WIP: qcdiag SIM

Change-Id: I7c4025405516edd42aea2e4c1800d341882b0876
qcdiag_log: Implement RRC dissection
2023-03-11 15:02:01 +01:00 · 2023-03-11 15:02:01 +01:00 · 2023-03-11 15:02:01 +01:00 · 2023-03-11 15:02:01 +01:00 · 2023-03-11 15:02:01 +01:00 · 2023-03-11 15:02:01 +01:00
7 changed files with 1551 additions and 5 deletions
--- a/epan/dissectors/CMakeLists.txt
+++ b/epan/dissectors/CMakeLists.txt
@ -536,6 +536,7 @@ set(DISSECTOR_PUBLIC_HEADERS
 	packet-q708.h
 	packet-q931.h
 	packet-q932.h
+	packet-qcdiag.h
 	packet-qsig.h
 	packet-quic.h
 	packet-radius.h
@ -1699,6 +1700,9 @@ set(DISSECTOR_SRC
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-q708.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-q931.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-q933.c
+	${CMAKE_CURRENT_SOURCE_DIR}/packet-qcdiag.c
+	${CMAKE_CURRENT_SOURCE_DIR}/packet-qcdiag_log.c
+	${CMAKE_CURRENT_SOURCE_DIR}/packet-qcdiag_msg.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-qllc.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-qnet6.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-quake.c
--- a/epan/dissectors/packet-gsm_rlcmac.c
+++ b/epan/dissectors/packet-gsm_rlcmac.c
@ -49,6 +49,7 @@ void proto_reg_handoff_gsm_rlcmac(void);

 static dissector_handle_t lte_rrc_dl_dcch_handle = NULL;
 static dissector_handle_t rrc_irat_ho_to_utran_cmd_handle = NULL;
+static dissector_handle_t llc_handle = NULL;

 /* private typedefs */
 typedef struct
@ -8613,7 +8614,7 @@ static guint8 dissect_gprs_data_segments(tvbuff_t *tvb, packet_info *pinfo, prot
                                 "data segment: LI[%d]=%d indicates: (Last segment of) LLC frame (%d octets)",
                                 i, li, li);
        data_tvb = tvb_new_subset_length(tvb, octet_offset, li);
-        call_data_dissector(data_tvb, pinfo, subtree);
+        call_dissector(llc_handle, data_tvb, pinfo, subtree);
        octet_offset += li;
        break;
    }
@ -8629,7 +8630,7 @@ static guint8 dissect_gprs_data_segments(tvbuff_t *tvb, packet_info *pinfo, prot
      subtree = proto_tree_add_subtree_format(tree, tvb, octet_offset, blk_length - octet_offset, ett_data_segments, NULL,
                               "data segment: LI not present: \n The Upper Layer PDU in the current RLC data block either fills the current RLC data block precisely \nor continues in the following in-sequence RLC data block");
      data_tvb = tvb_new_subset_length(tvb, octet_offset, blk_length - octet_offset);
-      call_data_dissector(data_tvb, pinfo, subtree);
+      call_dissector(llc_handle, data_tvb, pinfo, subtree);
     } else {
      proto_tree_add_bytes_item(tree, hf_padding, tvb, octet_offset, blk_length - octet_offset, ENC_BIG_ENDIAN, NULL, NULL, NULL);
     }
@ -8732,7 +8733,7 @@ static guint16 dissect_egprs_data_segments(tvbuff_t *tvb, packet_info *pinfo, pr
                                 "data segment: LI[%d]=%d indicates: (Last segment of) LLC frame (%d octets)",
                                 i, li, li);
        data_tvb = tvb_new_subset_length(tvb, octet_offset, li);
-        call_data_dissector(data_tvb, pinfo, subtree);
+        call_dissector(llc_handle, data_tvb, pinfo, subtree);
        octet_offset += li;
        break;
    }
@ -8745,7 +8746,7 @@ static guint16 dissect_egprs_data_segments(tvbuff_t *tvb, packet_info *pinfo, pr
    subtree = proto_tree_add_subtree(tree, tvb, octet_offset, octet_length - octet_offset, ett_data_segments, NULL,
                             "data segment: LI not present: \n The Upper Layer PDU in the current RLC data block either fills the current RLC data block precisely \nor continues in the following in-sequence RLC data block");
    data_tvb = tvb_new_subset_length(tvb, octet_offset, octet_length - octet_offset);
-    call_data_dissector(data_tvb, pinfo, subtree);
+    call_dissector(llc_handle, data_tvb, pinfo, subtree);
    octet_offset = octet_length;
  }
  return (octet_offset - initial_offset);
@ -18632,6 +18633,7 @@ void proto_reg_handoff_gsm_rlcmac(void)
 {
  lte_rrc_dl_dcch_handle = find_dissector("lte_rrc.dl_dcch");
  rrc_irat_ho_to_utran_cmd_handle = find_dissector("rrc.irat.ho_to_utran_cmd");
+  llc_handle = find_dissector("llcgprs");
 }

 /*
--- a/epan/dissectors/packet-qcdiag.c
+++ b/epan/dissectors/packet-qcdiag.c
@ -0,0 +1,429 @@
+/* packet-qcdiag.c
+ * Routines for Qualcomm DIAG packet handling
+ *
+ * (C) 2016-2017 by Harald Welte <laforge@gnumonks.org>
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include "packet-gsmtap.h"
+#include "packet-qcdiag.h"
+
+static dissector_table_t qcdiag_dissector_table;
+static dissector_table_t qcdiag_subsys_dissector_table;
+
+static int proto_qcdiag = -1;
+
+static int hf_qcdiag_cmd = -1;
+static int hf_qcdiag_subsys_id = -1;
+static int hf_qcdiag_subsys_cmd_code = -1;
+
+static int hf_qcdiag_logcfg_operation = -1;
+static int hf_qcdiag_logcfg_equip_id = -1;
+static int hf_qcdiag_logcfg_last_item = -1;
+
+static gint ett_qcdiag = -1;
+
+static const value_string qcdiag_cmds[] = {
+	{ DIAG_VERNO_F,			"Version Number" },
+	{ DIAG_ESN_F,			"MS ESN" },
+	{ DIAG_PEEKB_F,			"Peek Byte" },
+	{ DIAG_PEEKW_F,			"Peek Word" },
+	{ DIAG_PEEKD_F,			"Peek DWord" },
+	{ DIAG_POKEB_F,			"Poek Byte" },
+	{ DIAG_POKEW_F,			"Poke Word" },
+	{ DIAG_POKED_F,			"Poke DWord" },
+	{ DIAG_OUTP_F,			"Byte output" },
+	{ DIAG_OUTPW_F,			"Word output" },
+	{ DIAG_INP_F,			"Byte input" },
+	{ DIAG_INPW_F,			"Word input" },
+	{ DIAG_STATUS_F,		"Status" },
+	{ DIAG_LOGMASK_F,		"Set Logging Mask" },
+	{ DIAG_LOG_F,			"Log Packet" },
+	{ DIAG_NV_PEEK_F,		"Peek NV Memory" },
+	{ DIAG_NV_POKE_F,		"Poke NV Memory" },
+	{ DIAG_BAD_CMD_F,		"Bad Command" },
+	{ DIAG_BAD_PARM_F,		"Bad Parameter" },
+	{ DIAG_BAD_LEN_F,		"Bad Length" },
+	{ DIAG_BAD_MODE_F,		"Packet not allowed in current mode" },
+	{ DIAG_TAGRAPH_F,		"TA power and voice graphs" },
+	{ DIAG_MARKOV_F,		"Markov statistics" },
+	{ DIAG_MARKOV_RESET_F,		"Reset Markov statistics" },
+	{ DIAG_DIAG_VER_F,		"DIAG Version" },
+	{ DIAG_TS_F,			"Timestamp" },
+	{ DIAG_TA_PARM_F,		"Set TA Parameters" },
+	{ DIAG_MSG_F,			"Request for MSG report" },
+	{ DIAG_HS_KEY_F,		"Handset emulation: Keypress" },
+	{ DIAG_HS_LOCK_F,		"Handest emulation: Lock/Unlock" },
+	{ DIAG_HS_SCREEN_F,		"Handset emulation: Display" },
+	{ DIAG_PARM_SET_F,		"Parameter download" },
+	{ DIAG_NV_READ_F,		"Read NV item" },
+	{ DIAG_NV_WRITE_F,		"Write NV item" },
+	{ DIAG_CONTROL_F,		"Mode change request" },
+	{ DIAG_ERR_READ_F,		"Error record retrieval" },
+	{ DIAG_ERR_CLEAR_F,		"Error record clear" },
+	{ DIAG_SER_RESET_F,		"Symbol error rate counter reset" },
+	{ DIAG_SER_REPORT_F,		"Symbol error rate counter report" },
+	{ DIAG_TEST_F,			"Run a specified test" },
+	{ DIAG_GET_DIPSW_F,		"Get current DIP switch setting" },
+	{ DIAG_SET_DIPSW_F,		"Write new DIP switch setting" },
+	{ DIAG_VOC_PCM_LB_F,		"Start/Stop Vocoder PCM loopback" },
+	{ DIAG_VOC_PKT_LB_F,		"Start/Stop Vocoder PKT loopback" },
+	{ DIAG_ORIG_F,			"Originate a call" },
+	{ DIAG_END_F,			"End a call" },
+	{ DIAG_DLOAD_F,			"Switch to downloader" },
+	{ DIAG_TMOB_F,			"Test mode and FTM commands" },
+	{ DIAG_STATE_F,			"Return phone state" },
+	{ DIAG_PILOT_SETS_F,		"Return all current sets of pilots" },
+	{ DIAG_SPC_F,			"Send the Service Programming Code" },
+	{ DIAG_BAD_SPC_MODE_F,		"Invalid NV read/write because SP is locked" },
+	{ DIAG_PARM_GET2_F,		"Get parms" },
+	{ DIAG_SERIAL_CHG_F,		"Serial mode change" },
+	{ DIAG_PASSWORD_F,		"Send password" },
+	{ DIAG_BAD_SEC_MODE_F,		"Bad security mode" },
+	{ DIAG_PR_LIST_WR_F,		"Write preferred roaming list to phone" },
+	{ DIAG_PR_LIST_RD_F,		"Read preferred roaming list from phone" },
+	{ DIAG_SUBSYS_CMD_F,		"Subsystem Command" },
+	{ DIAG_FEATURE_QUERY_F,		"Feature Query" },
+	{ DIAG_SMS_READ_F,		"Read SMS from NV" },
+	{ DIAG_SMS_WRITE_F,		"Write SMS to NV" },
+	{ DIAG_SUP_FER_F,		"Frame Error Rate" },
+	{ DIAG_SUP_WALSH_CODES_F,	"Supplemental Channel Walsh Codes" },
+	{ DIAG_SET_MAX_SUP_CH_F,	"Set max. number of Supplemental Channels" },
+	{ DIAG_PARM_GET_IS95B_F,	"Get SUP and MUX2 Params" },
+	{ DIAG_FS_OP_F, 		"EFS Operation" },
+	{ DIAG_AKEY_VERIFY_F,		"AKEY Verification" },
+	{ DIAG_BMP_HS_SCREEN_F,		"Handset emulation: Bitmap screen" },
+	{ DIAG_CONFIG_COMM_F,		"Configure communications" },
+	{ DIAG_EXT_LOGMASK_F,		"Extended logmask" },
+	{ DIAG_EVENT_REPORT_F,		"Event reporting" },
+	{ DIAG_STREAMING_CONFIG_F,	"Load Balancing" },
+	{ DIAG_PARM_RETRIEVE_F,		"Retrieve Parameter" },
+	{ DIAG_STATUS_SNAPSHOT_F,	"State snapshot of DMSS" },
+	{ DIAG_RPC_F,			"RPC" },
+	{ DIAG_GET_PROPERTY_F,		"Get Property" },
+	{ DIAG_PUT_PROPERTY_F,		"Put Property" },
+	{ DIAG_GET_GUID_F,		"Get GUID" },
+	{ DIAG_USER_CMD_F,		"Invocation of user callbacks" },
+	{ DIAG_GET_PERM_PROPERTY_F,	"Get permanent properties" },
+	{ DIAG_PUT_PERM_PROPERTY_F,	"Put permanent properties" },
+	{ DIAG_PERM_USER_CMD_F,		"Permanent user callbacks" },
+	{ DIAG_GPS_SESS_CTRL_F,		"GPS session control" },
+	{ DIAG_GPS_GRID_F,		"GPS search grid" },
+	{ DIAG_GPS_STATISTICS_F,	"GPS statistics" },
+	{ DIAG_ROUTE_F,			"DIAG Packet routing" },
+	{ DIAG_IS2000_STATUS_F,		"IS2000 status" },
+	{ DIAG_RLP_STAT_RESET_F,	"RPL statistics reset" },
+	{ DIAG_TDSO_STAT_RESET_F,	"(S)TDSO statistics reset" },
+	{ DIAG_LOG_CONFIG_F,		"Log configuration" },
+	{ DIAG_TRACE_EVENT_REPORT_F,	"Trace event reporting" },
+	{ DIAG_SBI_READ_F,		"SBI Read" },
+	{ DIAG_SBI_WRITE_F,		"SBI Write" },
+	{ DIAG_SSD_VERIFY_F,		"SSD Verify" },
+	{ DIAG_LOG_ON_DEMAND_F,		"Log on request" },
+	{ DIAG_EXT_MSG_F,		"Request extended MSG report" },
+	{ DIAG_ONCRPC_F,		"ONCRPC" },
+	{ DIAG_PROTOCOL_LOOPBACK_F,	"DIAG Loopback" },
+	{ DIAG_EXT_BUILD_ID_F,		"Extended Build ID" },
+	{ DIAG_EXT_MSG_CONFIG_F,	"Extended MSG configuration" },
+	{ DIAG_EXT_MSG_TERSE_F,		"Extended MSG in terse format" },
+	{ DIAG_EXT_MSG_TERSE_XLATE_F,	"Translate terse format MSG identifier" },
+	{ DIAG_SUBSYS_CMD_VER_2_F,	"Subsytem dispatcher V2" },
+	{ DIAG_EVENT_MASK_GET_F,	"Get event mask" },
+	{ DIAG_EVENT_MASK_SET_F,	"Set event mask" },
+	{ DIAG_CHANGE_PORT_SETTINGS,	"Change port settings" },
+	{ DIAG_CNTRY_INFO_F,		"Country network information" },
+	{ DIAG_SUPS_REQ_F,		"Supplementary Service" },
+	{ DIAG_MMS_ORIG_SMS_REQUEST_F,	"SMS request for MMS" },
+	{ DIAG_MEAS_MODE_F,		"Change measurement mode" },
+	{ DIAG_MEAS_REQ_F,		"Request measurements for HDR channels" },
+	{ DIAG_QSR_EXT_MSG_TERSE_F,	"Optimized F3 Message" },
+	{ DIAG_DCI_CMD_REQ,		"DCI Command" },
+	{ DIAG_DCI_DELAYED_RSP,		"DCI Delayed Response" },
+	{ DIAG_BAD_TRANS_F,		"DCI Error" },
+	{ DIAG_SSM_DISALLOWED_CMD_F,	"SSM Disallowed Command" },
+	{ DIAG_LOG_ON_DEMAND_EXT_F,	"Log on extended request" },
+	{ DIAG_QSR4_EXT_MSG_TERSE_F,	"QShrink" },
+	{ 0, NULL }
+};
+
+static value_string_ext qcdiag_cmds_ext = VALUE_STRING_EXT_INIT(qcdiag_cmds);
+
+static const value_string qcdiag_subsys[] = {
+	{ DIAG_SUBSYS_OEM,		"OEM" },
+	{ DIAG_SUBSYS_ZREX,		"ZREX" },
+	{ DIAG_SUBSYS_SD,		"System Determination" },
+	{ DIAG_SUBSYS_BT,		"Bluetooth" },
+	{ DIAG_SUBSYS_WCDMA,		"WCMDA" },
+	{ DIAG_SUBSYS_HDR,		"1xEvDO" },
+	{ DIAG_SUBSYS_DIABLO,		"DIABLO" },
+	{ DIAG_SUBSYS_TREX,		"TREX - Off-target testing" },
+	{ DIAG_SUBSYS_GSM,		"GSM" },
+	{ DIAG_SUBSYS_UMTS,		"UMTS" },
+	{ DIAG_SUBSYS_HWTC,		"HWTC" },
+	{ DIAG_SUBSYS_FTM,		"Factory Test Mode" },
+	{ DIAG_SUBSYS_REX,		"REX" },
+	{ DIAG_SUBSYS_GPS,		"GPS" },
+	{ DIAG_SUBSYS_WMS,		"Wireless Messaging Service" },
+	{ DIAG_SUBSYS_CM,		"Call Manager" },
+	{ DIAG_SUBSYS_HS,		"Handset" },
+	{ DIAG_SUBSYS_AUDIO_SETTINGS,	"Audio Settings" },
+	{ DIAG_SUBSYS_DIAG_SERV,	"DIAG Services" },
+	{ DIAG_SUBSYS_FS,		"EFS2" },
+	{ DIAG_SUBSYS_PORT_MAP_SETTINGS, "Port Map Settings" },
+	{ DIAG_SUBSYS_MEDIAPLAYER,	"QCT Mediaplayer" },
+	{ DIAG_SUBSYS_QCAMERA,		"QCT QCamera" },
+	{ DIAG_SUBSYS_MOBIMON,		"QCT MobiMon" },
+	{ DIAG_SUBSYS_GUNIMON,		"QCT GuniMon" },
+	{ DIAG_SUBSYS_LSM,		"Location Services Manager" },
+	{ DIAG_SUBSYS_QCAMCORDER,	"QCT QCamcorder" },
+	{ DIAG_SUBSYS_MUX1X,		"Multiplexer (1x)" },
+	{ DIAG_SUBSYS_DATA1X,		"Data (1x)" },
+	{ DIAG_SUBSYS_SRCH1X,		"Searcher (1x)" },
+	{ DIAG_SUBSYS_CALLP1X,		"Call Processor (1x)" },
+	{ DIAG_SUBSYS_APPS,		"Applications" },
+	{ DIAG_SUBSYS_SETTINGS,		"Seettings" },
+	{ DIAG_SUBSYS_GSDI,		"Generic Sim Driver Interface" },
+	{ DIAG_SUBSYS_TMC,		"Task Main Controller" },
+	{ DIAG_SUBSYS_USB,		"USB" },
+	{ DIAG_SUBSYS_PM,		"Power Management" },
+	{ DIAG_SUBSYS_DEBUG,		"Debug" },
+	{ DIAG_SUBSYS_CLKRGM,		"Clock Regime" },
+	{ DIAG_SUBSYS_WLAN,		"WLAN" },
+	{ DIAG_SUBSYS_PS_DATA_LOGGING,	"PS Data Path Logging" },
+	{ DIAG_SUBSYS_MFLO,		"MediaFLO" },
+	{ DIAG_SUBSYS_DTV,		"Digital TV" },
+	{ DIAG_SUBSYS_RRC,		"WCDMA RRC" },
+	{ DIAG_SUBSYS_PROF,		"Profiling" },
+	{ DIAG_SUBSYS_TCXOMGR,		"TXCO Manager" },
+	{ DIAG_SUBSYS_NV,		"NV" },
+	{ DIAG_SUBSYS_PARAMS,		"Parameters" },
+	{ DIAG_SUBSYS_MDDI,		"MDDI" },
+	{ DIAG_SUBSYS_DS_ATCOP,		"Data Services AT Command Processor" },
+	{ DIAG_SUBSYS_L4LINUX,		"L4/Linux" },
+	{ DIAG_SUBSYS_MVS,		"Multimedia Voice Services" },
+	{ DIAG_SUBSYS_CNV,		"Compact NV" },
+	{ DIAG_SUBSYS_APIONE_PROGRAM,	"apiOne" },
+	{ DIAG_SUBSYS_HIT,		"Hardware Integration Test" },
+	{ DIAG_SUBSYS_DRM,		"Digital Restrictions Management" },
+	{ DIAG_SUBSYS_DM,		"Device Management" },
+	{ DIAG_SUBSYS_FC,		"Flow Controller" },
+	{ DIAG_SUBSYS_MEMORY,		"Malloc Manager" },
+	{ DIAG_SUBSYS_FS_ALTERNATE,	"Alternate Filesystem" },
+	{ DIAG_SUBSYS_REGRESSION,	"Regression Test Commands" },
+	{ DIAG_SUBSYS_SENSORS,		"Sensors" },
+	{ DIAG_SUBSYS_FLUTE,		"FLUTE" },
+	{ DIAG_SUBSYS_ANALOG,		"Analog" },
+	{ DIAG_SUBSYS_APIONE_PROGRAM_MODEM, "apine Program on Modem Processor" },
+	{ DIAG_SUBSYS_LTE,		"LTE" },
+	{ DIAG_SUBSYS_BREW,		"BREW" },
+	{ DIAG_SUBSYS_PWRDB,		"Power Debug" },
+	{ DIAG_SUBSYS_CHORD,		"Chaos Coordinator" },
+	{ DIAG_SUBSYS_SEC,		"Security" },
+	{ DIAG_SUBSYS_TIME,		"Time" },
+	{ DIAG_SUBSYS_Q6_CORE,		"Q6 Core" },
+	{ DIAG_SUBSYS_COREBSP,		"Core BSP" },
+	{ DIAG_SUBSYS_MFLO2,		"MediaFLO2" },
+	{ DIAG_SUBSYS_ULOG,		"ULog Services" },
+	{ DIAG_SUBSYS_APR,		"Async Packet Router" },
+	{ DIAG_SUBSYS_QNP,		"QNP" },
+	{ DIAG_SUBSYS_STRIDE,		"STRIDE" },
+	{ DIAG_SUBSYS_OEMDPP,		"DPP Partition" },
+	{ DIAG_SUBSYS_Q5_CORE,		"Q5 Core" },
+	{ DIAG_SUBSYS_USCRIPT,		"USCRIPT" },
+	{ DIAG_SUBSYS_NAS,		"Non Access Stratum" },
+	{ DIAG_SUBSYS_CMAPI,		"CMAPI" },
+	{ DIAG_SUBSYS_SSM,		"SSM" },
+	{ DIAG_SUBSYS_TDSCDMA,		"TD-SCDMA" },
+	{ DIAG_SUBSYS_SSM_TEST,		"SSM Test" },
+	{ DIAG_SUBSYS_MPOWER,		"MPOWER" },
+	{ DIAG_SUBSYS_QDSS,		"QDSS" },
+	{ DIAG_SUBSYS_CXM,		"CXM" },
+	{ DIAG_SUBSYS_GNSS_SOC,		"Secondary GNSS" },
+	{ DIAG_SUBSYS_TTLITE,		"TTLITE" },
+	{ DIAG_SUBSYS_FTM_ANT,		"FTM ANT" },
+	{ DIAG_SUBSYS_MLOG,		"MLOG" },
+	{ DIAG_SUBSYS_LIMITSMGR,	"LIMITS MGR" },
+	{ DIAG_SUBSYS_EFSMONITOR,	"EFS Monitor" },
+	{ DIAG_SUBSYS_DISPLAY_CALIBRATION, "Display Calibration" },
+	{ DIAG_SUBSYS_VERSION_REPORT,	"Version Report" },
+	{ DIAG_SUBSYS_DS_IPA,		"Internet Packet Accelerator" },
+	{ DIAG_SUBSYS_SYSTEM_OPERATIONS,	"System Operations" },
+	{ DIAG_SUBSYS_CNSS_POWER,	"CNSS Power" },
+	{ DIAG_SUBSYS_LWIP,		"LwIP" },
+	{ DIAG_SUBSYS_IMS_QVP_RTP,	"IMS QVP RTP" },
+	{ 0, NULL }
+};
+
+static value_string_ext qcdiag_subsys_ext = VALUE_STRING_EXT_INIT(qcdiag_subsys);
+
+enum log_config_op {
+	LOG_CONFIG_DISABLE_OP			= 0,
+	LOG_CONFIG_RETRIEVE_ID_RANGES_OP	= 1,
+	LOG_CONFIG_RETRIEVE_VALID_MASK_OP	= 2,
+	LOG_CONFIG_SET_MASK_OP			= 3,
+	LOG_CONFIG_GET_LOGMASK_OP		= 4,
+};
+
+static const value_string logcfg_ops[] = {
+	{ LOG_CONFIG_DISABLE_OP,		"Disable" },
+	{ LOG_CONFIG_RETRIEVE_ID_RANGES_OP,	"Retrieve ID Ranges" },
+	{ LOG_CONFIG_RETRIEVE_VALID_MASK_OP,	"Retrieve Valid Mask" },
+	{ LOG_CONFIG_SET_MASK_OP,		"Set Mask" },
+	{ LOG_CONFIG_GET_LOGMASK_OP,		"Get Mask" },
+	{ 0, NULL }
+};
+
+static int
+dissect_qcdiag_subsys(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+	proto_item *ti = proto_tree_get_parent(tree);
+	gint offset = 0;
+	guint subsys_id;
+
+	col_set_str(pinfo->cinfo, COL_PROTOCOL, "QCDIAG-SUBSYS");
+
+	proto_tree_add_item_ret_uint(tree, hf_qcdiag_subsys_id, tvb, offset++, 1, ENC_NA, &subsys_id);
+	proto_item_append_text(ti, ", %s", val_to_str_ext(subsys_id, &qcdiag_subsys_ext, "Unknown (0x%02x)"));
+	proto_tree_add_item(tree, hf_qcdiag_subsys_cmd_code, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+	offset += 2;
+
+	return dissector_try_uint(qcdiag_subsys_dissector_table, subsys_id, tvb, pinfo, tree);
+}
+
+static int
+dissect_qcdiag_logcfg_setmask(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, proto_tree *tree)
+{
+	proto_tree_add_item(tree, hf_qcdiag_logcfg_equip_id, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+	offset += 4;
+
+	proto_tree_add_item(tree, hf_qcdiag_logcfg_last_item, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+	offset += 4;
+
+	/* FIXME: Data */
+	return tvb_captured_length(tvb);
+}
+
+static int
+dissect_qcdiag_logcfg(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
+{
+	gint offset = 1;
+	guint oper;
+
+	/* padding? */
+	offset += 3;
+
+	/* Operation */
+	proto_tree_add_item_ret_uint(tree, hf_qcdiag_logcfg_operation, tvb, offset, 4, ENC_LITTLE_ENDIAN, &oper);
+	offset += 4;
+
+	switch (oper) {
+	case LOG_CONFIG_SET_MASK_OP:
+		return dissect_qcdiag_logcfg_setmask(tvb, offset, pinfo, tree);
+	default:
+		return tvb_captured_length(tvb);
+	}
+}
+
+static int
+dissect_qcdiag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
+{
+	proto_item *ti;
+	proto_tree *diag_tree;
+	gint offset = 0;
+	guint cmd;
+
+	col_set_str(pinfo->cinfo, COL_PROTOCOL, "QCDIAG");
+
+	ti = proto_tree_add_item(tree, proto_qcdiag, tvb, 0, -1, ENC_NA);
+	diag_tree = proto_item_add_subtree(ti, ett_qcdiag);
+
+	proto_tree_add_item_ret_uint(diag_tree, hf_qcdiag_cmd, tvb, offset, 1, ENC_NA, &cmd);
+	proto_item_append_text(ti, ", %s", val_to_str_ext(cmd, &qcdiag_cmds_ext, "Unknown (0x%02x)"));
+
+	switch (cmd) {
+	case DIAG_LOG_CONFIG_F:
+		return dissect_qcdiag_logcfg(tvb, pinfo, diag_tree);
+	case DIAG_SUBSYS_CMD_F:
+		return dissect_qcdiag_subsys(tvb, pinfo, diag_tree);
+	default:
+		dissector_try_uint(qcdiag_dissector_table, cmd, tvb, pinfo, tree);
+		break;
+	}
+
+	return tvb_captured_length(tvb);
+}
+
+void
+proto_register_qcdiag(void)
+{
+	static hf_register_info hf[] = {
+		{ &hf_qcdiag_cmd, { "Command", "qcdiag.cmd",
+		  FT_UINT8, BASE_HEX|BASE_EXT_STRING, &qcdiag_cmds_ext, 0, NULL, HFILL } },
+		{ &hf_qcdiag_subsys_id, { "Subsystem ID", "qcdiag.subsys_id",
+		  FT_UINT8, BASE_DEC|BASE_EXT_STRING, &qcdiag_subsys_ext, 0, NULL, HFILL } },
+		{ &hf_qcdiag_subsys_cmd_code, { "Subsystem Command Code", "qcdiag.subsys_cmd_code",
+		  FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },
+
+		{ &hf_qcdiag_logcfg_operation, { "Log Config Operation", "qcdiag.logcfg.operation",
+		  FT_UINT32, BASE_DEC, VALS(logcfg_ops), 0, NULL, HFILL } },
+		{ &hf_qcdiag_logcfg_equip_id, { "Log Config Equipment ID", "qcdiag.logcfg.equip_id",
+		  FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_logcfg_last_item, { "Log config Last Item", "qcdiag.logcfg.last_item",
+		  FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } },
+	};
+	static gint *ett[] = {
+		&ett_qcdiag
+	};
+
+	proto_qcdiag = proto_register_protocol("Qualcomm DIAG", "QCDIAG", "qcdiag");
+	proto_register_field_array(proto_qcdiag, hf, array_length(hf));
+	proto_register_subtree_array(ett, array_length(ett));
+
+	qcdiag_dissector_table = register_dissector_table("qcdiag.cmd",
+					"QCDIAG Command", proto_qcdiag, FT_UINT8, BASE_DEC);
+
+	qcdiag_subsys_dissector_table = register_dissector_table("qcdiag.subsys_id",
+					"QCDIAG Subsystem", proto_qcdiag, FT_UINT8, BASE_DEC);
+}
+
+void
+proto_reg_handoff_qcdiag(void)
+{
+	dissector_handle_t qcdiag_handle;
+
+	qcdiag_handle = create_dissector_handle(dissect_qcdiag, proto_qcdiag);
+	dissector_add_uint("gsmtap.type", GSMTAP_TYPE_QC_DIAG, qcdiag_handle);
+}
+
+/*
+ * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 noexpandtab:
+ * :indentSize=8:tabSize=8:noTabs=false:
+ */
--- a/epan/dissectors/packet-qcdiag.h
+++ b/epan/dissectors/packet-qcdiag.h
@ -0,0 +1,249 @@
+#ifndef PACKET_QCDIAG_H
+#define PACKET_QCDIAG_H
+
+#define DIAG_VERNO_F    0
+#define DIAG_ESN_F      1
+#define DIAG_PEEKB_F    2
+#define DIAG_PEEKW_F    3
+#define DIAG_PEEKD_F    4
+#define DIAG_POKEB_F    5
+#define DIAG_POKEW_F    6
+#define DIAG_POKED_F    7
+#define DIAG_OUTP_F     8
+#define DIAG_OUTPW_F    9
+#define DIAG_INP_F      10
+#define DIAG_INPW_F     11
+#define DIAG_STATUS_F   12
+#define DIAG_LOGMASK_F  15
+#define DIAG_LOG_F      16
+#define DIAG_NV_PEEK_F  17
+#define DIAG_NV_POKE_F  18
+#define DIAG_BAD_CMD_F  19
+#define DIAG_BAD_PARM_F 20
+#define DIAG_BAD_LEN_F  21
+#define DIAG_BAD_MODE_F     24
+#define DIAG_TAGRAPH_F      25
+#define DIAG_MARKOV_F       26
+#define DIAG_MARKOV_RESET_F 27
+#define DIAG_DIAG_VER_F     28
+#define DIAG_TS_F           29
+#define DIAG_TA_PARM_F      30
+#define DIAG_MSG_F          31
+#define DIAG_HS_KEY_F       32
+#define DIAG_HS_LOCK_F      33
+#define DIAG_HS_SCREEN_F    34
+#define DIAG_PARM_SET_F     36
+#define DIAG_NV_READ_F  38
+#define DIAG_NV_WRITE_F 39
+#define DIAG_CONTROL_F    41
+#define DIAG_ERR_READ_F   42
+#define DIAG_ERR_CLEAR_F  43
+#define DIAG_SER_RESET_F  44
+#define DIAG_SER_REPORT_F 45
+#define DIAG_TEST_F       46
+#define DIAG_GET_DIPSW_F  47
+#define DIAG_SET_DIPSW_F  48
+#define DIAG_VOC_PCM_LB_F 49
+#define DIAG_VOC_PKT_LB_F 50
+#define DIAG_ORIG_F 53
+#define DIAG_END_F  54
+#define DIAG_DLOAD_F 58
+#define DIAG_TMOB_F  59
+#define DIAG_FTM_CMD_F  59
+#define DIAG_TEST_STATE_F 61
+#define DIAG_STATE_F        63
+#define DIAG_PILOT_SETS_F   64
+#define DIAG_SPC_F          65
+#define DIAG_BAD_SPC_MODE_F 66
+#define DIAG_PARM_GET2_F    67
+#define DIAG_SERIAL_CHG_F   68
+#define DIAG_PASSWORD_F     70
+#define DIAG_BAD_SEC_MODE_F 71
+#define DIAG_PR_LIST_WR_F   72
+#define DIAG_PR_LIST_RD_F   73
+#define DIAG_SUBSYS_CMD_F   75
+#define DIAG_FEATURE_QUERY_F   81
+#define DIAG_SMS_READ_F        83
+#define DIAG_SMS_WRITE_F       84
+#define DIAG_SUP_FER_F         85
+#define DIAG_SUP_WALSH_CODES_F 86
+#define DIAG_SET_MAX_SUP_CH_F  87
+#define DIAG_PARM_GET_IS95B_F  88
+#define DIAG_FS_OP_F           89
+#define DIAG_AKEY_VERIFY_F     90
+#define DIAG_BMP_HS_SCREEN_F   91
+#define DIAG_CONFIG_COMM_F        92
+#define DIAG_EXT_LOGMASK_F        93
+#define DIAG_EVENT_REPORT_F       96
+#define DIAG_STREAMING_CONFIG_F   97
+#define DIAG_PARM_RETRIEVE_F      98
+#define DIAG_STATUS_SNAPSHOT_F    99
+#define DIAG_RPC_F               100
+#define DIAG_GET_PROPERTY_F      101
+#define DIAG_PUT_PROPERTY_F      102
+#define DIAG_GET_GUID_F          103
+#define DIAG_USER_CMD_F          104
+#define DIAG_GET_PERM_PROPERTY_F 105
+#define DIAG_PUT_PERM_PROPERTY_F 106
+#define DIAG_PERM_USER_CMD_F     107
+#define DIAG_GPS_SESS_CTRL_F     108
+#define DIAG_GPS_GRID_F          109
+#define DIAG_GPS_STATISTICS_F    110
+#define DIAG_ROUTE_F             111
+#define DIAG_IS2000_STATUS_F     112
+#define DIAG_RLP_STAT_RESET_F    113
+#define DIAG_TDSO_STAT_RESET_F   114
+#define DIAG_LOG_CONFIG_F        115
+#define DIAG_TRACE_EVENT_REPORT_F 116
+#define DIAG_SBI_READ_F           117
+#define DIAG_SBI_WRITE_F          118
+#define DIAG_SSD_VERIFY_F         119
+#define DIAG_LOG_ON_DEMAND_F      120
+#define DIAG_EXT_MSG_F            121
+#define DIAG_ONCRPC_F             122
+#define DIAG_PROTOCOL_LOOPBACK_F  123
+#define DIAG_EXT_BUILD_ID_F       124
+#define DIAG_EXT_MSG_CONFIG_F     125
+#define DIAG_EXT_MSG_TERSE_F      126
+#define DIAG_EXT_MSG_TERSE_XLATE_F 127
+#define DIAG_SUBSYS_CMD_VER_2_F    128
+#define DIAG_EVENT_MASK_GET_F      129
+#define DIAG_EVENT_MASK_SET_F      130
+#define DIAG_CHANGE_PORT_SETTINGS  140
+#define DIAG_CNTRY_INFO_F          141
+#define DIAG_SUPS_REQ_F            142
+#define DIAG_MMS_ORIG_SMS_REQUEST_F 143
+#define DIAG_MEAS_MODE_F           144
+#define DIAG_MEAS_REQ_F            145
+#define DIAG_QSR_EXT_MSG_TERSE_F   146
+#define DIAG_DCI_CMD_REQ		147
+#define DIAG_DCI_DELAYED_RSP		148
+#define DIAG_BAD_TRANS_F		149
+#define DIAG_SSM_DISALLOWED_CMD_F	150
+#define DIAG_LOG_ON_DEMAND_EXT_F	151
+#define DIAG_MULTI_RADIO_CMD_F		152
+#define DIAG_QSR4_EXT_MSG_TERSE_F	153
+
+#define DIAG_MAX_F                 255
+
+typedef enum {
+	DIAG_SUBSYS_OEM = 0,
+	DIAG_SUBSYS_ZREX = 1,
+	DIAG_SUBSYS_SD = 2,
+	DIAG_SUBSYS_BT = 3,
+	DIAG_SUBSYS_WCDMA = 4,
+	DIAG_SUBSYS_HDR = 5,
+	DIAG_SUBSYS_DIABLO = 6,
+	DIAG_SUBSYS_TREX = 7,
+	DIAG_SUBSYS_GSM = 8,
+	DIAG_SUBSYS_UMTS = 9,
+	DIAG_SUBSYS_HWTC = 10,
+	DIAG_SUBSYS_FTM = 11,
+	DIAG_SUBSYS_REX = 12,
+	DIAG_SUBSYS_OS = DIAG_SUBSYS_REX,
+	DIAG_SUBSYS_GPS = 13,
+	DIAG_SUBSYS_WMS = 14,
+	DIAG_SUBSYS_CM = 15,
+	DIAG_SUBSYS_HS = 16,
+	DIAG_SUBSYS_AUDIO_SETTINGS = 17,
+	DIAG_SUBSYS_DIAG_SERV = 18,
+	DIAG_SUBSYS_FS = 19,
+	DIAG_SUBSYS_PORT_MAP_SETTINGS = 20,
+	DIAG_SUBSYS_MEDIAPLAYER = 21,
+	DIAG_SUBSYS_QCAMERA = 22,
+	DIAG_SUBSYS_MOBIMON = 23,
+	DIAG_SUBSYS_GUNIMON = 24,
+	DIAG_SUBSYS_LSM = 25,
+	DIAG_SUBSYS_QCAMCORDER = 26,
+	DIAG_SUBSYS_MUX1X = 27,
+	DIAG_SUBSYS_DATA1X = 28,
+	DIAG_SUBSYS_SRCH1X = 29,
+	DIAG_SUBSYS_CALLP1X = 30,
+	DIAG_SUBSYS_APPS = 31,
+	DIAG_SUBSYS_SETTINGS = 32,
+	DIAG_SUBSYS_GSDI = 33,
+	DIAG_SUBSYS_UIMDIAG = DIAG_SUBSYS_GSDI,
+	DIAG_SUBSYS_TMC = 34,
+	DIAG_SUBSYS_USB = 35,
+	DIAG_SUBSYS_PM = 36,
+	DIAG_SUBSYS_DEBUG = 37,
+	DIAG_SUBSYS_QTV = 38,
+	DIAG_SUBSYS_CLKRGM = 39,
+	DIAG_SUBSYS_DEVICES = 40,
+	DIAG_SUBSYS_WLAN = 41,
+	DIAG_SUBSYS_PS_DATA_LOGGING = 42,
+	DIAG_SUBSYS_PS = DIAG_SUBSYS_PS_DATA_LOGGING,
+	DIAG_SUBSYS_MFLO = 43,
+	DIAG_SUBSYS_DTV = 44,
+	DIAG_SUBSYS_RRC = 45,
+	DIAG_SUBSYS_PROF = 46,
+	DIAG_SUBSYS_TCXOMGR = 47,
+	DIAG_SUBSYS_NV = 48,
+	DIAG_SUBSYS_AUTOCONFIG = 49,
+	DIAG_SUBSYS_PARAMS = 50,
+	DIAG_SUBSYS_MDDI = 51,
+	DIAG_SUBSYS_DS_ATCOP = 52,
+	DIAG_SUBSYS_L4LINUX = 53,
+	DIAG_SUBSYS_MVS = 54,
+	DIAG_SUBSYS_CNV = 55,
+	DIAG_SUBSYS_APIONE_PROGRAM = 56,
+	DIAG_SUBSYS_HIT = 57,
+	DIAG_SUBSYS_DRM = 58,
+	DIAG_SUBSYS_DM = 59,
+	DIAG_SUBSYS_FC = 60,
+	DIAG_SUBSYS_MEMORY = 61,
+	DIAG_SUBSYS_FS_ALTERNATE = 62,
+	DIAG_SUBSYS_REGRESSION = 63,
+	DIAG_SUBSYS_SENSORS = 64,
+	DIAG_SUBSYS_FLUTE = 65,
+	DIAG_SUBSYS_ANALOG = 66,
+	DIAG_SUBSYS_APIONE_PROGRAM_MODEM = 67,
+	DIAG_SUBSYS_LTE = 68,
+	DIAG_SUBSYS_BREW = 69,
+	DIAG_SUBSYS_PWRDB = 70,
+	DIAG_SUBSYS_CHORD = 71,
+	DIAG_SUBSYS_SEC = 72,
+	DIAG_SUBSYS_TIME = 73,
+	DIAG_SUBSYS_Q6_CORE = 74,
+	DIAG_SUBSYS_COREBSP = 75,
+	DIAG_SUBSYS_MFLO2 = 76,
+	DIAG_SUBSYS_ULOG = 77,
+	DIAG_SUBSYS_APR = 78,
+	DIAG_SUBSYS_QNP = 79,
+	DIAG_SUBSYS_STRIDE = 80,
+	DIAG_SUBSYS_OEMDPP = 81,
+	DIAG_SUBSYS_Q5_CORE = 82,
+	DIAG_SUBSYS_USCRIPT = 83,
+	DIAG_SUBSYS_NAS = 84,
+	DIAG_SUBSYS_CMAPI = 85,
+	DIAG_SUBSYS_SSM = 86,
+	DIAG_SUBSYS_TDSCDMA = 87,
+	DIAG_SUBSYS_SSM_TEST = 88,
+	DIAG_SUBSYS_MPOWER = 89,
+	DIAG_SUBSYS_QDSS = 90,
+	DIAG_SUBSYS_CXM = 91,
+	DIAG_SUBSYS_GNSS_SOC = 92,
+	DIAG_SUBSYS_TTLITE = 93,
+	DIAG_SUBSYS_FTM_ANT = 94,
+	DIAG_SUBSYS_MLOG = 95,
+	DIAG_SUBSYS_LIMITSMGR = 96,
+	DIAG_SUBSYS_EFSMONITOR = 97,
+	DIAG_SUBSYS_DISPLAY_CALIBRATION = 98,
+	DIAG_SUBSYS_VERSION_REPORT = 99,
+	DIAG_SUBSYS_DS_IPA = 100,
+	DIAG_SUBSYS_SYSTEM_OPERATIONS = 101,
+	DIAG_SUBSYS_CNSS_POWER = 102,
+	DIAG_SUBSYS_LWIP = 103,
+	DIAG_SUBSYS_IMS_QVP_RTP = 104,
+	DIAG_SUBSYS_LAST,
+
+	/* Subsystem IDs reserved for OEM use */
+	DIAG_SUBSYS_RESERVED_OEM_0 = 250,
+	DIAG_SUBSYS_RESERVED_OEM_1 = 251,
+	DIAG_SUBSYS_RESERVED_OEM_2 = 252,
+	DIAG_SUBSYS_RESERVED_OEM_3 = 253,
+	DIAG_SUBSYS_RESERVED_OEM_4 = 254,
+	DIAG_SUBSYS_LEGACY = 255
+} diagpkt_subsys_cmd_enum_type;
+
+#endif /* QCDIAG */
--- a/epan/dissectors/packet-qcdiag_log.c
+++ b/epan/dissectors/packet-qcdiag_log.c
@ -0,0 +1,472 @@
+/* packet-qcdiag_log.c
+ * Routines for Qualcomm DIAG LOG packet handling
+ *
+ * (C) 2016-2017 by Harald Welte <laforge@gnumonks.org>
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include "packet-qcdiag.h"
+
+static dissector_table_t qcdiag_log_code_dissector_table;
+
+static int proto_qcdiag_log = -1;
+
+static int hf_qcdiag_log_len = -1;
+static int hf_qcdiag_log_code = -1;
+
+static int hf_rr_chan_type = -1;
+static int hf_rr_downlink = -1;
+static int hf_rr_msg_type = -1;
+static int hf_msg_length = -1;
+
+static int hf_mac_chan_type = -1;
+static int hf_mac_msg_type = -1;
+
+static int hf_nas_msg_length = -1;
+static int hf_nas_direction = -1;
+
+static int hf_rrc_chan_type = -1;
+static int hf_rrc_rb_id = -1;
+static int hf_rrc_length = -1;
+
+static gint ett_qcdiag_log = -1;
+
+enum {
+	SUB_DATA = 0,
+	SUB_UM_CCCH,
+	SUB_UM_DTAP,
+	SUB_UM_SACCH,
+	SUB_UM_RLC_MAC_UL,
+	SUB_UM_RLC_MAC_DL,
+	SUB_CBCH,
+	SUB_SIM,
+	/* UMTS */
+	SUB_RRC_DL_CCCH,
+	SUB_RRC_UL_CCCH,
+	SUB_RRC_DL_DCCH,
+	SUB_RRC_UL_DCCH,
+	SUB_RRC_BCCH_BCH,
+	SUB_RRC_BCCH_FACH,
+	SUB_RRC_PCCH,
+
+	SUB_MAX
+};
+
+static dissector_handle_t sub_handles[SUB_MAX];
+
+enum diag_gsm_rr_chan_type {
+	DIAG_GSM_L2_CHAN_TYPE_DCCH	= 0,
+	DIAG_GSM_L2_CHAN_TYPE_BCCH	= 1,
+	DIAG_GSM_L2_CHAN_TYPE_RACH	= 2,
+	DIAG_GSM_L2_CHAN_TYPE_CCCH	= 3,
+	DIAG_GSM_L2_CHAN_TYPE_SACCH	= 4,
+	DIAG_GSM_L2_CHAN_TYPE_SDCCH	= 5,
+	DIAG_GSM_L2_CHAN_TYPE_FACCH_F	= 6,
+	DIAG_GSM_L2_CHAN_TYPE_FACCH_H	= 7,
+};
+
+static const value_string rr_chan_types[] = {
+	{ DIAG_GSM_L2_CHAN_TYPE_DCCH,	"DCCH" },
+	{ DIAG_GSM_L2_CHAN_TYPE_BCCH,	"BCCH" },
+	{ DIAG_GSM_L2_CHAN_TYPE_RACH,	"RACH" },
+	{ DIAG_GSM_L2_CHAN_TYPE_CCCH,	"CCCH" },
+	{ DIAG_GSM_L2_CHAN_TYPE_SACCH,	"SACCH" },
+	{ DIAG_GSM_L2_CHAN_TYPE_SDCCH,	"SDCCH" },
+	{ DIAG_GSM_L2_CHAN_TYPE_FACCH_F,"FACCH/F" },
+	{ DIAG_GSM_L2_CHAN_TYPE_FACCH_H,"FACCH/H" },
+	{ 0, NULL }
+};
+
+static const true_false_string rr_direction_vals = {
+	"Downlink",
+	"Uplink",
+};
+
+static const true_false_string nas_direction_vals = {
+	"Uplink",
+	"Downlink",
+};
+
+enum gprs_mac_chan_type {
+	PRACH_11BIT_CHANNEL	= 0x01,
+	PRACH_8BIT_CHANNEL	= 0x02,
+	PACCH_RRBP_CHANNEL	= 0x03,
+	UL_PACCH_CHANNEL	= 0x04,
+	PCCCH_CHANNEL		= 0x81,
+	PBCCH_CHANNEL		= 0x82,
+	DL_PACCH_CHANNEL	= 0x83,
+};
+
+static const value_string mac_chan_types[] = {
+	{ PRACH_11BIT_CHANNEL,	"PRACH(11bit)" },
+	{ PRACH_8BIT_CHANNEL,	"PRACH(8bit)" },
+	{ PACCH_RRBP_CHANNEL,	"PACCH(RRBP)" },
+	{ UL_PACCH_CHANNEL,	"PACCH(Uplink)" },
+	{ PCCCH_CHANNEL,	"PCCCH" },
+	{ PBCCH_CHANNEL,	"PBCCH" },
+	{ DL_PACCH_CHANNEL,	"PACCH(Downlink)" },
+	{ 0, NULL }
+};
+
+enum diag_umts_rrc_chtype {
+	DIAG_UMTS_RRC_CHT_UL_CCCH	= 0,
+	DIAG_UMTS_RRC_CHT_UL_DCCH	= 1,
+	DIAG_UMTS_RRC_CHT_DL_CCCH	= 2,
+	DIAG_UMTS_RRC_CHT_DL_DCCH	= 3,
+	DIAG_UMTS_RRC_CHT_DL_BCCH_BCH	= 4,
+	DIAG_UMTS_RRC_CHT_DL_BCCH_FACH	= 5,
+	DIAG_UMTS_RRC_CHT_DL_PCCH	= 6,
+};
+
+static const value_string rrc_chan_types[] = {
+	{ DIAG_UMTS_RRC_CHT_UL_CCCH,	"CCCH(Uplink)" },
+	{ DIAG_UMTS_RRC_CHT_UL_DCCH,	"DCCH(Uplink)" },
+	{ DIAG_UMTS_RRC_CHT_DL_CCCH,	"CCCH(Downlink)" },
+	{ DIAG_UMTS_RRC_CHT_DL_DCCH,	"DCCH(Downlink)" },
+	{ DIAG_UMTS_RRC_CHT_DL_BCCH_BCH,"BCCH/BCH" },
+	{ DIAG_UMTS_RRC_CHT_DL_BCCH_FACH, "BCCH/FACH" },
+	{ DIAG_UMTS_RRC_CHT_DL_PCCH,	"PCCH" },
+	{ 0, NULL }
+};
+
+static int
+dissect_qcdiag_log_uim(tvbuff_t *tvb, guint offset, packet_info *pinfo, proto_tree *log_tree, proto_tree *tree)
+{
+	tvbuff_t *payload_tvb;
+	guint uim_length;
+
+	proto_tree_add_item_ret_uint(log_tree, hf_rrc_length, tvb, offset++, 1, ENC_NA, &uim_length);
+
+	/* Data: Raw APDU Message */
+	payload_tvb = tvb_new_subset_length(tvb, offset, uim_length);
+
+	if (sub_handles[SUB_SIM])
+		call_dissector(sub_handles[SUB_SIM], payload_tvb, pinfo, tree);
+
+	return tvb_captured_length(tvb);
+}
+
+static int
+dissect_qcdiag_log_rrc(tvbuff_t *tvb, guint offset, packet_info *pinfo, proto_tree *log_tree, proto_tree *tree)
+{
+	tvbuff_t *payload_tvb;
+	guint chan_type, rrc_length;
+	gint sub_handle;
+
+	proto_tree_add_item_ret_uint(log_tree, hf_rrc_chan_type, tvb, offset++, 1, ENC_NA, &chan_type);
+
+	proto_tree_add_item(log_tree, hf_rrc_rb_id, tvb, offset++, 1, ENC_NA);
+
+	proto_tree_add_item_ret_uint(log_tree, hf_rrc_length, tvb, offset, 2, ENC_LITTLE_ENDIAN, &rrc_length);
+	offset += 2;
+
+	/* Data: Raw RRC Message */
+	payload_tvb = tvb_new_subset_length(tvb, offset, rrc_length);
+
+	switch (chan_type) {
+	case DIAG_UMTS_RRC_CHT_UL_CCCH:
+		sub_handle = SUB_RRC_UL_CCCH;
+		break;
+	case DIAG_UMTS_RRC_CHT_DL_DCCH:
+		sub_handle = SUB_RRC_DL_DCCH;
+		break;
+	case DIAG_UMTS_RRC_CHT_UL_DCCH:
+		sub_handle = SUB_RRC_UL_DCCH;
+		break;
+	case DIAG_UMTS_RRC_CHT_DL_CCCH:
+		sub_handle = SUB_RRC_DL_CCCH;
+		break;
+	case DIAG_UMTS_RRC_CHT_DL_BCCH_BCH:
+		sub_handle = SUB_RRC_BCCH_BCH;
+		break;
+	case DIAG_UMTS_RRC_CHT_DL_BCCH_FACH:
+		sub_handle = SUB_RRC_BCCH_FACH;
+		break;
+	case DIAG_UMTS_RRC_CHT_DL_PCCH:
+		sub_handle = SUB_RRC_PCCH;
+		break;
+	default:
+		sub_handle = SUB_DATA;
+		break;
+	};
+
+	if (sub_handles[sub_handle])
+		call_dissector(sub_handles[sub_handle], payload_tvb, pinfo, tree);
+
+	return tvb_captured_length(tvb);
+}
+
+static int
+dissect_qcdiag_log_rr(tvbuff_t *tvb, guint offset, packet_info *pinfo, proto_tree *log_tree, proto_tree *tree)
+{
+	tvbuff_t *payload_tvb;
+	guint chan_type, rr_length;
+	gint sub_handle;
+
+	/* Byte 1 */
+	proto_tree_add_item_ret_uint(log_tree, hf_rr_chan_type, tvb, offset, 1, ENC_NA, &chan_type);
+	proto_tree_add_item(log_tree, hf_rr_downlink, tvb, offset++, 1, ENC_NA);
+
+	/* Byte 2 */
+	proto_tree_add_item(log_tree, hf_rr_msg_type, tvb, offset++, 1, ENC_NA);
+
+	/* Byte 3 */
+	proto_tree_add_item_ret_uint(log_tree, hf_msg_length, tvb, offset++, 1, ENC_NA, &rr_length);
+
+	/* Data: Raw RR Message */
+	payload_tvb = tvb_new_subset_length(tvb, offset, rr_length);
+
+	switch (chan_type) {
+	case DIAG_GSM_L2_CHAN_TYPE_BCCH:
+	case DIAG_GSM_L2_CHAN_TYPE_CCCH:
+		sub_handle = SUB_UM_CCCH;
+		break;
+	case DIAG_GSM_L2_CHAN_TYPE_SACCH:
+		sub_handle = SUB_UM_SACCH;
+		break;
+	case DIAG_GSM_L2_CHAN_TYPE_SDCCH:
+	case DIAG_GSM_L2_CHAN_TYPE_DCCH:
+	case DIAG_GSM_L2_CHAN_TYPE_FACCH_F:
+	case DIAG_GSM_L2_CHAN_TYPE_FACCH_H:
+		sub_handle = SUB_UM_DTAP;
+		break;
+	default:
+		sub_handle = SUB_DATA;
+	}
+
+	if (sub_handles[sub_handle])
+		call_dissector(sub_handles[sub_handle], payload_tvb, pinfo, tree);
+
+	return tvb_captured_length(tvb);
+}
+
+static int
+dissect_qcdiag_log_gmac(tvbuff_t *tvb, guint offset, packet_info *pinfo, proto_tree *log_tree, proto_tree *tree)
+{
+	tvbuff_t *payload_tvb;
+	guint chan_type, mac_length;
+	gint sub_handle;
+
+	/* Byte 1 */
+	proto_tree_add_item_ret_uint(log_tree, hf_mac_chan_type, tvb, offset++, 1, ENC_NA, &chan_type);
+
+	/* Byte 2 */
+	proto_tree_add_item(log_tree, hf_mac_msg_type, tvb, offset++, 1, ENC_NA);
+
+	/* Byte 3 */
+	proto_tree_add_item_ret_uint(log_tree, hf_msg_length, tvb, offset++, 1, ENC_NA, &mac_length);
+
+	/* Data: Raw RR Message */
+	payload_tvb = tvb_new_subset_length(tvb, offset, mac_length);
+
+	switch (chan_type) {
+	case PRACH_11BIT_CHANNEL:
+	case PRACH_8BIT_CHANNEL:
+	case UL_PACCH_CHANNEL:
+		sub_handle = SUB_UM_RLC_MAC_UL;
+		break;
+	case PCCCH_CHANNEL:
+	case PBCCH_CHANNEL:
+	case DL_PACCH_CHANNEL:
+		sub_handle = SUB_UM_RLC_MAC_DL;
+		break;
+	case PACCH_RRBP_CHANNEL:
+	default:
+		sub_handle = SUB_DATA;
+	}
+
+	if (sub_handles[sub_handle])
+		call_dissector(sub_handles[sub_handle], payload_tvb, pinfo, tree);
+
+	return tvb_captured_length(tvb);
+}
+
+static int
+dissect_qcdiag_log_nas(tvbuff_t *tvb, guint offset, packet_info *pinfo, proto_tree *log_tree, proto_tree *tree)
+{
+	tvbuff_t *payload_tvb;
+	guint length;
+
+	/* Byte 1: Direction */
+	proto_tree_add_item(log_tree, hf_nas_direction, tvb, offset++, 1, ENC_NA);
+
+	/* Byte 2-5: Length */
+	proto_tree_add_item_ret_uint(log_tree, hf_nas_msg_length, tvb, offset, 4, ENC_LITTLE_ENDIAN, &length);
+	offset += 4;
+
+	/* Byte 6...: NAS Message */
+	payload_tvb = tvb_new_subset_length(tvb, offset, length);
+
+	if (sub_handles[SUB_UM_DTAP])
+		call_dissector(sub_handles[SUB_UM_DTAP], payload_tvb, pinfo, tree);
+
+	return tvb_captured_length(tvb);
+}
+
+
+static int
+dissect_qcdiag_log(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
+{
+	proto_item *ti;
+	proto_tree *diag_log_tree;
+	tvbuff_t *payload_tvb;
+	gint offset = 0;
+	guint len, code;
+
+	col_set_str(pinfo->cinfo, COL_PROTOCOL, "QCDIAG-LOG");
+
+	ti = proto_tree_add_item(tree, proto_qcdiag_log, tvb, 0, -1, ENC_NA);
+	diag_log_tree = proto_item_add_subtree(ti, ett_qcdiag_log);
+
+	/* 4 bytes common header */
+	offset += 4;
+
+	proto_tree_add_item_ret_uint(diag_log_tree, hf_qcdiag_log_len, tvb, offset, 2, ENC_LITTLE_ENDIAN, &len);
+	offset += 2;
+
+	proto_tree_add_item_ret_uint(diag_log_tree, hf_qcdiag_log_code, tvb, offset, 2, ENC_LITTLE_ENDIAN, &code);
+	offset += 2;
+
+	/* 8 bytes timestamp */
+	offset += 8;
+
+	switch (code) {
+	case 0x1098:	/* UIM/SIM/UICC data */
+		return dissect_qcdiag_log_uim(tvb, offset, pinfo, diag_log_tree, tree);
+	case 0x512f:	/* GSM RR signaling message */
+		return dissect_qcdiag_log_rr(tvb, offset, pinfo, diag_log_tree, tree);
+	case 0x412f:	/* 3G RRC */
+		return dissect_qcdiag_log_rrc(tvb, offset, pinfo, diag_log_tree, tree);
+	case 0x5202:	/* LOG_GPRS_RLC_UL_STATS_C */
+		break;
+	case 0x520e:	/* LOG_GPRS_RLC_DL_RELEASE_IND_C */
+		break;
+	case 0x5226:	/* GPRS MAC signalling message */
+		return dissect_qcdiag_log_gmac(tvb, offset, pinfo, diag_log_tree, tree);
+	case 0x5230:	/* GPRS GMM */
+		break;
+	case 0x713a:
+		return dissect_qcdiag_log_nas(tvb, offset, pinfo, diag_log_tree, tree);
+		break;
+	case 0xb0c0:
+	case 0xb0e0:
+	case 0xb0e1:
+	case 0xb0e2:
+	case 0xb0e3:
+	case 0xb0ea:
+	case 0xb0eb:
+	case 0xb0ec:
+	case 0xb0ed:
+		break;
+	default:
+		payload_tvb = tvb_new_subset_length(tvb, offset, len);
+		dissector_try_uint(qcdiag_log_code_dissector_table, code, payload_tvb, pinfo, diag_log_tree);
+		break;
+	}
+
+	return tvb_captured_length(tvb);
+}
+
+void
+proto_register_qcdiag_log(void)
+{
+	static hf_register_info hf[] = {
+		{ &hf_qcdiag_log_len, { "Log Message Length", "qcdiag_log.length",
+		  FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_log_code, { "Log Code", "qcdiag_log.code",
+		  FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },
+		{ &hf_rr_downlink, { "Direction", "qcdiag_log.downlink",
+		  FT_BOOLEAN, 8, TFS(&rr_direction_vals), 0x80, NULL, HFILL } },
+		{ &hf_msg_length, { "Message Length", "qcdiag_log.msg_len",
+		  FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
+		/* RR */
+		{ &hf_rr_chan_type, { "RR Channel Type", "qcdiag_log.rr.chan_type",
+		  FT_UINT8, BASE_HEX, VALS(rr_chan_types), 0x7f, NULL, HFILL } },
+		{ &hf_rr_msg_type, { "RR Message Type", "qcdiag_log.rr.msg_type",
+		  FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } },
+		/* GPRS MAC */
+		{ &hf_mac_chan_type, { "GPRS MAC Channel Type", "qcdiag_log.gmac.chan_type",
+		  FT_UINT8, BASE_HEX, VALS(mac_chan_types), 0, NULL, HFILL } },
+		{ &hf_mac_msg_type, { "GPRS MAC Message Type", "qcdiag_log.gmac.msg_type",
+		  FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } },
+		/* NAS */
+		{ &hf_nas_msg_length, { "NAS Message Length", "qcdiag_log.nas.msg_len",
+		  FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } },
+		{ &hf_nas_direction, { "Direction", "qcdiag_log.nas.direction",
+		  FT_BOOLEAN, 8, TFS(&nas_direction_vals), 0x01, NULL, HFILL } },
+		/* RRC */
+		{ &hf_rrc_chan_type, { "RRC Channel Type", "qcdiag_log.rrc.chan_type",
+		  FT_UINT8, BASE_DEC, VALS(rrc_chan_types), 0, NULL, HFILL } },
+		{ &hf_rrc_rb_id, {"RRC RB ID", "qcdiag_log.rrc.rb_id",
+		  FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
+		{ &hf_rrc_length, {"RRC Message Length", "qcdiag_log.rrc.msg_len",
+		  FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },
+	};
+	static gint *ett[] = {
+		&ett_qcdiag_log
+	};
+
+	proto_qcdiag_log = proto_register_protocol("Qualcomm DIAG Log", "QCDIAG LOG", "qcdiag_log");
+	proto_register_field_array(proto_qcdiag_log, hf, array_length(hf));
+	proto_register_subtree_array(ett, array_length(ett));
+
+	qcdiag_log_code_dissector_table = register_dissector_table("qcdiag_log.code",
+					"QCDIAG LOG code", proto_qcdiag_log, FT_UINT16, BASE_HEX);
+}
+
+void
+proto_reg_handoff_qcdiag_log(void)
+{
+	dissector_handle_t qcdiag_log_handle;
+
+	qcdiag_log_handle = create_dissector_handle(dissect_qcdiag_log, proto_qcdiag_log);
+	dissector_add_uint("qcdiag.cmd", DIAG_LOG_F, qcdiag_log_handle);
+
+	sub_handles[SUB_DATA] = find_dissector("data");
+	sub_handles[SUB_SIM] = find_dissector("gsm_sim");
+	sub_handles[SUB_UM_CCCH] = find_dissector_add_dependency("gsm_a_ccch", proto_qcdiag_log);
+	sub_handles[SUB_UM_DTAP] = find_dissector_add_dependency("gsm_a_dtap", proto_qcdiag_log);
+	sub_handles[SUB_UM_SACCH] = find_dissector_add_dependency("gsm_a_sacch", proto_qcdiag_log);
+	sub_handles[SUB_UM_RLC_MAC_UL] = find_dissector_add_dependency("gsm_rlcmac_ul", proto_qcdiag_log);
+	sub_handles[SUB_UM_RLC_MAC_DL] = find_dissector_add_dependency("gsm_rlcmac_dl", proto_qcdiag_log);
+	sub_handles[SUB_RRC_DL_CCCH] = find_dissector_add_dependency("rrc.dl.ccch", proto_qcdiag_log);
+	sub_handles[SUB_RRC_UL_CCCH] = find_dissector_add_dependency("rrc.ul.ccch", proto_qcdiag_log);
+	sub_handles[SUB_RRC_DL_DCCH] = find_dissector_add_dependency("rrc.dl.dcch", proto_qcdiag_log);
+	sub_handles[SUB_RRC_UL_DCCH] = find_dissector_add_dependency("rrc.ul.dcch", proto_qcdiag_log);
+	sub_handles[SUB_RRC_BCCH_BCH] = find_dissector_add_dependency("rrc.bcch.bch", proto_qcdiag_log);
+	sub_handles[SUB_RRC_BCCH_FACH] = find_dissector_add_dependency("rrc.bcch.fach", proto_qcdiag_log);
+	sub_handles[SUB_RRC_PCCH] = find_dissector_add_dependency("rrc.pcch", proto_qcdiag_log);
+}
+
+/*
+ * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 noexpandtab:
+ * :indentSize=8:tabSize=8:noTabs=false:
+ */
--- a/epan/dissectors/packet-qcdiag_msg.c
+++ b/epan/dissectors/packet-qcdiag_msg.c
@ -0,0 +1,250 @@
+/* packet-qcdiag_msg.c
+ * Routines for Qualcomm DIAG MSG packet handling
+ *
+ * (C) 2016-2017 by Harald Welte <laforge@gnumonks.org>
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include "packet-qcdiag.h"
+
+static int proto_qcdiag_msg = -1;
+
+static int hf_qcdiag_msg_ts_type = -1;
+static int hf_qcdiag_msg_num_args = -1;
+static int hf_qcdiag_msg_drop_cnt = -1;
+static int hf_qcdiag_msg_line_nr = -1;
+static int hf_qcdiag_msg_subsys_id = -1;
+static int hf_qcdiag_msg_subsys_mask = -1;
+static int hf_qcdiag_msg_fmt_str = -1;
+static int hf_qcdiag_msg_formatted_str = -1;
+static int hf_qcdiag_msg_file_name = -1;
+static int hf_qcdiag_msg_argument = -1;
+
+static gint ett_qcdiag_msg = -1;
+
+#define MAX_ARGS	16
+
+static void
+sanitize_fmtstr(guint8 *fmt)
+{
+	guint8 *cur;
+
+	/* replace all CR/LF to avoid having multi-line COL_INFO */
+	for (cur = fmt; cur < fmt + strlen(fmt); cur++) {
+		if (*cur == '\n' || *cur == '\r')
+			*cur = ';';
+	}
+
+	/* Replace all '%s' with '%p', as this simply doesn't work in a
+	 * remte-printf situation. We cannot access the address on the
+	 * target device.  People putting format strings into QCDIAG MSG
+	 * should know that, but pparently some times try anyway :/ */
+	for (cur = fmt; cur && (cur < fmt + strlen(fmt)); cur = strstr(fmt, "%s")) {
+		cur[1] = 'p';
+	}
+	/* FIXME: catch cases like '% s' or '%-20s' */
+}
+
+static int
+dissect_qcdiag_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void * data _U_)
+{
+	proto_item *ti, *gi;
+	proto_tree *diag_msg_tree;
+	gint offset = 1; /* command already dissected by proto-qcdiag.c */
+	guint num_args, line_nr, subsys_id, subsys_mask, i, fmtstr_offset;
+	const guint8 *file_name;
+	guint8 *fmtstr;
+	gchar *str = NULL;
+	guint args[MAX_ARGS];
+
+	col_set_str(pinfo->cinfo, COL_PROTOCOL, "QCDIAG-MSG");
+
+	ti = proto_tree_add_item(tree, proto_qcdiag_msg, tvb, 0, -1, ENC_NA);
+	diag_msg_tree = proto_item_add_subtree(ti, ett_qcdiag_msg);
+
+	proto_tree_add_item(diag_msg_tree, hf_qcdiag_msg_ts_type, tvb, offset++, 1, ENC_NA);
+	proto_tree_add_item_ret_uint(diag_msg_tree, hf_qcdiag_msg_num_args, tvb, offset++, 1, ENC_NA, &num_args);
+	proto_tree_add_item(diag_msg_tree, hf_qcdiag_msg_drop_cnt, tvb, offset++, 1, ENC_NA);
+	/* timestamp */
+	offset += 8;
+
+	proto_tree_add_item_ret_uint(diag_msg_tree, hf_qcdiag_msg_line_nr, tvb, offset, 2, ENC_LITTLE_ENDIAN, &line_nr);
+	offset += 2;
+
+	proto_tree_add_item_ret_uint(diag_msg_tree, hf_qcdiag_msg_subsys_id, tvb, offset, 2, ENC_LITTLE_ENDIAN, &subsys_id);
+	offset += 2;
+
+	proto_tree_add_item_ret_uint(diag_msg_tree, hf_qcdiag_msg_subsys_mask, tvb, offset, 4, ENC_LITTLE_ENDIAN, &subsys_mask);
+	offset += 4;
+
+	/* Append all arguments */
+	for (i = 0; i < num_args; i++) {
+		if (i < MAX_ARGS)
+			proto_tree_add_item_ret_uint(diag_msg_tree, hf_qcdiag_msg_argument, tvb, offset, 4, ENC_LITTLE_ENDIAN, &args[i]);
+		else
+			proto_tree_add_item(diag_msg_tree, hf_qcdiag_msg_argument, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+		offset += 4;
+	}
+
+	/* we cannot use _ret_string() here, as we need an editable
+	 * (non-const) version of the string to sanitize it */
+	proto_tree_add_item(diag_msg_tree, hf_qcdiag_msg_fmt_str, tvb, offset, -1, ENC_ASCII|ENC_NA);
+	fmtstr = tvb_get_stringzpad(wmem_packet_scope(), tvb, offset, tvb_strsize(tvb, offset), ENC_ASCII);
+	fmtstr_offset = offset;
+	offset += tvb_strsize(tvb, offset);
+	sanitize_fmtstr(fmtstr);
+
+	proto_tree_add_item_ret_string(diag_msg_tree, hf_qcdiag_msg_file_name, tvb, offset, -1, ENC_ASCII, wmem_packet_scope(), &file_name);
+	offset += tvb_strsize(tvb, offset);
+
+	col_append_fstr(pinfo->cinfo, COL_INFO, "%s:%u ", file_name, line_nr);
+	switch (num_args) {
+	case 0:
+		str = wmem_strdup_printf(wmem_packet_scope(), "%s", fmtstr);
+		break;
+	case 1:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0]);
+		break;
+	case 2:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1]);
+		break;
+	case 3:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2]);
+		break;
+	case 4:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3]);
+		break;
+	case 5:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4]);
+		break;
+	case 6:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5]);
+		break;
+	case 7:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5], args[6]);
+		break;
+	case 8:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7]);
+		break;
+	case 9:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7],
+				args[8]);
+		break;
+	case 10:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7],
+				args[8], args[9]);
+		break;
+	case 11:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7],
+				args[8], args[9], args[10]);
+		break;
+	case 12:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7],
+				args[8], args[9], args[10], args[11]);
+		break;
+	case 13:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7],
+				args[8], args[9], args[10], args[11], args[12]);
+		break;
+	case 14:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7],
+				args[8], args[9], args[10], args[11], args[12], args[13]);
+		break;
+	case 15:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7],
+				args[8], args[9], args[10], args[11], args[12], args[13], args[14]);
+		break;
+	case 16:
+		str = wmem_strdup_printf(wmem_packet_scope(), fmtstr, args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7],
+				args[8], args[9], args[10], args[11], args[12], args[13], args[14], args[15]);
+		break;
+	}
+
+	proto_item_append_text(ti, ", Subsys: %u, Mask: 0x%04x, %s:%u",
+				subsys_id, subsys_mask, file_name, line_nr);
+
+	if (str) {
+		col_append_str((pinfo)->cinfo, COL_INFO, str);
+		gi = proto_tree_add_string(diag_msg_tree, hf_qcdiag_msg_formatted_str, tvb, fmtstr_offset, strlen(fmtstr), str);
+		PROTO_ITEM_SET_GENERATED(gi);
+		proto_item_append_text(ti, " %s", str);
+	}
+
+	return tvb_captured_length(tvb);
+}
+
+void
+proto_register_qcdiag_msg(void)
+{
+	static hf_register_info hf[] = {
+		{ &hf_qcdiag_msg_ts_type, { "Timestamp Type", "qcdiag_msg.ts_type",
+		  FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_msg_num_args, { "Number of Arguments", "qcdiag_msg.num_args",
+		  FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_msg_drop_cnt, { "Dropped message count", "qcdiag_msg.num_drop_cnt",
+		  FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_msg_line_nr, { "Line Number", "qcdiag_msg.line_nr",
+		  FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_msg_subsys_id, { "Subsystem ID", "qcdiag_msg.subsys_id",
+		  FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_msg_subsys_mask, { "Subsystem Mask", "qcdiag_msg.subsys_mask",
+		  FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_msg_fmt_str, { "Format String", "qcdiag_msg.fmt_str",
+		  FT_STRINGZ, BASE_NONE, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_msg_formatted_str, { "Formatted String", "qcdiag_msg.formatted_str",
+		  FT_STRINGZ, BASE_NONE, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_msg_file_name, { "File Name", "qcdiag_msg.fmt_str",
+		  FT_STRINGZ, BASE_NONE, NULL, 0, NULL, HFILL } },
+		{ &hf_qcdiag_msg_argument, { "Argument", "qcdiag_msg.argument",
+		  FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } },
+	};
+	static gint *ett[] = {
+		&ett_qcdiag_msg
+	};
+
+	proto_qcdiag_msg = proto_register_protocol("Qualcomm DIAG Msg", "QCDIAG MSG", "qcdiag_msg");
+	proto_register_field_array(proto_qcdiag_msg, hf, array_length(hf));
+	proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_qcdiag_msg(void)
+{
+	dissector_handle_t qcdiag_msg_handle;
+
+	qcdiag_msg_handle = create_dissector_handle(dissect_qcdiag_msg, proto_qcdiag_msg);
+	dissector_add_uint("qcdiag.cmd", DIAG_EXT_MSG_F, qcdiag_msg_handle);
+}
+
+/*
+ * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 noexpandtab:
+ * :indentSize=8:tabSize=8:noTabs=false:
+ */
--- a/epan/dissectors/packet-rsl.c
+++ b/epan/dissectors/packet-rsl.c
@ -445,6 +445,33 @@ static const value_string rsl_msg_disc_vals[] = {
 #define RSL_IE_OSMO_TOP_ACCH_CAP          0x62
 #define RSL_IE_OSMO_OSMUX_CID             0x63

+/* Vendor-specific definitions used in Ericsson RSL */
+#define RSL_MSG_ERIC_IMM_ASS_SENT         0x10
+#define RSL_MSG_ERIC_TRX_REP_CTRL         0x1d
+#define RSL_MSG_ERIC_TRX_REP_CTRL_ACK     0x1e
+#define RSL_MSG_ERIC_TRX_REPORT           0x1f
+
+#define RSL_IE_ERIC_INST_NUM              0x48
+#define RSL_IE_ERIC_PGSL_TIMERS           0x49
+#define RSL_IE_ERIC_REP_DL_FACCH          0x4a
+#define RSL_IE_ERIC_L2_HDR_TYPE           0xe0
+#define RSL_IE_ERIC_PWR_INFO              0xf0
+#define RSL_IE_ERIC_MOBILE_ID             0xf1
+#define RSL_IE_ERIC_BCCH_MAPPING          0xf2
+#define RSL_IE_ERIC_PACKET_PAGING_IND     0xf3
+#define RSL_IE_ERIC_COUNTER_CTRL          0xf4
+#define RSL_IE_ERIC_COUNTER_CTRL_ACK      0xf5
+#define RSL_IE_ERIC_COUNTER_REPORT        0xf6
+#define RSL_IE_ERIC_ICP_CONN              0xf7
+#define RSL_IE_ERIC_EMR_SUPPORT           0xf8
+#define RSL_IE_ERIC_EGPRS_REQ_REF         0xf9
+#define RSL_IE_ERIC_VGCSREL               0xfa
+#define RSL_IE_ERIC_NCH_REP_PERIOD        0xfb
+#define RSL_IE_ERIC_NY2                   0xfc
+#define RSL_IE_ERIC_T3115                 0xfd
+#define RSL_IE_ERIC_ACT_FLAG              0xfe
+#define RSL_IE_ERIC_FULL_NCH_INFO         0xff
+
 static const value_string rsl_msg_type_vals[] = {
      /*    0 0 0 0 - - - - Radio Link Layer Management messages: */
 /* 0x01 */ { RSL_MSG_TYPE_DATA_REQ,      "DATA REQuest" },                               /* 8.3.1 */
@ -533,7 +560,9 @@ static const value_string rsl_msg_type_vals[] = {
 /* 0x78 */ {  RSL_MSG_TYPE_IPAC_DLCX_ACK,       "ip.access DLCX ACK" },
 /* 0x79 */ {  RSL_MSG_TYPE_IPAC_DLCX_NACK,      "ip.access DLCX NACK" },
 /* 0x7f */ {  RSL_MSG_TYPE_OSMO_ETWS_CMD,       "Osmocom PRIMARY ETWS CMD" },
-/* 0x48 */ { 0,        NULL }
+	   {  0x10,				"Immediate Assignment Sent" },
+	   {  0x18,				"RACH Load?" },
+	   {  0,        NULL }
 };
 static value_string_ext rsl_msg_type_vals_ext = VALUE_STRING_EXT_INIT(rsl_msg_type_vals);

@ -687,6 +716,7 @@ static const value_string rsl_ie_type_vals[] = {
 /* 0x61 */    { RSL_IE_OSMO_TRAINING_SEQUENCE, "Training Sequence Code/Set" },
 /* 0x62 */    { RSL_IE_OSMO_TOP_ACCH_CAP, "Temporary ACCH Overpower Capabilities" },
 /* 0x63 */    { RSL_IE_OSMO_OSMUX_CID, "Osmux CID" },
+/* FIXME: Distinguish between IPA and Ericsson definitions */
 /* 0xe0 */    { RSL_IE_IPAC_SRTP_CONFIG,"SRTP Configuration" },
 /* 0xe1 */    { RSL_IE_IPAC_PROXY_UDP,  "BSC Proxy UDP Port" },
 /* 0xe2 */    { RSL_IE_IPAC_BSCMPL_TOUT,"BSC Multiplex Timeout" },
@ -3919,6 +3949,81 @@ dissct_rsl_ipaccess_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int
    return offset;
 }

+static int
+dissct_rsl_ericsson_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
+{
+    //guint8  msg_type;
+    //conversation_t *conv;
+
+    //msg_type = tvb_get_guint8(tvb, offset) & 0x7f;
+    offset++;
+
+    /* parse TLV attributes */
+    while (tvb_reported_length_remaining(tvb, offset) > 0) {
+        guint8 tag;
+        unsigned int len, hlen;
+        const struct tlv_def *tdef;
+        proto_item *ti;
+        proto_tree *ie_tree;
+
+        tag = tvb_get_guint8(tvb, offset);
+        tdef = &rsl_att_tlvdef.def[tag];
+
+        switch (tdef->type) {
+        case TLV_TYPE_FIXED:
+            hlen = 1;
+            len = tdef->fixed_len;
+            break;
+        case TLV_TYPE_T:
+            hlen = 1;
+            len = 0;
+            break;
+        case TLV_TYPE_TV:
+            hlen = 1;
+            len = 1;
+            break;
+        case TLV_TYPE_TLV:
+            hlen = 2;
+            len = tvb_get_guint8(tvb, offset+1);
+            break;
+        case TLV_TYPE_TL16V:
+            hlen = 3;
+            len = tvb_get_guint8(tvb, offset+1) << 8 |
+                tvb_get_guint8(tvb, offset+2);
+            break;
+        case TLV_TYPE_UNKNOWN:
+        default:
+            return tvb_reported_length(tvb);
+        }
+
+        ti = proto_tree_add_item(tree, hf_rsl_ie_id, tvb, offset, 1, ENC_BIG_ENDIAN);
+        ie_tree = proto_item_add_subtree(ti, ett_ie_local_port);
+        offset += hlen;
+
+        switch (tag) {
+        case RSL_IE_CH_NO:
+            dissect_rsl_ie_ch_no(tvb, pinfo, ie_tree, offset, FALSE);
+            break;
+        case RSL_IE_ERIC_INST_NUM:
+        case RSL_IE_ERIC_REP_DL_FACCH:
+        case RSL_IE_ERIC_PWR_INFO:
+        case RSL_IE_ERIC_MOBILE_ID:
+        case RSL_IE_ERIC_BCCH_MAPPING:
+        case RSL_IE_ERIC_PACKET_PAGING_IND:
+        case RSL_IE_ERIC_COUNTER_CTRL:
+        case RSL_IE_ERIC_COUNTER_CTRL_ACK:
+        case RSL_IE_ERIC_COUNTER_REPORT:
+        case RSL_IE_ERIC_ICP_CONN:
+        case RSL_IE_ERIC_EGPRS_REQ_REF:
+            break;
+        }
+        offset += len;
+    }
+
+    return offset;
+}
+
+
 static int
 dissct_rsl_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
 {
@ -3935,6 +4040,18 @@ dissct_rsl_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
    }
    offset++;

+    switch (msg_type) {
+    case RSL_MSG_ERIC_IMM_ASS_SENT:
+    case RSL_MSG_ERIC_TRX_REP_CTRL:
+    case RSL_MSG_ERIC_TRX_REP_CTRL_ACK:
+    case RSL_MSG_ERIC_TRX_REPORT:
+    case 0x18:
+        offset = dissct_rsl_ericsson_msg(tvb, pinfo, tree, offset-1);
+	return offset;
+    default:
+        break;
+    }
+
    switch (msg_type) {
 /* Radio Link Layer Management messages */
    /* 8.3.1 DATA REQUEST */
@ -5523,6 +5640,29 @@ void proto_register_rsl(void)
    RSL_ATT_TLVDEF(RSL_IE_OSMO_TRAINING_SEQUENCE, TLV_TYPE_TLV,      0);
    RSL_ATT_TLVDEF(RSL_IE_OSMO_OSMUX_CID,    TLV_TYPE_TLV,           0);

+#if 0
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_INST_NUM, TLV_TYPE_TV, 0);
+    /* RSL_IE_ERIC_PGSL_TIMERS? */
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_REP_DL_FACCH, TLV_TYPE_TV, 0);
+    /* RSL_IE_ERIC_L2_HDR_TYPE? */
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_PWR_INFO, TLV_TYPE_FIXED, 2);
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_MOBILE_ID, TLV_TYPE_FIXED, 4);
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_BCCH_MAPPING, TLV_TYPE_TV, 0);
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_PACKET_PAGING_IND, TLV_TYPE_TV, 0);
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_COUNTER_CTRL, TLV_TYPE_FIXED, 2);
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_COUNTER_CTRL_ACK, TLV_TYPE_TV, 0);
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_COUNTER_REPORT, TLV_TYPE_TLV, 0);
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_ICP_CONN, TLV_TYPE_TLV, 0);
+    /* RSL_IE_ERIC_EMR_SUPPORT? */
+    RSL_ATT_TLVDEF(RSL_IE_ERIC_EGPRS_REQ_REF, TLV_TYPE_FIXED, 4);
+    /* RSL_IE_ERIC_VGCSREL */
+    /* RSL_IE_ERIC_NCH_REP_PERIOD */
+    /* RSL_IE_ERIC_NY2 */
+    /* RSL_IE_ERIC_T3115 */
+    /* RSL_IE_ERIC_ACT_FLAG */
+    /* RSL_IE_ERIC_FULL_NCH_INFO */
+#endif
+
    /* Register the protocol name and description */
    proto_rsl = proto_register_protocol("Radio Signalling Link (RSL)", "RSL", "gsm_abis_rsl");
Author	SHA1	Message	Date
Harald Welte	82af28921a	WIP: qcdiag SIM Change-Id: I7c4025405516edd42aea2e4c1800d341882b0876	2023-03-11 15:02:01 +01:00
Harald Welte	fb5d2e9f48	qcdiag_log: Implement RRC dissection Change-Id: If7a5ea0fb44a40fd0abd67606ee7dcb83efe6fec	2023-03-11 15:02:01 +01:00
Harald Welte	44af8186c2	qcdiag: Dissect Log Configuration packets Change-Id: I5c54a49e41e84d043f55ab0a05e6ffed2f8e1291	2023-03-11 15:02:01 +01:00
Harald Welte	1ed4f95185	qcdiag_msg: Add summary info to root node Change-Id: I9769c6834a5fed6698695170e4bac775922c1a14	2023-03-11 15:02:01 +01:00
Harald Welte	d570049af3	qcdiag: Add summary information to qcdiag root node Change-Id: Id648ccdc000da5cd4d4d881b1720cf6164a526d9	2023-03-11 15:02:01 +01:00
Harald Welte	9c1ceaaea7	qcdiag: Use value_string_ext Change-Id: I736d69cb524af2e8254d94b9ab15577f5b65646e	2023-03-11 15:02:01 +01:00
Harald Welte	743845055f	qcdiag_msg: Avoid multi-line COL_INFO and crashes in case of %s also, add the formatted string not only to COL_INFO but also to the packet details. Change-Id: I54ccb1621b640f8676f7248bf23f9eed3da3cbdb	2023-03-11 15:02:01 +01:00
Harald Welte	52b015b146	WIP: Qualcomm DIAG Protocol support Change-Id: I0bd06c46e00570005a1148860954a77c8f5445a8	2023-03-11 15:02:01 +01:00
Harald Welte	3128d7534f	WIP: RSL Ericsson support Change-Id: I1e9b3c08848f4feb60361e629d7225b6d2e1dcbd	2023-03-11 14:53:56 +01:00
Harald Welte	43968887ba	HACK: Hand GPRS RLC payload to GPRS LLC dissector this is an ugly hack, as there is no code for packet re-assembly in betwween, i.e. we only get proper dissection if the LLC message was fitting entirely into one RLC block. Nevertheless, sufficient to see things like RAU, ATTACH, IDENTITY procedures. Change-Id: I1fc488aa58353e5f4264b940f9f4c18987148a7d	2023-03-11 14:50:02 +01:00