forked from osmocom/wireshark
asn2eth generated h225 dissector
svn path=/trunk/; revision=12930
This commit is contained in:
parent
edc4b8fff5
commit
422d331c09
|
@ -0,0 +1,6 @@
|
|||
#.TYPE_ATTR
|
||||
NonStandardParameter TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0
|
||||
AliasAddress TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(AliasAddress_vals) BITMASK = 0
|
||||
RasMessage TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(RasMessage_vals) BITMASK = 0
|
||||
#.END
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,294 @@
|
|||
# h225.cnf
|
||||
# H.225 conformation file
|
||||
# Copyright 2004 Anders Broman
|
||||
# $Id$
|
||||
|
||||
#.MODULE_IMPORT
|
||||
H235-SECURITY-MESSAGES h235
|
||||
MULTIMEDIA-SYSTEM-CONTROL h245
|
||||
#.END
|
||||
|
||||
#.INCLUDE ../h235/h235-exp.cnf
|
||||
#.INCLUDE ../h245/h245-exp.cnf
|
||||
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.EXPORTS
|
||||
#----------------------------------------------------------------------------------------
|
||||
NonStandardParameter
|
||||
RasMessage WITH_VALS ETH_VAR
|
||||
H323-UU-PDU/h323-message-body ONLY_VALS ETH_VAR
|
||||
FacilityReason ONLY_VALS ETH_VAR
|
||||
GatekeeperRejectReason ONLY_VALS ETH_VAR
|
||||
UnregRequestReason ONLY_VALS ETH_VAR
|
||||
UnregRejectReason ONLY_VALS ETH_VAR
|
||||
BandRejectReason ONLY_VALS ETH_VAR
|
||||
DisengageReason ONLY_VALS ETH_VAR
|
||||
DisengageRejectReason ONLY_VALS ETH_VAR
|
||||
InfoRequestNakReason ONLY_VALS ETH_VAR
|
||||
ReleaseCompleteReason ONLY_VALS ETH_VAR
|
||||
AdmissionRejectReason ONLY_VALS ETH_VAR
|
||||
LocationRejectReason ONLY_VALS ETH_VAR
|
||||
RegistrationRejectReason ONLY_VALS ETH_VAR
|
||||
AliasAddress
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.TYPE_RENAME
|
||||
CallCreditServiceControl/callStartingPoint CallCreditServiceControl_callStartingPoint
|
||||
TunnelledProtocol/id TunnelledProtocol_id
|
||||
ServiceControlSession/reason ServiceControlSession_reason
|
||||
RasUsageSpecification/callStartingPoint RasUsageSpecificationcallStartingPoint
|
||||
CapacityReportingSpecification/when CapacityReportingSpecification_when
|
||||
RasUsageSpecification/when RasUsageSpecification_when
|
||||
TransportAddress/ipAddress/ip IpV4
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FIELD_RENAME
|
||||
RasUsageSpecification/callStartingPoint/alerting alerting_flg
|
||||
CallCreditServiceControl/callStartingPoint/alerting alerting_flg
|
||||
UseSpecifiedTransport/annexE annexE_flg
|
||||
|
||||
UUIEsRequested/callProceeding callProceeding_flg
|
||||
|
||||
CicInfo/cic cic_2_4
|
||||
UUIEsRequested/connect connect_bool
|
||||
NonStandardParameter/data data_oct_str
|
||||
H323-UU-PDU/h323-message-body/empty empty_flg
|
||||
RasUsageInfoTypes/endTime endTime_flg
|
||||
UUIEsRequested/facility facility_bool
|
||||
CallsAvailable/group group_IA5String
|
||||
GroupID/group group_IA5String
|
||||
|
||||
Setup-UUIE/hopCount hopCount_1_31
|
||||
UUIEsRequested/information information_bool
|
||||
TransportAddress/ip6Address/ip ipV6
|
||||
TransportAddress/ipAddress/ip ipV4
|
||||
TransportAddress/ipSourceRoute/ip src_route_ipV4
|
||||
RTPSession/multicast multicast_flg
|
||||
|
||||
UUIEsRequested/notify notify_bool
|
||||
TransportAddress/ipxAddress/port ipx_port
|
||||
TransportAddress/ipAddress/port ipV4_port
|
||||
TransportAddress/ipSourceRoute/port ipV4_src_port
|
||||
TransportAddress/ip6Address/port ipV6_port
|
||||
UUIEsRequested/progress progress_bool
|
||||
|
||||
Facility-UUIE/reason facilityReason
|
||||
UnregistrationRequest/reason unregRequestReason
|
||||
ReleaseComplete-UUIE/reason releaseCompleteReason
|
||||
BandwidthReject/rejectReason bandRejectReason
|
||||
UnregistrationReject/rejectReason unregRejectReason
|
||||
RegistrationReject/rejectReason registrationRejectReason
|
||||
LocationReject/rejectReason locationRejectReason
|
||||
DisengageReject/rejectReason disengageRejectReason
|
||||
GatekeeperReject/rejectReason gatekeeperRejectReason
|
||||
|
||||
UUIEsRequested/releaseComplete releaseComplete_bool
|
||||
UseSpecifiedTransport/sctp sctp_flg
|
||||
ServiceControlSession/sessionId sessionId_0_255
|
||||
UUIEsRequested/setup setup_bool
|
||||
UUIEsRequested/setupAcknowledge setupAcknowledge_bool
|
||||
Setup-UUIE/sourceInfo Setup-UUIE_sourceInfo
|
||||
|
||||
UUIEsRequested/status status_bool
|
||||
UUIEsRequested/statusInquiry statusInquiry_bool
|
||||
RasUsageInfoTypes/terminationCause terminationCause_flg
|
||||
CapacityReportingSpecification/when capacityReportingSpecification_when
|
||||
UUIEsRequested/alerting alerting_bool
|
||||
|
||||
LocationConfirm/callSignalAddress locationConfirm_callSignalAddress
|
||||
|
||||
RasUsageSpecification/callStartingPoint/connect connect_flg
|
||||
CallCreditServiceControl/callStartingPoint/connect connect_flg
|
||||
|
||||
Alerting-UUIE/destinationInfo uUIE_destinationInfo
|
||||
CallProceeding-UUIE/destinationInfo uUIE_destinationInfo
|
||||
Connect-UUIE/destinationInfo uUIE_destinationInfo
|
||||
Facility-UUIE/destinationInfo uUIE_destinationInfo
|
||||
Progress-UUIE/destinationInfo uUIE_destinationInfo
|
||||
|
||||
TunnelledProtocol/id tunnelledProtocol_id
|
||||
SecurityCapabilities/integrity securityCapabilities_integrity
|
||||
|
||||
GenericIdentifier/nonStandard genericIdentifier_nonStandard
|
||||
AlternateGK/rasAddress alternateGK_rasAddress
|
||||
GatekeeperRequest/rasAddress gatekeeperRequest_rasAddress
|
||||
GatekeeperConfirm/rasAddress gatekeeperConfirm_rasAddress
|
||||
LocationConfirm/rasAddress locationConfirm_rasAddress
|
||||
InfoRequestResponse/rasAddress infoRequestResponse_rasAddress
|
||||
|
||||
|
||||
Setup-UUIE/remoteExtensionAddress uUIE_remoteExtensionAddress
|
||||
Facility-UUIE/remoteExtensionAddress uUIE_remoteExtensionAddress
|
||||
|
||||
VendorIdentifier/vendor vendorIdentifier_vendor
|
||||
|
||||
RasUsageSpecification/callStartingPoint ras_callStartingPoint
|
||||
|
||||
ReleaseCompleteReason/securityError rLC_securityError
|
||||
GatekeeperRejectReason/securityError gkRej_securityError
|
||||
RegistrationRejectReason/securityError reg_securityError
|
||||
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_BODY H323-UU-PDU/h323-message-body
|
||||
guint32 message_body_val;
|
||||
|
||||
contains_faststart = FALSE;
|
||||
offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index,
|
||||
ett_h225_T_h323_message_body, T_h323_message_body_choice, "T_h323_message_body",
|
||||
&message_body_val);
|
||||
|
||||
if (check_col(pinfo->cinfo, COL_INFO)){
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, "CS: %s ",
|
||||
val_to_str(message_body_val, T_h323_message_body_vals, "<unknown>"));
|
||||
}
|
||||
|
||||
if (h225_pi.msg_type == H225_CS) {
|
||||
/* Don't override msg_tag value from IRR */
|
||||
h225_pi.msg_tag = value;
|
||||
}
|
||||
|
||||
if (contains_faststart == TRUE )
|
||||
{
|
||||
if (check_col(pinfo->cinfo, COL_INFO))
|
||||
{
|
||||
col_append_str(pinfo->cinfo, COL_INFO, "OpenLogicalChannel " );
|
||||
}
|
||||
}
|
||||
|
||||
col_set_fence(pinfo->cinfo,COL_INFO);
|
||||
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_BODY FastStart/_item
|
||||
guint32 newoffset;
|
||||
guint32 length;
|
||||
|
||||
offset=dissect_per_length_determinant(tvb, offset, pinfo, tree, hf_h225_fastStart_item_length, &length);
|
||||
newoffset=offset + (length<<3); /* please note that offset is in bits in
|
||||
PER dissectors, but the item length
|
||||
is in octets */
|
||||
offset=dissect_h245_OpenLogicalChannel(tvb,offset, pinfo, tree, hf_index);
|
||||
contains_faststart = TRUE;
|
||||
h225_pi.is_faststart = TRUE;
|
||||
|
||||
return newoffset;
|
||||
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_BODY RasMessage
|
||||
|
||||
offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index,
|
||||
ett_h225_RasMessage, RasMessage_choice, "RasMessage",
|
||||
&value);
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
# TODO asn2eth can't handle restriced string ?
|
||||
#.FN_BODY DialedDigits
|
||||
|
||||
offset=dissect_per_restricted_character_string(tvb, offset, pinfo, tree, hf_index, 1, 128, "#,*0123456789", 13);
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
# TODO asn2eth can't handle restriced string ?
|
||||
#.FN_BODY NumberDigits
|
||||
|
||||
offset=dissect_per_restricted_character_string(tvb, offset, pinfo, tree, hf_index, 1, 128, "#,*0123456789", 13);
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_BODY H221NonStandard/t35CountryCode
|
||||
|
||||
offset = dissect_per_constrained_integer(tvb, offset, pinfo, tree, hf_index,
|
||||
0U, 255U, &value, NULL, FALSE);
|
||||
T38_manufacturer_code = value << 24;
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_BODY H221NonStandard/t35Extension
|
||||
|
||||
offset = dissect_per_constrained_integer(tvb, offset, pinfo, tree, hf_index,
|
||||
0U, 255U, &value, NULL, FALSE);
|
||||
T38_manufacturer_code = T38_manufacturer_code ^ (value << 16);
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_BODY H221NonStandard/manufacturerCode
|
||||
|
||||
offset = dissect_per_constrained_integer(tvb, offset, pinfo, tree, hf_index,
|
||||
0U, 65535U, &value, NULL, FALSE);
|
||||
T38_manufacturer_code = T38_manufacturer_code ^ value;
|
||||
proto_tree_add_uint(tree, hf_h221Manufacturer, tvb, (offset)-4,4,T38_manufacturer_code);
|
||||
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_BODY H245TransportAddress/h245ipAddress/h245ipv4
|
||||
|
||||
guint32 value_offset;
|
||||
guint32 value_len;
|
||||
|
||||
offset = dissect_per_octet_string(tvb, offset, pinfo, tree, hf_index,
|
||||
4, 4,
|
||||
&value_offset, &value_len);
|
||||
tvb_memcpy(tvb, (char *)&ipv4_address, value_offset, 4);
|
||||
|
||||
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_BODY H245TransportAddress/h245ipAddress/h245ipv4port
|
||||
offset = dissect_per_constrained_integer(tvb, offset, pinfo, tree, hf_index,
|
||||
0U, 65535U, &ipv4_port, NULL, FALSE);
|
||||
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_BODY H245Control/_item
|
||||
|
||||
tvbuff_t *h245_tvb;
|
||||
guint32 h245_offset=0;
|
||||
guint32 h245_len=0;
|
||||
|
||||
offset=dissect_per_octet_string(tvb, offset, pinfo, tree, -1, -1, -1, &h245_offset, &h245_len);
|
||||
|
||||
if(h245_len){
|
||||
h245_tvb = tvb_new_subset(tvb, h245_offset, h245_len, h245_len);
|
||||
call_dissector(h245dg_handle, h245_tvb, pinfo, tree);
|
||||
}
|
||||
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_HDR H323-UU-PDU/h323-message-body/setup
|
||||
contains_faststart = FALSE;
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_FTR H323-UU-PDU/h323-message-body/setup
|
||||
h225_pi.cs_type = H225_SETUP;
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_HDR H245TransportAddress
|
||||
ipv4_address=0;
|
||||
ipv4_port=0;
|
||||
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.FN_FTR H245TransportAddress
|
||||
/* we need this info for TAPing */
|
||||
h225_pi.is_h245 = TRUE;
|
||||
h225_pi.h245_address = ipv4_address;
|
||||
h225_pi.h245_port = ipv4_port;
|
||||
|
||||
if((!pinfo->fd->flags.visited) && ipv4_address!=0 && ipv4_port!=0 && h245_handle){
|
||||
address src_addr;
|
||||
conversation_t *conv=NULL;
|
||||
|
||||
src_addr.type=AT_IPv4;
|
||||
src_addr.len=4;
|
||||
src_addr.data=(const guint8 *)&ipv4_address;
|
||||
|
||||
conv=find_conversation(&src_addr, &src_addr, PT_TCP, ipv4_port, ipv4_port, NO_ADDR_B|NO_PORT_B);
|
||||
if(!conv){
|
||||
conv=conversation_new(&src_addr, &src_addr, PT_TCP, ipv4_port, ipv4_port, NO_ADDR2|NO_PORT2);
|
||||
conversation_set_dissector(conv, h245_handle);
|
||||
}
|
||||
}
|
||||
|
||||
#.END
|
||||
#----------------------------------------------------------------------------------------
|
||||
#.TYPE_ATTR
|
||||
H221NonStandard/t35CountryCode TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(T35CountryCode_vals)
|
||||
TransportAddress/ipAddress/ip TYPE = FT_IPv4 DISPLAY = BASE_NONE STRINGS = NULL
|
||||
TransportAddress/ip6Address/ip TYPE = FT_IPv6 DISPLAY = BASE_NONE STRINGS = NULL
|
||||
H245TransportAddress/h245ipAddress/h245ipv TYPE = FT_IPv4 DISPLAY = BASE_NONE STRINGS = NULL
|
||||
H245TransportAddress/h245ip6Address/h245ipv6 TYPE = FT_IPv6 DISPLAY = BASE_NONE STRINGS = NULL
|
|
@ -0,0 +1,466 @@
|
|||
/* packet-h225_asn1.c
|
||||
* Routines for h225 packet dissection
|
||||
* Copyright 2005, Anders Broman <anders.broman@ericsson.com>
|
||||
*
|
||||
* $Id: packet-h225_asn1-template.c 12203 2004-10-05 09:18:55Z guy $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* To quote the author of the previous H323/H225/H245 dissector:
|
||||
* "This is a complete replacement of the previous limitied dissector
|
||||
* that Ronnie was crazy enough to write by hand. It was a lot of time
|
||||
* to hack it by hand, but it is incomplete and buggy and it is good when
|
||||
* it will go away."
|
||||
* Ronnie did a great job and all the VoIP users had made good use of it!
|
||||
* Credit to Tomas Kukosa for developing the Asn2eth compiler.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <glib.h>
|
||||
#include <epan/packet.h>
|
||||
#include <epan/conversation.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <epan/prefs.h>
|
||||
#include "tap.h"
|
||||
#include "packet-tpkt.h"
|
||||
#include "packet-per.h"
|
||||
#include "packet-h225.h"
|
||||
#include <epan/t35.h>
|
||||
#include "h225-persistentdata.h"
|
||||
#include "packet-ber.h"
|
||||
#include "packet-h235.h"
|
||||
#include "packet-h245.h"
|
||||
|
||||
#define PNAME "h225"
|
||||
#define PSNAME "H225"
|
||||
#define PFNAME "h225"
|
||||
|
||||
#define UDP_PORT_RAS1 1718
|
||||
#define UDP_PORT_RAS2 1719
|
||||
#define TCP_PORT_CS 1720
|
||||
|
||||
static void reset_h225_packet_info(h225_packet_info *pi);
|
||||
static void ras_call_matching(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, h225_packet_info *pi);
|
||||
static int dissect_h225_H323UserInformation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
|
||||
|
||||
static h225_packet_info h225_pi;
|
||||
|
||||
static dissector_handle_t h225ras_handle;
|
||||
static dissector_handle_t H323UserInformation_handle;
|
||||
static dissector_handle_t data_handle;
|
||||
/* Subdissector tables */
|
||||
static dissector_table_t nsp_object_dissector_table;
|
||||
static dissector_table_t nsp_h221_dissector_table;
|
||||
static dissector_table_t tp_dissector_table;
|
||||
|
||||
|
||||
static dissector_handle_t h245_handle=NULL;
|
||||
static dissector_handle_t h245dg_handle=NULL;
|
||||
static dissector_handle_t h4501_handle=NULL;
|
||||
|
||||
/* Initialize the protocol and registered fields */
|
||||
static int h225_tap = -1;
|
||||
static int proto_h225 = -1;
|
||||
|
||||
static int hf_h225_H323_UserInformation = -1;
|
||||
static int hf_h225_RasMessage = -1;
|
||||
static int hf_h221Manufacturer = -1;
|
||||
static int hf_h225_ras_req_frame = -1;
|
||||
static int hf_h225_ras_rsp_frame = -1;
|
||||
static int hf_h225_ras_dup = -1;
|
||||
static int hf_h225_ras_deltatime = -1;
|
||||
static int hf_h225_fastStart_item_length = -1;
|
||||
|
||||
#include "packet-h225-hf.c"
|
||||
|
||||
/* Initialize the subtree pointers */
|
||||
static gint ett_h225 = -1;
|
||||
#include "packet-h225-ett.c"
|
||||
|
||||
/* Global variables */
|
||||
static guint32 ipv4_address;
|
||||
static guint32 ipv4_port;
|
||||
guint32 T38_manufacturer_code;
|
||||
static gboolean h225_reassembly = TRUE;
|
||||
guint32 value;
|
||||
static gboolean contains_faststart = FALSE;
|
||||
|
||||
#include "packet-h225-fn.c"
|
||||
|
||||
|
||||
static int
|
||||
dissect_h225_H323UserInformation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
||||
{
|
||||
proto_item *it;
|
||||
proto_tree *tr;
|
||||
int offset = 0;
|
||||
|
||||
if (check_col(pinfo->cinfo, COL_PROTOCOL)){
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "H.225.0");
|
||||
}
|
||||
if (check_col(pinfo->cinfo, COL_INFO)){
|
||||
col_clear(pinfo->cinfo, COL_INFO);
|
||||
}
|
||||
|
||||
it=proto_tree_add_protocol_format(tree, proto_h225, tvb, 0, tvb_length(tvb), "H.225.0 CS");
|
||||
tr=proto_item_add_subtree(it, ett_h225);
|
||||
|
||||
offset = dissect_h225_H323_UserInformation(tvb, offset,pinfo, tr, hf_h225_H323_UserInformation);
|
||||
|
||||
return offset;
|
||||
}
|
||||
static int
|
||||
dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){
|
||||
proto_item *it;
|
||||
proto_tree *tr;
|
||||
guint32 offset=0;
|
||||
|
||||
/* Init struct for collecting h225_packet_info */
|
||||
reset_h225_packet_info(&(h225_pi));
|
||||
h225_pi.msg_type = H225_RAS;
|
||||
|
||||
if (check_col(pinfo->cinfo, COL_PROTOCOL)){
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "H.225.0");
|
||||
}
|
||||
|
||||
it=proto_tree_add_protocol_format(tree, proto_h225, tvb, offset, tvb_length(tvb), "H.225.0 RAS");
|
||||
tr=proto_item_add_subtree(it, ett_h225);
|
||||
|
||||
offset = dissect_h225_RasMessage(tvb, 0, pinfo,tr, hf_h225_RasMessage );
|
||||
|
||||
if (check_col(pinfo->cinfo, COL_INFO)){
|
||||
col_add_fstr(pinfo->cinfo, COL_INFO, "RAS: %s ",
|
||||
val_to_str(value, RasMessage_vals, "<unknown>"));
|
||||
}
|
||||
|
||||
h225_pi.msg_tag = value;
|
||||
|
||||
ras_call_matching(tvb, pinfo, tr, &(h225_pi));
|
||||
|
||||
tap_queue_packet(h225_tap, pinfo, &h225_pi);
|
||||
|
||||
return offset;
|
||||
}
|
||||
/*--- proto_register_h225 -------------------------------------------*/
|
||||
void proto_register_h225(void) {
|
||||
|
||||
/* List of fields */
|
||||
static hf_register_info hf[] = {
|
||||
{ &hf_h225_H323_UserInformation,
|
||||
{ "H323_UserInformation", "h225.H323_UserInformation", FT_NONE, BASE_NONE,
|
||||
NULL, 0, "H323_UserInformation sequence", HFILL }},
|
||||
{ &hf_h225_RasMessage,
|
||||
{ "RasMessage", "h225.RasMessage", FT_UINT32, BASE_DEC,
|
||||
VALS(RasMessage_vals), 0, "RasMessage choice", HFILL }},
|
||||
{ &hf_h221Manufacturer,
|
||||
{ "H.221 Manufacturer", "h221.Manufacturer", FT_UINT32, BASE_HEX,
|
||||
VALS(H221ManufacturerCode_vals), 0, "H.221 Manufacturer", HFILL }},
|
||||
{ &hf_h225_ras_req_frame,
|
||||
{ "RAS Request Frame", "h225.ras.reqframe", FT_FRAMENUM, BASE_NONE,
|
||||
NULL, 0, "RAS Request Frame", HFILL }},
|
||||
{ &hf_h225_ras_rsp_frame,
|
||||
{ "RAS Response Frame", "h225.ras.rspframe", FT_FRAMENUM, BASE_NONE,
|
||||
NULL, 0, "RAS Response Frame", HFILL }},
|
||||
{ &hf_h225_ras_dup,
|
||||
{ "Duplicate RAS Message", "h225.ras.dup", FT_UINT32, BASE_DEC,
|
||||
NULL, 0, "Duplicate RAS Message", HFILL }},
|
||||
{ &hf_h225_ras_deltatime,
|
||||
{ "RAS Service Response Time", "h225.ras.timedelta", FT_RELATIVE_TIME, BASE_NONE,
|
||||
NULL, 0, "Timedelta between RAS-Request and RAS-Response", HFILL }},
|
||||
{ &hf_h225_fastStart_item_length,
|
||||
{ "fastStart item length", "h225.fastStart_item_length", FT_UINT32, BASE_DEC,
|
||||
NULL, 0, "fastStart item length", HFILL }},
|
||||
|
||||
#include "packet-h225-hfarr.c"
|
||||
};
|
||||
|
||||
/* List of subtrees */
|
||||
static gint *ett[] = {
|
||||
&ett_h225,
|
||||
#include "packet-h225-ettarr.c"
|
||||
};
|
||||
module_t *h225_module;
|
||||
|
||||
/* Register protocol */
|
||||
proto_h225 = proto_register_protocol(PNAME, PSNAME, PFNAME);
|
||||
/* Register fields and subtrees */
|
||||
proto_register_field_array(proto_h225, hf, array_length(hf));
|
||||
proto_register_subtree_array(ett, array_length(ett));
|
||||
|
||||
h225_module = prefs_register_protocol(proto_h225, NULL);
|
||||
prefs_register_bool_preference(h225_module, "reassembly",
|
||||
"Reassemble H.225 messages spanning multiple TCP segments",
|
||||
"Whether the H.225 dissector should reassemble messages spanning multiple TCP segments."
|
||||
" To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
|
||||
&h225_reassembly);
|
||||
|
||||
register_dissector("h225", dissect_h225_H323UserInformation, proto_h225);
|
||||
register_dissector("h323ui",dissect_h225_H323UserInformation, proto_h225);
|
||||
|
||||
nsp_object_dissector_table = register_dissector_table("h225.nsp.object", "H.225 NonStandardParameter (object)", FT_STRING, BASE_NONE);
|
||||
nsp_h221_dissector_table = register_dissector_table("h225.nsp.h221", "H.225 NonStandardParameter (h221)", FT_UINT32, BASE_HEX);
|
||||
tp_dissector_table = register_dissector_table("h225.tp", "H.225 TunnelledProtocol", FT_STRING, BASE_NONE);
|
||||
|
||||
register_init_routine(&h225_init_routine);
|
||||
h225_tap = register_tap("h225");
|
||||
register_ber_oid_name("0.0.8.2250.0.2","itu-t(0) recommendation(0) h(8) h225-0(2250) version(0) 2");
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
/*--- proto_reg_handoff_h225 ---------------------------------------*/
|
||||
void
|
||||
proto_reg_handoff_h225(void)
|
||||
{
|
||||
h225ras_handle=new_create_dissector_handle(dissect_h225_h225_RasMessage, proto_h225);
|
||||
H323UserInformation_handle=new_create_dissector_handle(dissect_h225_H323UserInformation, proto_h225);
|
||||
|
||||
h245_handle = find_dissector("h245");
|
||||
h245dg_handle = find_dissector("h245dg");
|
||||
h4501_handle = find_dissector("h4501");
|
||||
data_handle = find_dissector("data");
|
||||
|
||||
dissector_add("udp.port", UDP_PORT_RAS1, h225ras_handle);
|
||||
dissector_add("udp.port", UDP_PORT_RAS2, h225ras_handle);
|
||||
}
|
||||
|
||||
|
||||
static void reset_h225_packet_info(h225_packet_info *pi)
|
||||
{
|
||||
if(pi == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
pi->msg_type = H225_OTHERS;
|
||||
pi->cs_type = H225_OTHER;
|
||||
pi->msg_tag = -1;
|
||||
pi->reason = -1;
|
||||
pi->requestSeqNum = 0;
|
||||
memset(pi->guid,0,16);
|
||||
pi->is_duplicate = FALSE;
|
||||
pi->request_available = FALSE;
|
||||
pi->is_faststart = FALSE;
|
||||
pi->is_h245 = FALSE;
|
||||
pi->h245_address = 0;
|
||||
pi->h245_port = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
The following function contains the routines for RAS request/response matching.
|
||||
A RAS response matches with a request, if both messages have the same
|
||||
RequestSequenceNumber, belong to the same IP conversation and belong to the same
|
||||
RAS "category" (e.g. Admission, Registration).
|
||||
|
||||
We use hashtables to access the lists of RAS calls (request/response pairs).
|
||||
We have one hashtable for each RAS category. The hashkeys consist of the
|
||||
non-unique 16-bit RequestSequenceNumber and values representing the conversation.
|
||||
|
||||
In big capture files, we might get different requests with identical keys.
|
||||
These requests aren't necessarily duplicates. They might be valid new requests.
|
||||
At the moment we just use the timedelta between the last valid and the new request
|
||||
to decide if the new request is a duplicate or not. There might be better ways.
|
||||
Two thresholds are defined below.
|
||||
|
||||
However the decision is made, another problem arises. We can't just add those
|
||||
requests to our hashtables. Instead we create lists of RAS calls with identical keys.
|
||||
The hashtables for RAS calls contain now pointers to the first RAS call in a list of
|
||||
RAS calls with identical keys.
|
||||
These lists aren't expected to contain more than 3 items and are usually single item
|
||||
lists. So we don't need an expensive but intelligent way to access these lists
|
||||
(e.g. hashtables). Just walk through such a list.
|
||||
*/
|
||||
|
||||
#define THRESHOLD_REPEATED_RESPONDED_CALL 300
|
||||
#define THRESHOLD_REPEATED_NOT_RESPONDED_CALL 1800
|
||||
|
||||
static void ras_call_matching(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, h225_packet_info *pi)
|
||||
{
|
||||
conversation_t* conversation = NULL;
|
||||
h225ras_call_info_key h225ras_call_key;
|
||||
h225ras_call_t *h225ras_call = NULL;
|
||||
nstime_t delta;
|
||||
guint msg_category;
|
||||
|
||||
if(pi->msg_type == H225_RAS && pi->msg_tag < 21) {
|
||||
/* make RAS request/response matching only for tags from 0 to 20 for now */
|
||||
|
||||
msg_category = pi->msg_tag / 3;
|
||||
if(pi->msg_tag % 3 == 0) { /* Request Message */
|
||||
conversation = find_conversation(&pinfo->src,
|
||||
&pinfo->dst, pinfo->ptype, pinfo->srcport,
|
||||
pinfo->destport, 0);
|
||||
|
||||
if (conversation == NULL) {
|
||||
/* It's not part of any conversation - create a new one. */
|
||||
conversation = conversation_new(&pinfo->src,
|
||||
&pinfo->dst, pinfo->ptype, pinfo->srcport,
|
||||
pinfo->destport, 0);
|
||||
|
||||
}
|
||||
|
||||
/* prepare the key data */
|
||||
h225ras_call_key.reqSeqNum = pi->requestSeqNum;
|
||||
h225ras_call_key.conversation = conversation;
|
||||
|
||||
/* look up the request */
|
||||
h225ras_call = find_h225ras_call(&h225ras_call_key ,msg_category);
|
||||
|
||||
if (h225ras_call != NULL) {
|
||||
/* We've seen requests with this reqSeqNum, with the same
|
||||
source and destination, before - do we have
|
||||
*this* request already? */
|
||||
/* Walk through list of ras requests with identical keys */
|
||||
do {
|
||||
if (pinfo->fd->num == h225ras_call->req_num) {
|
||||
/* We have seen this request before -> do nothing */
|
||||
break;
|
||||
}
|
||||
|
||||
/* if end of list is reached, exit loop and decide if request is duplicate or not. */
|
||||
if (h225ras_call->next_call == NULL) {
|
||||
if ( (pinfo->fd->num > h225ras_call->rsp_num && h225ras_call->rsp_num != 0
|
||||
&& pinfo->fd->abs_secs > (guint) (h225ras_call->req_time.secs + THRESHOLD_REPEATED_RESPONDED_CALL) )
|
||||
||(pinfo->fd->num > h225ras_call->req_num && h225ras_call->rsp_num == 0
|
||||
&& pinfo->fd->abs_secs > (guint) (h225ras_call->req_time.secs + THRESHOLD_REPEATED_NOT_RESPONDED_CALL) ) )
|
||||
{
|
||||
/* if last request has been responded
|
||||
and this request appears after last response (has bigger frame number)
|
||||
and last request occured more than 300 seconds ago,
|
||||
or if last request hasn't been responded
|
||||
and this request appears after last request (has bigger frame number)
|
||||
and last request occured more than 1800 seconds ago,
|
||||
we decide that we have a new request */
|
||||
/* Append new ras call to list */
|
||||
h225ras_call = append_h225ras_call(h225ras_call, pinfo, pi->guid, msg_category);
|
||||
} else {
|
||||
/* No, so it's a duplicate request.
|
||||
Mark it as such. */
|
||||
pi->is_duplicate = TRUE;
|
||||
proto_tree_add_uint_hidden(tree, hf_h225_ras_dup, tvb, 0,0, pi->requestSeqNum);
|
||||
}
|
||||
break;
|
||||
}
|
||||
h225ras_call = h225ras_call->next_call;
|
||||
} while (h225ras_call != NULL );
|
||||
}
|
||||
else {
|
||||
h225ras_call = new_h225ras_call(&h225ras_call_key, pinfo, pi->guid, msg_category);
|
||||
}
|
||||
|
||||
/* add link to response frame, if available */
|
||||
if(h225ras_call->rsp_num != 0){
|
||||
proto_item *ti =
|
||||
proto_tree_add_uint_format(tree, hf_h225_ras_rsp_frame, tvb, 0, 0, h225ras_call->rsp_num,
|
||||
"The response to this request is in frame %u",
|
||||
h225ras_call->rsp_num);
|
||||
PROTO_ITEM_SET_GENERATED(ti);
|
||||
}
|
||||
|
||||
/* end of request message handling*/
|
||||
}
|
||||
else { /* Confirm or Reject Message */
|
||||
conversation = find_conversation(&pinfo->src,
|
||||
&pinfo->dst, pinfo->ptype, pinfo->srcport,
|
||||
pinfo->destport, 0);
|
||||
if (conversation != NULL) {
|
||||
/* look only for matching request, if
|
||||
matching conversation is available. */
|
||||
h225ras_call_key.reqSeqNum = pi->requestSeqNum;
|
||||
h225ras_call_key.conversation = conversation;
|
||||
h225ras_call = find_h225ras_call(&h225ras_call_key ,msg_category);
|
||||
if(h225ras_call) {
|
||||
/* find matching ras_call in list of ras calls with identical keys */
|
||||
do {
|
||||
if (pinfo->fd->num == h225ras_call->rsp_num) {
|
||||
/* We have seen this response before -> stop now with matching ras call */
|
||||
break;
|
||||
}
|
||||
|
||||
/* Break when list end is reached */
|
||||
if(h225ras_call->next_call == NULL) {
|
||||
break;
|
||||
}
|
||||
h225ras_call = h225ras_call->next_call;
|
||||
} while (h225ras_call != NULL) ;
|
||||
|
||||
/* if this is an ACF, ARJ or DCF, DRJ, give guid to tap and make it filterable */
|
||||
if (msg_category == 3 || msg_category == 5) {
|
||||
memcpy(pi->guid, h225ras_call->guid,16);
|
||||
proto_tree_add_bytes_hidden(tree, hf_h225_guid, tvb, 0, 16, pi->guid);
|
||||
}
|
||||
|
||||
if (h225ras_call->rsp_num == 0) {
|
||||
/* We have not yet seen a response to that call, so
|
||||
this must be the first response; remember its
|
||||
frame number. */
|
||||
h225ras_call->rsp_num = pinfo->fd->num;
|
||||
}
|
||||
else {
|
||||
/* We have seen a response to this call - but was it
|
||||
*this* response? */
|
||||
if (h225ras_call->rsp_num != pinfo->fd->num) {
|
||||
/* No, so it's a duplicate response.
|
||||
Mark it as such. */
|
||||
pi->is_duplicate = TRUE;
|
||||
proto_tree_add_uint_hidden(tree, hf_h225_ras_dup, tvb, 0,0, pi->requestSeqNum);
|
||||
}
|
||||
}
|
||||
|
||||
if(h225ras_call->req_num != 0){
|
||||
proto_item *ti;
|
||||
h225ras_call->responded = TRUE;
|
||||
pi->request_available = TRUE;
|
||||
|
||||
/* Indicate the frame to which this is a reply. */
|
||||
ti = proto_tree_add_uint_format(tree, hf_h225_ras_req_frame, tvb, 0, 0, h225ras_call->req_num,
|
||||
"This is a response to a request in frame %u", h225ras_call->req_num);
|
||||
PROTO_ITEM_SET_GENERATED(ti);
|
||||
|
||||
/* Calculate RAS Service Response Time */
|
||||
delta.secs= pinfo->fd->abs_secs-h225ras_call->req_time.secs;
|
||||
delta.nsecs=pinfo->fd->abs_usecs*1000-h225ras_call->req_time.nsecs;
|
||||
if(delta.nsecs<0){
|
||||
delta.nsecs+=1000000000;
|
||||
delta.secs--;
|
||||
}
|
||||
pi->delta_time.secs = delta.secs; /* give it to tap */
|
||||
pi->delta_time.nsecs = delta.nsecs;
|
||||
|
||||
/* display Ras Service Response Time and make it filterable */
|
||||
ti = proto_tree_add_time(tree, hf_h225_ras_deltatime, tvb, 0, 0, &(pi->delta_time));
|
||||
PROTO_ITEM_SET_GENERATED(ti);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,72 @@
|
|||
/* packet-h225.h
|
||||
* Routines for h225 packet dissection
|
||||
* Copyright 2005, Anders Broman <anders.broman@ericsson.com>
|
||||
*
|
||||
* $Id: packet-h225-template.h 12203 2004-10-05 09:18:55Z guy $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifndef PACKET_H323_H
|
||||
#define PACKET_H225_H
|
||||
|
||||
typedef enum _h225_msg_type {
|
||||
H225_RAS,
|
||||
H225_CS,
|
||||
H225_OTHERS
|
||||
} h225_msg_type;
|
||||
|
||||
typedef enum _h225_cs_type {
|
||||
H225_SETUP,
|
||||
H225_CALL_PROCEDING,
|
||||
H225_ALERTING,
|
||||
H225_CONNECT,
|
||||
H225_RELEASE_COMPLET,
|
||||
H225_OTHER
|
||||
} h225_cs_type;
|
||||
|
||||
typedef struct _h225_packet_info {
|
||||
h225_msg_type msg_type; /* ras or cs message */
|
||||
h225_cs_type cs_type; /* cs message type */
|
||||
gint msg_tag; /* message tag*/
|
||||
gint reason; /* reason tag, if available */
|
||||
guint requestSeqNum; /* request sequence number of ras-message, if available */
|
||||
guint8 guid[16]; /* globally unique call id */
|
||||
gboolean is_duplicate; /* true, if this is a repeated message */
|
||||
gboolean request_available; /* true, if response matches to a request */
|
||||
nstime_t delta_time; /* this is the RAS response time delay */
|
||||
/* added for h225 conversations analysis */
|
||||
gboolean is_faststart; /* true, if faststart field is included */
|
||||
gboolean is_h245;
|
||||
guint32 h245_address;
|
||||
guint16 h245_port;
|
||||
} h225_packet_info;
|
||||
|
||||
/*
|
||||
* the following allows TAP code access to the messages
|
||||
* without having to duplicate it. With MSVC and a
|
||||
* libethereal.dll, we need a special declaration.
|
||||
*/
|
||||
|
||||
|
||||
#include "packet-H225-exp.h"
|
||||
|
||||
#endif /* PACKET_H225_H */
|
||||
|
||||
|
Loading…
Reference in New Issue