From Miha Jemec: I implemented a H323 call decoder. Using the TAP system, it keeps track of each call, number of packets, setting filter and a more detailed analysis of each call.

svn path=/trunk/; revision=12142
2004-09-29 22:23:37 +00:00 · 2004-09-29 22:23:37 +00:00 · b9f8796c1c
parent 3dc86aaf55
commit b9f8796c1c
4 changed files with 116 additions and 2 deletions
--- a/epan/dissectors/packet-h225.c
+++ b/epan/dissectors/packet-h225.c
@ -53,7 +53,7 @@
 static void reset_h225_packet_info(h225_packet_info *pi);
 static void ras_call_matching(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, h225_packet_info *pi);

-static h225_packet_info h225_pi;
+static h225_packet_info h225_pi; 

 static dissector_handle_t h225ras_handle;
 static dissector_handle_t H323UserInformation_handle;
@ -2809,6 +2809,11 @@ dissect_h225_h245Address(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tr

 	offset=dissect_per_choice(tvb, offset, pinfo, tree, hf_h225_h245Address, ett_h225_TransportAddress, TransportAddress_choice, "h245Address", NULL);

+	/* we need this info for TAPing */
+	h225_pi.is_h245 = TRUE;
+	h225_pi.h245_address = ipv4_address;	
+	h225_pi.h245_port = ipv4_port;	
+
 	if((!pinfo->fd->flags.visited) && ipv4_address!=0 && ipv4_port!=0 && h245_handle){
 		address src_addr;
 		conversation_t *conv=NULL;
@ -5223,8 +5228,8 @@ dissect_h225_fastStart_item(tvbuff_t *tvb, int offset, packet_info *pinfo, proto
 					   PER dissectors, but the item length
 					   is in octets */
 	offset=dissect_h245_OpenLogicalChannel(tvb, offset, pinfo, tree);
-
 	contains_faststart = TRUE;
+	h225_pi.is_faststart = TRUE;

 	return newoffset;
 }
@ -5638,6 +5643,9 @@ static int
 dissect_h225_CallProceedingUUIE(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree)
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h225_CallProceedingUUIE, ett_h225_CallProceedingUUIE, CallProceedingUUIE_sequence);
+
+	h225_pi.cs_type = H225_CALL_PROCEDING;
+
 	return offset;
 }

@ -6915,6 +6923,9 @@ static int
 dissect_h225_AlertingUUIE(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree)
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h225_AlertingUUIE, ett_h225_AlertingUUIE, AlertingUUIE_sequence);
+
+	h225_pi.cs_type = H225_ALERTING;
+
 	return offset;
 }

@ -6955,6 +6966,9 @@ static int
 dissect_h225_ReleaseCompleteUUIE(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree)
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h225_ReleaseCompleteUUIE, ett_h225_ReleaseCompleteUUIE, ReleaseCompleteUUIE_sequence);
+
+	h225_pi.cs_type = H225_RELEASE_COMPLET;
+
 	return offset;
 }

@ -7243,6 +7257,9 @@ dissect_h225_SetupUUIE(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree
 {
 	contains_faststart = FALSE;
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h225_SetupUUIE, ett_h225_SetupUUIE, SetupUUIE_sequence);
+	
+	h225_pi.cs_type = H225_SETUP;
+
 	return offset;
 }

@ -7299,6 +7316,9 @@ static int
 dissect_h225_ConnectUUIE(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree)
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h225_ConnectUUIE, ett_h225_ConnectUUIE, ConnectUUIE_sequence);
+
+	h225_pi.cs_type = H225_CONNECT;
+
 	return offset;
 }

@ -10549,12 +10569,17 @@ static void reset_h225_packet_info(h225_packet_info *pi)
 	}

 	pi->msg_type = H225_OTHERS;
+	pi->cs_type = H225_OTHER;
 	pi->msg_tag = -1;
 	pi->reason = -1;
 	pi->requestSeqNum = 0;
 	memset(pi->guid,0,16);
 	pi->is_duplicate = FALSE;
 	pi->request_available = FALSE;
+	pi->is_faststart = FALSE;
+	pi->is_h245 = FALSE;
+	pi->h245_address = 0;
+	pi->h245_port = 0;
 }

 /*
--- a/epan/dissectors/packet-h225.h
+++ b/epan/dissectors/packet-h225.h
@ -36,8 +36,18 @@ typedef enum _h225_msg_type {
 	H225_OTHERS
 } h225_msg_type;

+typedef enum _h225_cs_type {
+	H225_SETUP,
+	H225_CALL_PROCEDING,
+	H225_ALERTING,
+	H225_CONNECT,
+	H225_RELEASE_COMPLET,
+	H225_OTHER
+} h225_cs_type;
+
 typedef struct _h225_packet_info {
 	h225_msg_type msg_type;		/* ras or cs message */
+	h225_cs_type cs_type;		/* cs message type */
 	gint msg_tag;			/* message tag*/
 	gint reason;			/* reason tag, if available */
 	guint requestSeqNum;		/* request sequence number of ras-message, if available */
@ -45,6 +55,11 @@ typedef struct _h225_packet_info {
 	gboolean is_duplicate;		/* true, if this is a repeated message */
 	gboolean request_available;	/* true, if response matches to a request */
 	nstime_t delta_time; 		/* this is the RAS response time delay */
+	/* added for h225 conversations analysis */
+	gboolean is_faststart;		/* true, if faststart field is included */
+	gboolean is_h245;
+	guint32 h245_address;
+	guint16 h245_port;
 } h225_packet_info;

 /*
--- a/epan/dissectors/packet-h245.c
+++ b/epan/dissectors/packet-h245.c
@ -39,6 +39,8 @@
 #include <string.h>

 #include <epan/prefs.h>
+#include "tap.h"
+#include "packet-h245.h"
 #include "packet-tpkt.h"
 #include "packet-per.h"
 #include <epan/t35.h>
@ -51,6 +53,10 @@ static dissector_handle_t rtcp_handle=NULL;
 static dissector_handle_t h245_handle;
 static dissector_handle_t MultimediaSystemControlMessage_handle;

+static void reset_h245_packet_info(h245_packet_info *pi);
+static int h245_tap = -1;
+static h245_packet_info h245_pi;
+
 static int proto_h245 = -1;		/* h245 over tpkt */
 static int hf_h245_rfc_number = -1;
 static int hf_h245_pdu_type = -1;
@ -1529,6 +1535,8 @@ dissect_h245_MasterSlaveDeterminationAck(tvbuff_t *tvb, int offset, packet_info
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_MasterSlaveDeterminationAck, ett_h245_MasterSlaveDeterminationAck, MasterSlaveDeterminationAck_sequence);

+	h245_pi.msg_type = H245_MastSlvDetAck;
+
 	return offset;
 }

@ -1562,6 +1570,8 @@ dissect_h245_MasterSlaveDeterminationReject(tvbuff_t *tvb, int offset, packet_in
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_MasterSlaveDeterminationReject, ett_h245_MasterSlaveDeterminationReject, MasterSlaveDeterminationReject_sequence);

+	h245_pi.msg_type = H245_MastSlvDetRjc;
+
 	return offset;
 }

@ -3327,6 +3337,8 @@ dissect_h245_OpenLogicalChannelReject(tvbuff_t *tvb, int offset, packet_info *pi
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_OpenLogicalChannelReject, ett_h245_OpenLogicalChannelReject, OpenLogicalChannelReject_sequence);

+	h245_pi.msg_type = H245_OpenLogChnRjc;
+
 	return offset;
 }

@ -3347,6 +3359,8 @@ dissect_h245_CloseLogicalChannel(tvbuff_t *tvb, int offset, packet_info *pinfo,
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_CloseLogicalChannel, ett_h245_CloseLogicalChannel, CloseLogicalChannel_sequence);

+	h245_pi.msg_type = H245_CloseLogChn;
+
 	return offset;
 }

@ -3363,6 +3377,8 @@ dissect_h245_CloseLogicalChannelAck(tvbuff_t *tvb, int offset, packet_info *pinf
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_CloseLogicalChannelAck, ett_h245_CloseLogicalChannelAck, CloseLogicalChannelAck_sequence);

+	h245_pi.msg_type = H245_CloseLogChnAck;
+
 	return offset;
 }

@ -3509,6 +3525,8 @@ dissect_h245_OpenLogicalChannelConfirm(tvbuff_t *tvb, int offset, packet_info *p
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_OpenLogicalChannelConfirm, ett_h245_OpenLogicalChannelConfirm, OpenLogicalChannelConfirm_sequence);

+	h245_pi.msg_type = H245_OpenLogChnCnf;
+
 	return offset;
 }

@ -3524,6 +3542,8 @@ dissect_h245_TerminalCapabilitySetAck(tvbuff_t *tvb, int offset, packet_info *pi
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_TerminalCapabilitySetAck, ett_h245_TerminalCapabilitySetAck, TerminalCapabilitySetAck_sequence);

+	h245_pi.msg_type = H245_TermCapSetAck;
+
 	return offset;
 }

@ -7638,6 +7658,8 @@ dissect_h245_MasterSlaveDetermination(tvbuff_t *tvb, int offset, packet_info *pi
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_MasterSlaveDetermination, ett_h245_MasterSlaveDetermination, MasterSlaveDetermination_sequence);

+	h245_pi.msg_type = H245_MastSlvDet;
+
 	return offset;
 }

@ -7720,6 +7742,8 @@ dissect_h245_TerminalCapabilitySetReject(tvbuff_t *tvb, int offset, packet_info
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_TerminalCapabilitySetReject, ett_h245_TerminalCapabilitySetReject, TerminalCapabilitySetReject_sequence);

+	h245_pi.msg_type = H245_TermCapSetRjc;
+
 	return offset;
 }

@ -12348,6 +12372,8 @@ dissect_h245_MasterSlaveDeterminationRelease(tvbuff_t *tvb, int offset, packet_i
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_MasterSlaveDeterminationRelease, ett_h245_MasterSlaveDeterminationRelease, MasterSlaveDeterminationRelease_sequence);

+	h245_pi.msg_type = H245_MastSlvDetRls;
+
 	return offset;
 }

@ -17487,6 +17513,8 @@ dissect_h245_TerminalCapabilitySet(tvbuff_t *tvb, int offset, packet_info *pinfo
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_TerminalCapabilitySet, ett_h245_TerminalCapabilitySet, TerminalCapabilitySet_sequence);

+	h245_pi.msg_type = H245_TermCapSet;
+
 	return offset;
 }

@ -18065,6 +18093,8 @@ dissect_h245_TerminalCapabilitySetRelease(tvbuff_t *tvb, int offset, packet_info
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_TerminalCapabilitySetRelease, ett_h245_TerminalCapabilitySetRelease, TerminalCapabilitySetRelease_sequence);

+	h245_pi.msg_type = H245_TermCapSetRls;
+
 	return offset;
 }

@ -18204,6 +18234,8 @@ dissect_h245_OpenLogicalChannel(tvbuff_t *tvb, int offset, packet_info *pinfo, p
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_OpenLogicalChannel, ett_h245_OpenLogicalChannel, OpenLogicalChannel_sequence);

+	h245_pi.msg_type = H245_OpenLogChn;
+
 	return offset;
 }

@ -18228,6 +18260,8 @@ dissect_h245_OpenLogicalChannelAck(tvbuff_t *tvb, int offset, packet_info *pinfo
 {
 	offset=dissect_per_sequence(tvb, offset, pinfo, tree, hf_h245_OpenLogicalChannelAck, ett_h245_OpenLogicalChannelAck, OpenLogicalChannelAck_sequence);

+	h245_pi.msg_type = H245_OpenLogChnAck;
+
 	return offset;
 }

@ -19141,7 +19175,12 @@ dissect_h245_MultimediaSystemControlMessage(tvbuff_t *tvb, packet_info *pinfo, p
 void
 dissect_h245(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
+	reset_h245_packet_info(&(h245_pi));
+        h245_pi.msg_type = H245_OTHER;
+
 	dissect_tpkt_encap(tvb, pinfo, tree, h245_reassembly, MultimediaSystemControlMessage_handle);
+
+	tap_queue_packet(h245_tap, pinfo, &h245_pi);
 }

 void
@ -22444,6 +22483,8 @@ proto_register_h245(void)

 	nsp_object_dissector_table = register_dissector_table("h245.nsp.object", "H.245 NonStandardParameter (object)", FT_STRING, BASE_NONE);
 	nsp_h221_dissector_table = register_dissector_table("h245.nsp.h221", "H.245 NonStandardParameter (h221)", FT_UINT32, BASE_HEX);
+
+	h245_tap = register_tap("h245");
 }

 void
@ -22457,3 +22498,13 @@ proto_reg_handoff_h245(void)
 	MultimediaSystemControlMessage_handle=create_dissector_handle(dissect_h245_MultimediaSystemControlMessage, proto_h245);
 	dissector_add_handle("udp.port", MultimediaSystemControlMessage_handle);
 }
+
+static void reset_h245_packet_info(h245_packet_info *pi)
+{
+        if(pi == NULL) {
+                return;
+        }
+
+        pi->msg_type = H245_OTHER;
+}
+
--- a/epan/dissectors/packet-h245.h
+++ b/epan/dissectors/packet-h245.h
@ -23,6 +23,29 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

+typedef enum _h245_msg_type {
+	H245_TermCapSet,
+	H245_TermCapSetAck,
+	H245_TermCapSetRjc,
+	H245_TermCapSetRls,
+	H245_OpenLogChn,
+	H245_OpenLogChnCnf,
+	H245_OpenLogChnAck,
+	H245_OpenLogChnRjc,	
+	H245_CloseLogChn,
+	H245_CloseLogChnAck,
+	H245_MastSlvDet,
+	H245_MastSlvDetAck,
+	H245_MastSlvDetRjc,
+	H245_MastSlvDetRls,
+        H245_OTHER
+} h245_msg_type;
+
+typedef struct _h245_packet_info {
+        h245_msg_type msg_type;         /* type of message */
+} h245_packet_info;
+
+
 extern void dissect_h245_MultimediaSystemControlMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);

 extern int dissect_h245_OpenLogicalChannel(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree);