84 lines
2.9 KiB
Plaintext
84 lines
2.9 KiB
Plaintext
|
/***********************************************************************
|
||
|
* MGCP
|
||
|
***********************************************************************/
|
||
|
|
||
|
/* MGCP is rather complex to match. Why?
|
||
|
- the verb is only present in the request, bu not the response. So by looking
|
||
|
at the resposne you don't know whether it's a CRCX response or a MDCX one.
|
||
|
- a request can specify wildcard endpoint, with the chosen endpoint only showing
|
||
|
up in the response
|
||
|
- one would actually want to treat all messages for one Connection as Gop
|
||
|
- probably treat all Connections on same EP as Gog?
|
||
|
*/
|
||
|
|
||
|
Pdu mgcp_pdu Proto mgcp Transport udp/ip {
|
||
|
Extract ip_addr From ip.addr;
|
||
|
Extract port From udp.port;
|
||
|
|
||
|
/* For some unknown reason the below fields are not actually extracted
|
||
|
* by wireshark - why is that ?!? */
|
||
|
Extract mgcp_rsp_code From mgcp.rsp.rspcode;
|
||
|
Extract mgcp_verb From mgcp.req.verb;
|
||
|
Extract mgcp_endpoint From mgcp.req.endpoint;
|
||
|
Extract mgcp_conn_id From mgcp.param.connectionid;
|
||
|
Extract mgcp_spec_endp_id From mgcp.param.specificendpointid;
|
||
|
};
|
||
|
|
||
|
Gop mgcp_conn On mgcp_pdu Match (ip_addr, ip_addr, port, port, mgcp_conn_id) {
|
||
|
Start (mgcp_rsp_code = 200, mgcp_spec_endp_id);
|
||
|
Stop (mgcp_verb = "DLCX");
|
||
|
};
|
||
|
|
||
|
|
||
|
/***********************************************************************
|
||
|
* A-bis RSL
|
||
|
***********************************************************************/
|
||
|
|
||
|
/* For RSL, we want to mark all messages related to one logical channel,
|
||
|
from RSL CHAN ACT all the way to RF CHAN REL */
|
||
|
|
||
|
Pdu rsl_pdu Proto gsm_abis_rsl Transport gsm_ipa/tcp/ip {
|
||
|
Extract ip_addr From ip.addr;
|
||
|
Extract port From tcp.port;
|
||
|
Extract rsl_cbits From gsm_abis_rsl.ch_no_Cbits;
|
||
|
Extract rsl_tn From gsm_abis_rsl.ch_no_TN;
|
||
|
Extract rsl_msg_dsc From gsm_abis_rsl.msg_dsc;
|
||
|
Extract rsl_msg_type From gsm_abis_rsl.msg_type;
|
||
|
Criteria Accept Strict (rsl_msg_dsc {4|1|63}); // DCHAN || RLL || IPA
|
||
|
};
|
||
|
|
||
|
Gop rsl_lchan On rsl_pdu Match (ip_addr, ip_addr, port, port, rsl_cbits, rsl_tn) {
|
||
|
Start (rsl_msg_type = 33); // CHAN_ACT
|
||
|
Stop (rsl_msg_type {36|51}); // CHAN_ACT_NACK || RF_CHAN_REL_ACK
|
||
|
};
|
||
|
|
||
|
|
||
|
|
||
|
/***********************************************************************
|
||
|
* SCCP
|
||
|
***********************************************************************/
|
||
|
|
||
|
/* We don't really have to track SCCP connections; the SCCP dissector does that (assoc.id),
|
||
|
but that is somehow broken (20200314)? */
|
||
|
Pdu sccp_pdu Proto sccp Transport m3ua/ip {
|
||
|
Extract pc From m3ua.protocol_data_opc;
|
||
|
Extract pc From m3ua.protocol_data_dpc;
|
||
|
//Extract sccp_assoc_id From sccp.assoc.id;
|
||
|
Extract sccp_lr From sccp.lr;
|
||
|
Extract sccp_msg_type From sccp.message_type;
|
||
|
};
|
||
|
|
||
|
//Gop sccp_conn On sccp_pdu Match (pc, pc, sccp_assoc_id) {
|
||
|
Gop sccp_conn On sccp_pdu Match (pc, pc, sccp_lr) {
|
||
|
Start (sccp_msg_type = "0x00000001"); // CR
|
||
|
Stop (sccp_msg_type {"0x00000005"}); // RLC
|
||
|
};
|
||
|
|
||
|
|
||
|
/***********************************************************************
|
||
|
* BSSAP
|
||
|
***********************************************************************/
|
||
|
|
||
|
|
||
|
Done;
|