ad9a9a6a9d
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics. Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences". You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX) To enable the use of the Tcap context, you have 2 new parameters in the preferences, - SRT, enable search for a Tcap context for any TCAP messages - persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats. There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout. svn path=/trunk/; revision=19341
264 lines
7.6 KiB
INI
264 lines
7.6 KiB
INI
# tcap.cnf
|
|
# tcap conformation file
|
|
|
|
#
|
|
|
|
#.MODULE_IMPORT
|
|
|
|
#.EXPORTS
|
|
|
|
|
|
#.PDU
|
|
|
|
|
|
#.NO_EMIT
|
|
|
|
#.TYPE_RENAME
|
|
|
|
#.FIELD_RENAME
|
|
|
|
#.FN_BODY DialogueOC
|
|
tvbuff_t *next_tvb;
|
|
gint8 class;
|
|
gboolean pc;
|
|
gint tag;
|
|
guint32 len;
|
|
gint ind_field;
|
|
|
|
|
|
offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
|
|
offset = get_ber_length(tree, tvb, offset, &len, &ind_field);
|
|
next_tvb = tvb_new_subset(tvb, offset, len-(2*ind_field), len-(2*ind_field));
|
|
|
|
|
|
if (!next_tvb)
|
|
return offset;
|
|
|
|
dissect_tcap_ExternalPDU(TRUE, next_tvb, 2, pinfo, tree, -1);
|
|
|
|
|
|
return offset+len;
|
|
|
|
#.FN_BODY Dialog1
|
|
gint8 class;
|
|
gboolean pc;
|
|
gint tag;
|
|
guint32 len;
|
|
gint ind_field;
|
|
|
|
|
|
offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
|
|
offset = get_ber_length(tree, tvb, offset, &len, &ind_field);
|
|
dissect_tcap_DialoguePDU(TRUE, tvb, 0, pinfo, tree, -1);
|
|
|
|
return offset+len;
|
|
|
|
#.FN_BODY Parameter
|
|
tvbuff_t *next_tvb;
|
|
gint8 class;
|
|
gboolean pc;
|
|
gint tag;
|
|
guint32 len;
|
|
gint ind_field;
|
|
|
|
|
|
offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
|
|
offset = get_ber_length(tree, tvb, offset, &len, &ind_field);
|
|
/* need to strip the EOC off the next_tvb */
|
|
next_tvb = tvb_new_subset(tvb, offset, len-(2*ind_field), len-(2*ind_field));
|
|
|
|
if (!next_tvb)
|
|
return offset;
|
|
dissect_tcap_param(pinfo,tree,tvb,0);
|
|
offset += len;
|
|
return offset;
|
|
|
|
#.FN_BODY User_information
|
|
tvbuff_t *next_tvb;
|
|
gint8 class;
|
|
gboolean pc;
|
|
gint tag;
|
|
guint32 len;
|
|
gint ind_field;
|
|
|
|
|
|
offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
|
|
offset = get_ber_length(tree, tvb, offset, &len, &ind_field);
|
|
next_tvb = tvb_new_subset(tvb, offset, len-(2*ind_field), len-(2*ind_field));
|
|
if (!next_tvb)
|
|
return offset+len;
|
|
dissect_tcap_UserInformation(TRUE, next_tvb, 0, pinfo, tree, -1);
|
|
|
|
|
|
return offset+len;
|
|
#.FN_BODY Component
|
|
dissect_tcap_TheComponent(implicit_tag, tvb, offset, pinfo, tree, hf_index);
|
|
|
|
#.FN_BODY Applicationcontext FN_VARIANT = _str VAL_PTR = &cur_oid
|
|
%(DEFAULT_BODY)s
|
|
tcap_private.oid= (void*) cur_oid;
|
|
tcap_private.acv=TRUE;
|
|
|
|
#.FN_BODY UserInfoOID FN_VARIANT = _str VAL_PTR = &tcapext_oid
|
|
%(DEFAULT_BODY)s
|
|
tcap_private.oid= (void*)tcapext_oid;
|
|
tcap_private.acv=TRUE;
|
|
|
|
#.FN_BODY ExternUserInfo
|
|
dissect_tcap_TheExternUserInfo(implicit_tag, tvb, offset, pinfo, tree, hf_index);
|
|
|
|
#.FN_BODY ANSIParameters
|
|
/* we are doing the ParamSet here so need to look at the tags*/
|
|
guint32 len;
|
|
len = tvb_length_remaining(tvb, offset);
|
|
if (len > 2) /* arghhh I dont know whether this is constructed or not! */
|
|
offset = dissect_tcap_param(pinfo,tree,tvb,offset);
|
|
else
|
|
offset = dissect_ber_octet_string(TRUE, pinfo, tree, tvb, 0, hf_index,
|
|
NULL);
|
|
|
|
|
|
#.FN_BODY ComponentPDU
|
|
tvbuff_t *next_tvb;
|
|
dissector_handle_t subdissector_handle;
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_length_remaining(tvb, offset));
|
|
|
|
if (! (subdissector_handle = get_ansi_tcap_subdissector(pinfo->match_port))) {
|
|
subdissector_handle = data_handle;
|
|
}
|
|
|
|
tcap_subdissector_used=TRUE;
|
|
|
|
call_dissector(subdissector_handle, next_tvb, pinfo, tcap_top_tree);
|
|
|
|
offset = dissect_ber_choice(pinfo, tree, tvb, offset,
|
|
ComponentPDU_choice, hf_index, ett_tcap_ComponentPDU,NULL);
|
|
|
|
#.FN_BODY OrigTransactionID
|
|
tvbuff_t *parameter_tvb;
|
|
guint8 len, i;
|
|
proto_item *tid_item;
|
|
proto_tree *subtree;
|
|
tid_item = proto_tree_add_text(tree, tvb, offset, -1, "Source Transaction ID");
|
|
subtree = proto_item_add_subtree(tid_item, ett_otid);
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, pinfo, subtree, tvb, offset, hf_tcap_tid,
|
|
¶meter_tvb);
|
|
|
|
if (parameter_tvb){
|
|
len = tvb_length_remaining(parameter_tvb, 0);
|
|
switch(len) {
|
|
case 1:
|
|
gp_tcapsrt_info->src_tid=tvb_get_guint8(parameter_tvb, 0);
|
|
break;
|
|
case 2:
|
|
gp_tcapsrt_info->src_tid=tvb_get_ntohs(parameter_tvb, 0);
|
|
break;
|
|
case 4:
|
|
gp_tcapsrt_info->src_tid=tvb_get_ntohl(parameter_tvb, 0);
|
|
break;
|
|
default:
|
|
gp_tcapsrt_info->src_tid=0;
|
|
break;
|
|
}
|
|
|
|
if ((len)&&(check_col(pinfo->cinfo, COL_INFO))){
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, "otid(");
|
|
for(i=0;i<len;i++)
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, "%%02x",tvb_get_guint8(parameter_tvb,i));
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, ") ");
|
|
}
|
|
|
|
}
|
|
|
|
|
|
#.FN_BODY DestTransactionID
|
|
tvbuff_t *parameter_tvb;
|
|
guint8 len , i;
|
|
proto_item *tid_item;
|
|
proto_tree *subtree;
|
|
tid_item = proto_tree_add_text(tree, tvb, offset, -1, "Destination Transaction ID");
|
|
subtree = proto_item_add_subtree(tid_item, ett_otid);
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, pinfo, subtree, tvb, offset, hf_tcap_tid,
|
|
¶meter_tvb);
|
|
|
|
if (parameter_tvb){
|
|
len = tvb_length_remaining(parameter_tvb, 0);
|
|
switch(len) {
|
|
case 1:
|
|
gp_tcapsrt_info->dst_tid=tvb_get_guint8(parameter_tvb, 0);
|
|
break;
|
|
case 2:
|
|
gp_tcapsrt_info->dst_tid=tvb_get_ntohs(parameter_tvb, 0);
|
|
break;
|
|
case 4:
|
|
gp_tcapsrt_info->dst_tid=tvb_get_ntohl(parameter_tvb, 0);
|
|
break;
|
|
default:
|
|
gp_tcapsrt_info->dst_tid=0;
|
|
break;
|
|
}
|
|
|
|
if ((len)&&(check_col(pinfo->cinfo, COL_INFO))){
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, "dtid(");
|
|
for(i=0;i<len;i++)
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, "%%02x",tvb_get_guint8(parameter_tvb,i));
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, ") ");
|
|
}
|
|
}
|
|
#.FN_BODY Begin
|
|
gp_tcapsrt_info->ope=TC_BEGIN;
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " Begin ");
|
|
offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
|
|
Begin_sequence, hf_index, ett_tcap_Begin);
|
|
#.FN_BODY End
|
|
gp_tcapsrt_info->ope=TC_END;
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " End ");
|
|
offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
|
|
End_sequence, hf_index, ett_tcap_End);
|
|
#.FN_BODY Continue
|
|
gp_tcapsrt_info->ope=TC_CONT;
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " Continue ");
|
|
offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
|
|
Continue_sequence, hf_index, ett_tcap_Continue);
|
|
#.FN_BODY Abort
|
|
gp_tcapsrt_info->ope=TC_ABORT;
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " Abort ");
|
|
offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
|
|
Abort_sequence, hf_index, ett_tcap_Abort);
|
|
#.FN_BODY AbortPDU
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " Abort ");
|
|
offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
|
|
AbortPDU_sequence, hf_index, ett_tcap_AbortPDU);
|
|
#.FN_BODY TransactionPDU
|
|
if ((hf_index == hf_tcap_ansiqueryWithPerm)&&(check_col(pinfo->cinfo, COL_INFO)))
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " QueryWithPerm");
|
|
|
|
if ((hf_index == hf_tcap_ansiqueryWithoutPerm)&&(check_col(pinfo->cinfo, COL_INFO)))
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " QueryWithOutPerm");
|
|
|
|
if ((hf_index == hf_tcap_ansiresponse)&&(check_col(pinfo->cinfo, COL_INFO)))
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " Response");
|
|
|
|
if ((hf_index == hf_tcap_ansiconversationWithPerm)&&(check_col(pinfo->cinfo, COL_INFO)))
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " ConversationWithPerm");
|
|
|
|
if ((hf_index == hf_tcap_ansiconversationWithoutPerm)&&(check_col(pinfo->cinfo, COL_INFO)))
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " ConversationWithoutPerm");
|
|
|
|
offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
|
|
TransactionPDU_sequence, hf_index, ett_tcap_TransactionPDU);
|
|
|
|
#.END
|