From Florent Drouin:
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
2006-09-27 20:06:06 +00:00
|
|
|
/*
|
|
|
|
* tcap-persistentdata.h
|
|
|
|
* Definitions for lists and hash tables used in wireshark's tcap dissector
|
|
|
|
* for calculation of delays in tcap-transactions
|
|
|
|
* Copyright 2006 Florent Drouin (based on h225-persistentdata from Lars Roland)
|
|
|
|
*
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
2007-07-27 19:24:40 +00:00
|
|
|
* $Id$
|
|
|
|
*
|
From Florent Drouin:
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
2006-09-27 20:06:06 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __tcapsrt_HASH__
|
|
|
|
#define __tcapsrt_HASH__
|
|
|
|
|
2009-08-21 20:51:13 +00:00
|
|
|
#include <epan/packet.h>
|
|
|
|
#include <epan/conversation.h>
|
|
|
|
#include <epan/dissectors/packet-tcap.h>
|
From Florent Drouin:
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
2006-09-27 20:06:06 +00:00
|
|
|
|
|
|
|
#define LENGTH_OID 16
|
|
|
|
struct tcaphash_context_t {
|
|
|
|
struct tcaphash_context_key_t * key;
|
|
|
|
guint32 session_id;
|
|
|
|
guint32 first_frame;
|
|
|
|
guint32 last_frame;
|
|
|
|
nstime_t begin_time; /* time of arrival of TC_BEGIN */
|
|
|
|
nstime_t end_time; /* time of closing message */
|
|
|
|
gboolean responded; /* true, if request has been responded */
|
|
|
|
gboolean closed;
|
|
|
|
gboolean upper_dissector;
|
|
|
|
gboolean oid_present;
|
|
|
|
gchar oid[LENGTH_OID+1];
|
2007-07-27 19:24:40 +00:00
|
|
|
gboolean subdissector_present;
|
From Florent Drouin:
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
2006-09-27 20:06:06 +00:00
|
|
|
dissector_handle_t subdissector_handle;
|
|
|
|
void (* callback) (tvbuff_t *,packet_info *, proto_tree *, struct tcaphash_context_t *);
|
|
|
|
struct tcaphash_begincall_t * begincall;
|
|
|
|
struct tcaphash_contcall_t * contcall;
|
2007-07-27 19:24:40 +00:00
|
|
|
struct tcaphash_endcall_t * endcall;
|
|
|
|
struct tcaphash_ansicall_t * ansicall;
|
From Florent Drouin:
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
2006-09-27 20:06:06 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct tcaphash_begincall_t {
|
|
|
|
struct tcaphash_begin_info_key_t * beginkey;
|
|
|
|
struct tcaphash_context_t * context;
|
|
|
|
gboolean father;
|
|
|
|
struct tcaphash_begincall_t * next_begincall;
|
|
|
|
struct tcaphash_begincall_t * previous_begincall;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct tcaphash_contcall_t {
|
|
|
|
struct tcaphash_cont_info_key_t * contkey;
|
|
|
|
struct tcaphash_context_t * context;
|
|
|
|
gboolean father;
|
|
|
|
struct tcaphash_contcall_t * next_contcall;
|
|
|
|
struct tcaphash_contcall_t * previous_contcall;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct tcaphash_endcall_t {
|
|
|
|
struct tcaphash_end_info_key_t * endkey;
|
|
|
|
struct tcaphash_context_t * context;
|
|
|
|
gboolean father;
|
|
|
|
struct tcaphash_endcall_t * next_endcall;
|
|
|
|
struct tcaphash_endcall_t * previous_endcall;
|
|
|
|
};
|
|
|
|
|
2007-07-27 19:24:40 +00:00
|
|
|
struct tcaphash_ansicall_t {
|
|
|
|
struct tcaphash_ansi_info_key_t * ansikey;
|
|
|
|
struct tcaphash_context_t * context;
|
|
|
|
gboolean father;
|
|
|
|
struct tcaphash_ansicall_t * next_ansicall;
|
|
|
|
struct tcaphash_ansicall_t * previous_ansicall;
|
|
|
|
};
|
|
|
|
|
From Florent Drouin:
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
2006-09-27 20:06:06 +00:00
|
|
|
/* The Key for the hash table is the TCAP origine transaction identifier
|
|
|
|
of the TC_BEGIN containing the InitialDP */
|
|
|
|
|
|
|
|
struct tcaphash_context_key_t {
|
|
|
|
guint32 session_id;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct tcaphash_begin_info_key_t {
|
|
|
|
guint32 hashKey;
|
|
|
|
guint32 tid;
|
|
|
|
guint32 opc_hash;
|
|
|
|
guint32 dpc_hash;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct tcaphash_cont_info_key_t {
|
|
|
|
guint32 hashKey;
|
|
|
|
guint32 src_tid;
|
|
|
|
guint32 dst_tid;
|
|
|
|
guint32 opc_hash;
|
|
|
|
guint32 dpc_hash;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct tcaphash_end_info_key_t {
|
|
|
|
guint32 hashKey;
|
|
|
|
guint32 tid;
|
|
|
|
guint32 opc_hash;
|
|
|
|
guint32 dpc_hash;
|
|
|
|
};
|
|
|
|
|
2007-07-27 19:24:40 +00:00
|
|
|
struct tcaphash_ansi_info_key_t {
|
|
|
|
guint32 hashKey;
|
|
|
|
guint32 tid;
|
|
|
|
guint32 opc_hash;
|
|
|
|
guint32 dpc_hash;
|
|
|
|
};
|
|
|
|
|
From Florent Drouin:
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
2006-09-27 20:06:06 +00:00
|
|
|
|
|
|
|
/* List of infos to store for the analyse */
|
|
|
|
struct tcapsrt_info_t {
|
|
|
|
guint32 tcap_session_id;
|
|
|
|
guint32 src_tid;
|
|
|
|
guint32 dst_tid;
|
|
|
|
guint8 ope;
|
|
|
|
};
|
|
|
|
|
|
|
|
void tcapsrt_init_routine(void);
|
|
|
|
|
|
|
|
struct tcapsrt_info_t * tcapsrt_razinfo(void);
|
|
|
|
|
|
|
|
void tcapsrt_close(struct tcaphash_context_t * p_tcaphash_context,
|
|
|
|
packet_info * pinfo _U_);
|
|
|
|
|
|
|
|
struct tcaphash_context_t * tcapsrt_call_matching(tvbuff_t *tvb,
|
|
|
|
packet_info * pinfo _U_,
|
|
|
|
proto_tree *tree,
|
|
|
|
struct tcapsrt_info_t * p_tcap_info);
|
|
|
|
|
2006-12-08 18:40:42 +00:00
|
|
|
WS_VAR_IMPORT gboolean gtcap_StatSRT;
|
2006-12-08 01:08:48 +00:00
|
|
|
|
From Florent Drouin:
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
2006-09-27 20:06:06 +00:00
|
|
|
#endif /* __tcapsrt_HASH__*/
|