diff options
Diffstat (limited to 'contrib/a-link/sccp-split-by-con.lua')
| -rw-r--r-- | contrib/a-link/sccp-split-by-con.lua | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/contrib/a-link/sccp-split-by-con.lua b/contrib/a-link/sccp-split-by-con.lua new file mode 100644 index 000000000..f5d5502ae --- /dev/null +++ b/contrib/a-link/sccp-split-by-con.lua @@ -0,0 +1,170 @@ +-- Split trace based on SCCP Source +-- There are still bugs to find... bugs bugs bugs... hmm +do + local function init_listener() + print("CREATED LISTENER") + local tap = Listener.new("ip", "sccp && (ip.src == 172.16.1.81 || ip.dst == 172.16.1.81)") + local sccp_type_field = Field.new("sccp.message_type") + local sccp_src_field = Field.new("sccp.slr") + local sccp_dst_field = Field.new("sccp.dlr") + local msg_type_field = Field.new("gsm_a.dtap_msg_mm_type") + local lu_rej_field = Field.new("gsm_a.dtap.rej_cause") + local ip_src_field = Field.new("ip.src") + local ip_dst_field = Field.new("ip.dst") + + -- + local bssmap_msgtype_field = Field.new("gsm_a.bssmap_msgtype") + -- assignment failure 0x03 + -- + + -- + local dtap_cause_field = Field.new("gsm_a_dtap.cause") + local dtap_cc_field = Field.new("gsm_a.dtap_msg_cc_type") + + local connections = {} + + function check_failure(con) + check_lu_reject(con) + check_disconnect(con) + check_failures(con) + end + + -- cipher mode reject + function check_failures(con) + local msgtype = bssmap_msgtype_field() + if not msgtype then + return + end + + msgtype = tonumber(msgtype) + if msgtype == 89 then + print("Cipher mode reject") + con[4] = true + elseif msgtype == 0x03 then + print("Assignment failure") + con[4] = true + elseif msgtype == 0x22 then + print("Clear Request... RF failure?") + con[4] = true + end + end + + -- check if a DISCONNECT is normal + function check_disconnect(con) + local msg_type = dtap_cc_field() + if not msg_type then + return + end + + if tonumber(msg_type) ~= 0x25 then + return + end + + local cause = dtap_cause_field() + if not cause then + return + end + + cause = tonumber(cause) + if cause ~= 0x10 then + print("DISCONNECT != Normal") + con[4] = true + end + end + + -- check if we have a LU Reject + function check_lu_reject(con) + local msg_type = msg_type_field() + if not msg_type then + return + end + + msg_type = tonumber(tostring(msg_type)) + if msg_type == 0x04 then + print("LU REJECT with " .. tostring(lu_rej_field())) + con[4] = true + end + end + + function tap.packet(pinfo,tvb,ip) + local ip_src = tostring(ip_src_field()) + local ip_dst = tostring(ip_dst_field()) + local sccp_type = tonumber(tostring(sccp_type_field())) + local sccp_src = sccp_src_field() + local sccp_dst = sccp_dst_field() + + local con + + if sccp_type == 0x01 then + elseif sccp_type == 0x2 then + local src = string.format("%s-%s", ip_src, tostring(sccp_src)) + local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) + local datestring = os.date("%Y%m%d%H%M%S") + local pcap_name = string.format("alink_trace_%s-%s_%s.pcap", src, dst, datestring) + local dumper = Dumper.new_for_current(pcap_name) + + local con = { ip_src, tostring(sccp_src), tostring(sccp_dst), false, dumper, pcap_name } + + dumper:dump_current() + connections[src] = con + connections[dst] = con + elseif sccp_type == 0x4 then + -- close a connection... remove it from the list + local src = string.format("%s-%s", ip_src, tostring(sccp_src)) + local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) + + local con = connections[src] + if not con then + return + end + + con[5]:dump_current() + con[5]:flush() + + -- this causes a crash on unpacted wireshark + con[5]:close() + + -- the connection had a failure + if con[4] == true then + local datestring = os.date("%Y%m%d%H%M%S") + local new_name = string.format("alink_failure_%s_%s-%s.pcap", datestring, con[2], con[3]) + os.rename(con[6], new_name) + else + os.remove(con[6]) + end + + + -- clear the old connection + connections[src] = nil + connections[dst] = nil + + elseif sccp_type == 0x5 then + -- not handled yet... we should verify stuff here... + local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) + local con = connections[dst] + if not con then + return + end + con[5]:dump_current() + elseif sccp_type == 0x6 then + local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) + local con = connections[dst] + if not con then + print("DON'T KNOW THIS CONNECTION for " .. ip_dst) + return + end + con[5]:dump_current() + check_failure(con) + end + + end + function tap.draw() + print("DRAW") + end + function tap.reset() + print("RESET") + end + end + + init_listener() +end |