE STRINGS = NULL
H245TransportAddress/h245ipAddress/h245ipv TYPE = FT_IPv4 DISPLAY = BASE_NONE STRINGS = NULL
H245TransportAddress/h245ip6Address/h245ipv6 TYPE = FT_IPv6 DISPLAY = BASE_NONE STRINGS = NULL

View File

@ -0,0 +1,466 @@
/* packet-h225_asn1.c
* Routines for h225 packet dissection
* Copyright 2005, Anders Broman <anders.broman@ericsson.com>
*
* $Id: packet-h225_asn1-template.c 12203 2004-10-05 09:18:55Z guy $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* To quote the author of the previous H323/H225/H245 dissector:
* "This is a complete replacement of the previous limitied dissector
* that Ronnie was crazy enough to write by hand. It was a lot of time
* to hack it by hand, but it is incomplete and buggy and it is good when
* it will go away."
* Ronnie did a great job and all the VoIP users had made good use of it!
* Credit to Tomas Kukosa for developing the Asn2eth compiler.
*
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <glib.h>
#include <epan/packet.h>
#include <epan/conversation.h>
#include <stdio.h>
#include <string.h>
#include <epan/prefs.h>
#include "tap.h"
#include "packet-tpkt.h"
#include "packet-per.h"
#include "packet-h225.h"
#include <epan/t35.h>
#include "h225-persistentdata.h"
#include "packet-ber.h"
#include "packet-h235.h"
#include "packet-h245.h"
#define PNAME "h225"
#define PSNAME "H225"
#define PFNAME "h225"
#define UDP_PORT_RAS1 1718
#define UDP_PORT_RAS2 1719
#define TCP_PORT_CS 1720
static void reset_h225_packet_info(h225_packet_info *pi);
static void ras_call_matching(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, h225_packet_info *pi);
static int dissect_h225_H323UserInformation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
static h225_packet_info h225_pi;
static dissector_handle_t h225ras_handle;
static dissector_handle_t H323UserInformation_handle;
static dissector_handle_t data_handle;
/* Subdissector tables */
static dissector_table_t nsp_object_dissector_table;
static dissector_table_t nsp_h221_dissector_table;
static dissector_table_t tp_dissector_table;
static dissector_handle_t h245_handle=NULL;
static dissector_handle_t h245dg_handle=NULL;
static dissector_handle_t h4501_handle=NULL;
/* Initialize the protocol and registered fields */
static int h225_tap = -1;
static int proto_h225 = -1;
static int hf_h225_H323_UserInformation = -1;
static int hf_h225_RasMessage = -1;
static int hf_h221Manufacturer = -1;
static int hf_h225_ras_req_frame = -1;
static int hf_h225_ras_rsp_frame = -1;
static int hf_h225_ras_dup = -1;
static int hf_h225_ras_deltatime = -1;
static int hf_h225_fastStart_item_length = -1;
#include "packet-h225-hf.c"
/* Initialize the subtree pointers */
static gint ett_h225 = -1;
#include "packet-h225-ett.c"
/* Global variables */
static guint32 ipv4_address;
static guint32 ipv4_port;
guint32 T38_manufacturer_code;
static gboolean h225_reassembly = TRUE;
guint32 value;
static gboolean contains_faststart = FALSE;
#include "packet-h225-fn.c"
static int
dissect_h225_H323UserInformation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *it;
proto_tree *tr;
int offset = 0;
if (check_col(pinfo->cinfo, COL_PROTOCOL)){
col_set_str(pinfo->cinfo, COL_PROTOCOL, "H.225.0");
}
if (check_col(pinfo->cinfo, COL_INFO)){
col_clear(pinfo->cinfo, COL_INFO);
}
it=proto_tree_add_protocol_format(tree, proto_h225, tvb, 0, tvb_length(tvb), "H.225.0 CS");
tr=proto_item_add_subtree(it, ett_h225);
offset = dissect_h225_H323_UserInformation(tvb, offset,pinfo, tr, hf_h225_H323_UserInformation);
return offset;
}
static int
dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){
proto_item *it;
proto_tree *tr;
guint32 offset=0;
/* Init struct for collecting h225_packet_info */
reset_h225_packet_info(&(h225_pi));
h225_pi.msg_type = H225_RAS;
if (check_col(pinfo->cinfo, COL_PROTOCOL)){
col_set_str(pinfo->cinfo, COL_PROTOCOL, "H.225.0");
}
it=proto_tree_add_protocol_format(tree, proto_h225, tvb, offset, tvb_length(tvb), "H.225.0 RAS");
tr=proto_item_add_subtree(it, ett_h225);
offset = dissect_h225_RasMessage(tvb, 0, pinfo,tr, hf_h225_RasMessage );
if (check_col(pinfo->cinfo, COL_INFO)){
col_add_fstr(pinfo->cinfo, COL_INFO, "RAS: %s ",
val_to_str(value, RasMessage_vals, "<unknown>"));
}
h225_pi.msg_tag = value;
ras_call_matching(tvb, pinfo, tr, &(h225_pi));
tap_queue_packet(h225_tap, pinfo, &h225_pi);
return offset;
}
/*--- proto_register_h225 -------------------------------------------*/
void proto_register_h225(void) {
/* List of fields */
static hf_register_info hf[] = {
{ &hf_h225_H323_UserInformation,
{ "H323_UserInformation", "h225.H323_UserInformation", FT_NONE, BASE_NONE,
NULL, 0, "H323_UserInformation sequence", HFILL }},
{ &hf_h225_RasMessage,
{ "RasMessage", "h225.RasMessage", FT_UINT32, BASE_DEC,
VALS(RasMessage_vals), 0, "RasMessage choice", HFILL }},
{ &hf_h221Manufacturer,
{ "H.221 Manufacturer", "h221.Manufacturer", FT_UINT32, BASE_HEX,
VALS(H221ManufacturerCode_vals), 0, "H.221 Manufacturer", HFILL }},
{ &hf_h225_ras_req_frame,
{ "RAS Request Frame", "h225.ras.reqframe", FT_FRAMENUM, BASE_NONE,
NULL, 0, "RAS Request Frame", HFILL }},
{ &hf_h225_ras_rsp_frame,
{ "RAS Response Frame", "h225.ras.rspframe", FT_FRAMENUM, BASE_NONE,
NULL, 0, "RAS Response Frame", HFILL }},
{ &hf_h225_ras_dup,
{ "Duplicate RAS Message", "h225.ras.dup", FT_UINT32, BASE_DEC,
NULL, 0, "Duplicate RAS Message", HFILL }},
{ &hf_h225_ras_deltatime,
{ "RAS Service Response Time", "h225.ras.timedelta", FT_RELATIVE_TIME, BASE_NONE,
NULL, 0, "Timedelta between RAS-Request and RAS-Response", HFILL }},
{ &hf_h225_fastStart_item_length,
{ "fastStart item length", "h225.fastStart_item_length", FT_UINT32, BASE_DEC,
NULL, 0, "fastStart item length", HFILL }},
#include "packet-h225-hfarr.c"
};
/* List of subtrees */
static gint *ett[] = {
&ett_h225,
#include "packet-h225-ettarr.c"
};
module_t *h225_module;
/* Register protocol */
proto_h225 = proto_register_protocol(PNAME, PSNAME, PFNAME);
/* Register fields and subtrees */
proto_register_field_array(proto_h225, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
h225_module = prefs_register_protocol(proto_h225, NULL);
prefs_register_bool_preference(h225_module, "reassembly",
"Reassemble H.225 messages spanning multiple TCP segments",
"Whether the H.225 dissector should reassemble messages spanning multiple TCP segments."
" To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
&h225_reassembly);
register_dissector("h225", dissect_h225_H323UserInformation, proto_h225);
register_dissector("h323ui",dissect_h225_H323UserInformation, proto_h225);
nsp_object_dissector_table = register_dissector_table("h225.nsp.object", "H.225 NonStandardParameter (object)", FT_STRING, BASE_NONE);
nsp_h221_dissector_table = register_dissector_table("h225.nsp.h221", "H.225 NonStandardParameter (h221)", FT_UINT32, BASE_HEX);
tp_dissector_table = register_dissector_table("h225.tp", "H.225 TunnelledProtocol", FT_STRING, BASE_NONE);
register_init_routine(&h225_init_routine);
h225_tap = register_tap("h225");
register_ber_oid_name("0.0.8.2250.0.2","itu-t(0) recommendation(0) h(8) h225-0(2250) version(0) 2");
}
/*--- proto_reg_handoff_h225 ---------------------------------------*/
void
proto_reg_handoff_h225(void)
{
h225ras_handle=new_create_dissector_handle(dissect_h225_h225_RasMessage, proto_h225);
H323UserInformation_handle=new_create_dissector_handle(dissect_h225_H323UserInformation, proto_h225);
h245_handle = find_dissector("h245");
h245dg_handle = find_dissector("h245dg");
h4501_handle = find_dissector("h4501");
data_handle = find_dissector("data");
dissector_add("udp.port", UDP_PORT_RAS1, h225ras_handle);
dissector_add("udp.port", UDP_PORT_RAS2, h225ras_handle);
}
static void reset_h225_packet_info(h225_packet_info *pi)
{
if(pi == NULL) {
return;
}
pi->msg_type = H225_OTHERS;
pi->cs_type = H225_OTHER;
pi->msg_tag = -1;
pi->reason = -1;
pi->requestSeqNum = 0;
memset(pi->guid,0,16);
pi->is_duplicate = FALSE;
pi->request_available = FALSE;
pi->is_faststart = FALSE;
pi->is_h245 = FALSE;
pi->h245_address = 0;
pi->h245_port = 0;
}
/*
The following function contains the routines for RAS request/response matching.
A RAS response matches with a request, if both messages have the same
RequestSequenceNumber, belong to the same IP conversation and belong to the same
RAS "category" (e.g. Admission, Registration).
We use hashtables to access the lists of RAS calls (request/response pairs).
We have one hashtable for each RAS category. The hashkeys consist of the
non-unique 16-bit RequestSequenceNumber and values representing the conversation.
In big capture files, we might get different requests with identical keys.
These requests aren't necessarily duplicates. They might be valid new requests.
At the moment we just use the timedelta between the last valid and the new request
to decide if the new request is a duplicate or not. There might be better ways.
Two thresholds are defined below.
However the decision is made, another problem arises. We can't just add those
requests to our hashtables. Instead we create lists of RAS calls with identical keys.
The hashtables for RAS calls contain now pointers to the first RAS call in a list of
RAS calls with identical keys.
These lists aren't expected to contain more than 3 items and are usually single item
lists. So we don't need an expensive but intelligent way to access these lists
(e.g. hashtables). Just walk through such a list.
*/
#define THRESHOLD_REPEATED_RESPONDED_CALL 300
#define THRESHOLD_REPEATED_NOT_RESPONDED_CALL 1800
static void ras_call_matching(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, h225_packet_info *pi)
{
conversation_t* conversation = NULL;
h225ras_call_info_key h225ras_call_key;
h225ras_call_t *h225ras_call = NULL;
nstime_t delta;
guint msg_category;
if(pi->msg_type == H225_RAS && pi->msg_tag < 21) {
/* make RAS request/response matching only for tags from 0 to 20 for now */
msg_category = pi->msg_tag / 3;
if(pi->msg_tag % 3 == 0) { /* Request Message */
conversation = find_conversation(&pinfo->src,
&pinfo->dst, pinfo->ptype, pinfo->srcport,
pinfo->destport, 0);
if (conversation == NULL) {
/* It's not part of any conversation - create a new one. */
conversation = conversation_new(&pinfo->src,
&pinfo->dst, pinfo->ptype, pinfo->srcport,
pinfo->destport, 0);
}
/* prepare the key data */
h225ras_call_key.reqSeqNum = pi->requestSeqNum;
h225ras_call_key.conversation = conversation;
/* look up the request */
h225ras_call = find_h225ras_call(&h225ras_call_key ,msg_category);
if (h225ras_call != NULL) {
/* We've seen requests with this reqSeqNum, with the same
source and destination, before - do we have
*this* request already? */
/* Walk through list of ras requests with identical keys */
do {
if (pinfo->fd->num == h225ras_call->req_num) {
/* We have seen this request before -> do nothing */
break;
}
/* if end of list is reached, exit loop and decide if request is duplicate or not. */
if (h225ras_call->next_call == NULL) {
if ( (pinfo->fd->num > h225ras_call->rsp_num && h225ras_call->rsp_num != 0
&& pinfo->fd->abs_secs > (guint) (h225ras_call->req_time.secs + THRESHOLD_REPEATED_RESPONDED_CALL) )
||(pinfo->fd->num > h225ras_call->req_num && h225ras_call->rsp_num == 0
&& pinfo->fd->abs_secs > (guint) (h225ras_call->req_time.secs + THRESHOLD_REPEATED_NOT_RESPONDED_CALL) ) )
{
/* if last request has been responded
and this request appears after last response (has bigger frame number)
and last request occured more than 300 seconds ago,
or if last request hasn't been responded
and this request appears after last request (has bigger frame number)
and last request occured more than 1800 seconds ago,
we decide that we have a new request */
/* Append new ras call to list */
h225ras_call = append_h225ras_call(h225ras_call, pinfo, pi->guid, msg_category);
} else {
/* No, so it's a duplicate request.
Mark it as such. */
pi->is_duplicate = TRUE;
proto_tree_add_uint_hidden(tree, hf_h225_ras_dup, tvb, 0,0, pi->requestSeqNum);
}
break;
}
h225ras_call = h225ras_call->next_call;
} while (h225ras_call != NULL );
}
else {
h225ras_call = new_h225ras_call(&h225ras_call_key, pinfo, pi->guid, msg_category);
}
/* add link to response frame, if available */
if(h225ras_call->rsp_num != 0){
proto_item *ti =
proto_tree_add_uint_format(tree, hf_h225_ras_rsp_frame, tvb, 0, 0, h225ras_call->rsp_num,
"The response to this request is in frame %u",
h225ras_call->rsp_num);
PROTO_ITEM_SET_GENERATED(ti);
}
/* end of request message handling*/
}
else { /* Confirm or Reject Message */
conversation = find_conversation(&pinfo->src,
&pinfo->dst, pinfo->ptype, pinfo->srcport,
pinfo->destport, 0);
if (conversation != NULL) {
/* look only for matching request, if
matching conversation is available. */
h225ras_call_key.reqSeqNum = pi->requestSeqNum;
h225ras_call_key.conversation = conversation;
h225ras_call = find_h225ras_call(&h225ras_call_key ,msg_category);
if(h225ras_call) {
/* find matching ras_call in list of ras calls with identical keys */
do {
if (pinfo->fd->num == h225ras_call->rsp_num) {
/* We have seen this response before -> stop now with matching ras call */
break;
}
/* Break when list end is reached */
if(h225ras_call->next_call == NULL) {
break;
}
h225ras_call = h225ras_call->next_call;
} while (h225ras_call != NULL) ;
/* if this is an ACF, ARJ or DCF, DRJ, give guid to tap and make it filterable */
if (msg_category == 3 || msg_category == 5) {
memcpy(pi->guid, h225ras_call->guid,16);
proto_tree_add_bytes_hidden(tree, hf_h225_guid, tvb, 0, 16, pi->guid);
}
if (h225ras_call->rsp_num == 0) {
/* We have not yet seen a response to that call, so
this must be the first response; remember its
frame number. */
h225ras_call->rsp_num = pinfo->fd->num;
}
else {
/* We have seen a response to this call - but was it
*this* response? */
if (h225ras_call->rsp_num != pinfo->fd->num) {
/* No, so it's a duplicate response.
Mark it as such. */
pi->is_duplicate = TRUE;
proto_tree_add_uint_hidden(tree, hf_h225_ras_dup, tvb, 0,0, pi->requestSeqNum);
}
}
if(h225ras_call->req_num != 0){
proto_item *ti;
h225ras_call->responded = TRUE;
pi->request_available = TRUE;
/* Indicate the frame to which this is a reply. */
ti = proto_tree_add_uint_format(tree, hf_h225_ras_req_frame, tvb, 0, 0, h225ras_call->req_num,
"This is a response to a request in frame %u", h225ras_call->req_num);
PROTO_ITEM_SET_GENERATED(ti);
/* Calculate RAS Service Response Time */
delta.secs= pinfo->fd->abs_secs-h225ras_call->req_time.secs;
delta.nsecs=pinfo->fd->abs_usecs*1000-h225ras_call->req_time.nsecs;
if(delta.nsecs<0){
delta.nsecs+=1000000000;
delta.secs--;
}
pi->delta_time.secs = delta.secs; /* give it to tap */
pi->delta_time.nsecs = delta.nsecs;
/* display Ras Service Response Time and make it filterable */
ti = proto_tree_add_time(tree, hf_h225_ras_deltatime, tvb, 0, 0, &(pi->delta_time));
PROTO_ITEM_SET_GENERATED(ti);
}
}
}
}
}
}

View File

@ -0,0 +1,72 @@
/* packet-h225.h
* Routines for h225 packet dissection
* Copyright 2005, Anders Broman <anders.broman@ericsson.com>
*
* $Id: packet-h225-template.h 12203 2004-10-05 09:18:55Z guy $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef PACKET_H323_H
#define PACKET_H225_H
typedef enum _h225_msg_type {
H225_RAS,
H225_CS,
H225_OTHERS
} h225_msg_type;
typedef enum _h225_cs_type {
H225_SETUP,
H225_CALL_PROCEDING,
H225_ALERTING,
H225_CONNECT,
H225_RELEASE_COMPLET,
H225_OTHER
} h225_cs_type;
typedef struct _h225_packet_info {
h225_msg_type msg_type; /* ras or cs message */
h225_cs_type cs_type; /* cs message type */
gint msg_tag; /* message tag*/
gint reason; /* reason tag, if available */
guint requestSeqNum; /* request sequence number of ras-message, if available */
guint8 guid[16]; /* globally unique call id */
gboolean is_duplicate; /* true, if this is a repeated message */
gboolean request_available; /* true, if response matches to a request */
nstime_t delta_time; /* this is the RAS response time delay */
/* added for h225 conversations analysis */
gboolean is_faststart; /* true, if faststart field is included */
gboolean is_h245;
guint32 h245_address;
guint16 h245_port;
} h225_packet_info;
/*
* the following allows TAP code access to the messages
* without having to duplicate it. With MSVC and a
* libethereal.dll, we need a special declaration.
*/
#include "packet-H225-exp.h"
#endif /* PACKET_H225_H */