diff options
author | Anders Broman <anders.broman@ericsson.com> | 2018-11-15 14:34:05 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2018-11-15 15:22:24 +0000 |
commit | e6c6f99e87156ce8a4338d4f1872b70cb9a84f1b (patch) | |
tree | 2dea9998afa9c415f809428ebf192f697352616f /wiretap/nettrace_3gpp_32_423.c | |
parent | 58fade6c630ccf7388bcd9ff160d3e5c97102691 (diff) |
nettrace: Parse IPv6 addresses.
Change-Id: Iad583c39605ed2dd7a1c64f3729500c6b8a31fd3
Reviewed-on: https://code.wireshark.org/review/30650
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'wiretap/nettrace_3gpp_32_423.c')
-rw-r--r-- | wiretap/nettrace_3gpp_32_423.c | 187 |
1 files changed, 137 insertions, 50 deletions
diff --git a/wiretap/nettrace_3gpp_32_423.c b/wiretap/nettrace_3gpp_32_423.c index a7a9a94a76..54b60afa57 100644 --- a/wiretap/nettrace_3gpp_32_423.c +++ b/wiretap/nettrace_3gpp_32_423.c @@ -24,12 +24,13 @@ #include "wtap-int.h" #include "file_wrappers.h" #include "pcap-encap.h" +#include "version_info.h" #include <wsutil/buffer.h> #include "wsutil/tempfile.h" #include "wsutil/os_version_info.h" -#include "version_info.h" #include "wsutil/str_util.h" +#include <wsutil/inet_addr.h> #include "pcapng.h" @@ -80,16 +81,10 @@ typedef struct nettrace_3gpp_32_423_file_info { typedef struct exported_pdu_info { guint32 precense_flags; /*const char* proto_name;*/ - guint8 src_ipv4_d1; - guint8 src_ipv4_d2; - guint8 src_ipv4_d3; - guint8 src_ipv4_d4; + guint8 src_ip[16]; guint32 ptype; /* Based on epan/address.h port_type valid for both src and dst*/ guint32 src_port; - guint8 dst_ipv4_d1; - guint8 dst_ipv4_d2; - guint8 dst_ipv4_d3; - guint8 dst_ipv4_d4; + guint8 dst_ip[16]; guint32 dst_port; char* proto_col_str; }exported_pdu_info_t ; @@ -110,6 +105,8 @@ typedef struct exported_pdu_info { #define EXP_PDU_TAG_IPV4_SRC 20 #define EXP_PDU_TAG_IPV4_DST 21 +#define EXP_PDU_TAG_IPV6_SRC 22 +#define EXP_PDU_TAG_IPV6_DST 23 #define EXP_PDU_TAG_SRC_PORT 25 #define EXP_PDU_TAG_PORT_TYPE 24 /**< value part is port_type enum from epan/address.h */ #define EXP_PDU_TAG_DST_PORT 26 @@ -128,13 +125,15 @@ typedef struct exported_pdu_info { * COL_PROTOCOL might not be filled in. */ -#define EXP_PDU_TAG_IP_SRC_BIT 0x01 -#define EXP_PDU_TAG_IP_DST_BIT 0x02 -#define EXP_PDU_TAG_SRC_PORT_BIT 0x04 -#define EXP_PDU_TAG_DST_PORT_BIT 0x08 -#define EXP_PDU_TAG_SS7_OPC_BIT 0x20 -#define EXP_PDU_TAG_SS7_DPC_BIT 0x40 -#define EXP_PDU_TAG_ORIG_FNO_BIT 0x80 +#define EXP_PDU_TAG_IP_SRC_BIT 0x001 +#define EXP_PDU_TAG_IP_DST_BIT 0x002 +#define EXP_PDU_TAG_SRC_PORT_BIT 0x004 +#define EXP_PDU_TAG_DST_PORT_BIT 0x008 +#define EXP_PDU_TAG_ORIG_FNO_BIT 0x010 +#define EXP_PDU_TAG_SS7_OPC_BIT 0x020 +#define EXP_PDU_TAG_SS7_DPC_BIT 0x040 +#define EXP_PDU_TAG_IP6_SRC_BIT 0x080 +#define EXP_PDU_TAG_IP6_DST_BIT 0x100 /* 2nd byte of optional tags bitmap */ #define EXP_PDU_TAG_DVBCI_EVT_BIT 0x0100 @@ -146,6 +145,9 @@ typedef struct exported_pdu_info { #define EXP_PDU_TAG_SRC_PORT_LEN 4 #define EXP_PDU_TAG_DST_PORT_LEN 4 +#define EXP_PDU_TAG_IPV4_LEN 4 +#define EXP_PDU_TAG_IPV6_LEN 16 + static gboolean nettrace_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) @@ -433,6 +435,11 @@ write_packet_data(wtap_dumper *wdh, wtap_rec *rec, int *err, gchar **err_info, g if ((exported_pdu_info->precense_flags & EXP_PDU_TAG_IP_SRC_BIT) == EXP_PDU_TAG_IP_SRC_BIT) { exp_pdu_tags_len += 4 + EXP_PDU_TAG_IPV4_SRC_LEN; } + + if ((exported_pdu_info->precense_flags & EXP_PDU_TAG_IP6_SRC_BIT) == EXP_PDU_TAG_IP6_SRC_BIT) { + exp_pdu_tags_len += 4 + EXP_PDU_TAG_IPV6_LEN; + } + if ((exported_pdu_info->precense_flags & EXP_PDU_TAG_SRC_PORT_BIT) == EXP_PDU_TAG_SRC_PORT_BIT) { if (!port_type_defined) { exp_pdu_tags_len += 4 + EXP_PDU_TAG_PORT_TYPE_LEN; @@ -445,6 +452,10 @@ write_packet_data(wtap_dumper *wdh, wtap_rec *rec, int *err, gchar **err_info, g exp_pdu_tags_len += 4 + EXP_PDU_TAG_IPV4_DST_LEN; } + if ((exported_pdu_info->precense_flags & EXP_PDU_TAG_IP6_DST_BIT) == EXP_PDU_TAG_IP6_DST_BIT) { + exp_pdu_tags_len += 4 + EXP_PDU_TAG_IPV6_LEN; + } + if ((exported_pdu_info->precense_flags & EXP_PDU_TAG_DST_PORT_BIT) == EXP_PDU_TAG_DST_PORT_BIT) { if (!port_type_defined) { exp_pdu_tags_len += 4 + EXP_PDU_TAG_PORT_TYPE_LEN; @@ -516,14 +527,21 @@ write_packet_data(wtap_dumper *wdh, wtap_rec *rec, int *err, gchar **err_info, g i++; packet_buf[i] = EXP_PDU_TAG_IPV4_SRC_LEN; /* tag length */; i++; - packet_buf[i] = exported_pdu_info->src_ipv4_d1; + memcpy(packet_buf+i, exported_pdu_info->src_ip, EXP_PDU_TAG_IPV4_SRC_LEN); + i += EXP_PDU_TAG_IPV4_SRC_LEN; + } + + if ((exported_pdu_info->precense_flags & EXP_PDU_TAG_IP6_SRC_BIT) == EXP_PDU_TAG_IP6_SRC_BIT) { + packet_buf[i] = 0; i++; - packet_buf[i] = exported_pdu_info->src_ipv4_d2; + packet_buf[i] = EXP_PDU_TAG_IPV6_SRC; i++; - packet_buf[i] = exported_pdu_info->src_ipv4_d3; + packet_buf[i] = 0; i++; - packet_buf[i] = exported_pdu_info->src_ipv4_d4; + packet_buf[i] = EXP_PDU_TAG_IPV6_LEN; /* tag length */; i++; + memcpy(packet_buf+i, exported_pdu_info->src_ip, EXP_PDU_TAG_IPV6_LEN); + i += EXP_PDU_TAG_IPV6_LEN; } if ((exported_pdu_info->precense_flags & EXP_PDU_TAG_SRC_PORT_BIT) == EXP_PDU_TAG_SRC_PORT_BIT) { @@ -571,16 +589,21 @@ write_packet_data(wtap_dumper *wdh, wtap_rec *rec, int *err, gchar **err_info, g i++; packet_buf[i] = 0; i++; - packet_buf[i] = EXP_PDU_TAG_IPV4_DST_LEN; /* tag length */; - i++; - packet_buf[i] = exported_pdu_info->dst_ipv4_d1; + memcpy(packet_buf + i, exported_pdu_info->dst_ip, EXP_PDU_TAG_IPV4_DST_LEN); + i += EXP_PDU_TAG_IPV4_DST_LEN; + } + + if ((exported_pdu_info->precense_flags & EXP_PDU_TAG_IP6_DST_BIT) == EXP_PDU_TAG_IP6_DST_BIT) { + packet_buf[i] = 0; i++; - packet_buf[i] = exported_pdu_info->dst_ipv4_d2; + packet_buf[i] = EXP_PDU_TAG_IPV6_DST; i++; - packet_buf[i] = exported_pdu_info->dst_ipv4_d3; + packet_buf[i] = 0; i++; - packet_buf[i] = exported_pdu_info->dst_ipv4_d4; + packet_buf[i] = EXP_PDU_TAG_IPV6_LEN; /* tag length */; i++; + memcpy(packet_buf + i, exported_pdu_info->dst_ip, EXP_PDU_TAG_IPV6_LEN); + i += EXP_PDU_TAG_IPV6_LEN; } if ((exported_pdu_info->precense_flags & EXP_PDU_TAG_DST_PORT_BIT) == EXP_PDU_TAG_DST_PORT_BIT) { @@ -719,21 +742,7 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_ gsize opt_len; gchar *opt_str; /* Info to build exported_pdu tags*/ - exported_pdu_info_t exported_pdu_info; - - exported_pdu_info.precense_flags = 0; - exported_pdu_info.src_ipv4_d1 = 0; - exported_pdu_info.src_ipv4_d2 = 0; - exported_pdu_info.src_ipv4_d3 = 0; - exported_pdu_info.src_ipv4_d4 = 0; - exported_pdu_info.ptype = OLD_PT_NONE; - exported_pdu_info.src_port = 0; - exported_pdu_info.dst_ipv4_d1 = 0; - exported_pdu_info.dst_ipv4_d2 = 0; - exported_pdu_info.dst_ipv4_d3 = 0; - exported_pdu_info.dst_ipv4_d4 = 0; - exported_pdu_info.dst_port = 0; - exported_pdu_info.proto_col_str = NULL; + exported_pdu_info_t exported_pdu_info = { 0 }; import_file_fd = create_tempfile(&(file_info->tmpname), "Wireshark_PDU_", NULL); @@ -897,11 +906,30 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_ /* Lets add the raw messages as packets after the main "packet" with the whole file */ while ((curr_pos = strstr(curr_pos, "<msg")) != NULL){ wtap_open_return_val temp_val; + char str[3]; /* Clear for each itteration */ exported_pdu_info.precense_flags = 0; exported_pdu_info.ptype = OLD_PT_NONE; - curr_pos = curr_pos + 4; + prev_pos = curr_pos = curr_pos + 4; + /* Look for the end of the tag first */ + next_msg_pos = strstr(curr_pos, ">"); + if (!next_msg_pos) { + /* Somethings wrong, bail out */ + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("Did not find end of tag \">\""); + result = WTAP_OPEN_ERROR; + goto end; + } + /* Check if its a tag close "/>" */ + g_strlcpy(str, next_msg_pos - 1 , 3); + next_msg_pos = next_msg_pos - 1; + if (strcmp(str, "/>") == 0) { + /* There is no rawmsg here skip to nex msg */ + curr_pos = next_msg_pos + 2; + continue; + } + curr_pos = prev_pos; next_msg_pos = strstr(curr_pos, "</msg>"); if (!next_msg_pos){ /* Somethings wrong, bail out */ @@ -971,10 +999,10 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_ &d1, &d2, &d3, &d4, &port, transp_str); if (scan_found == 6) { exported_pdu_info.precense_flags = exported_pdu_info.precense_flags + EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_SRC_PORT_BIT; - exported_pdu_info.src_ipv4_d1 = d1; - exported_pdu_info.src_ipv4_d2 = d2; - exported_pdu_info.src_ipv4_d3 = d3; - exported_pdu_info.src_ipv4_d4 = d4; + exported_pdu_info.src_ip[0] = d1; + exported_pdu_info.src_ip[1] = d2; + exported_pdu_info.src_ip[2] = d3; + exported_pdu_info.src_ip[3] = d4; /* Only add port_type once */ if(exported_pdu_info.ptype == OLD_PT_NONE){ @@ -984,6 +1012,35 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_ } exported_pdu_info.src_port = port; } else { + /* See if we can find [ (an IPv6 address)*/ + curr_pos = strstr(curr_pos, "["); + if ((curr_pos) && (curr_pos < next_pos)) { + char *square_brk_pos = curr_pos; + curr_pos = strstr(square_brk_pos + 1, "]"); + if ((curr_pos) && (curr_pos < next_pos)) { + /* Found somthing between square brackets */ + char ipv6_str[WS_INET6_ADDRSTRLEN]; + ws_in6_addr ip6_addr; + int str_len; + + str_len = (int)(curr_pos - square_brk_pos); + g_strlcpy(ipv6_str, square_brk_pos + 1, str_len); + /*g_warning("found IPv6 %s", ipv6_str);*/ + if (ws_inet_pton6(ipv6_str, &ip6_addr)) { + curr_pos++; + scan_found = sscanf(curr_pos, ", %*s %*s %5u, %*s %*s %4s", &port, transp_str); + exported_pdu_info.precense_flags = exported_pdu_info.precense_flags + EXP_PDU_TAG_IP6_SRC_BIT + EXP_PDU_TAG_SRC_PORT_BIT; + memcpy(exported_pdu_info.src_ip, ip6_addr.bytes, EXP_PDU_TAG_IPV6_LEN); + /* Only add port_type once */ + if (exported_pdu_info.ptype == OLD_PT_NONE) { + if (g_ascii_strncasecmp(transp_str, "udp", 3) == 0) exported_pdu_info.ptype = OLD_PT_UDP; + else if (g_ascii_strncasecmp(transp_str, "tcp", 3) == 0) exported_pdu_info.ptype = OLD_PT_TCP; + else if (g_ascii_strncasecmp(transp_str, "sctp", 4) == 0) exported_pdu_info.ptype = OLD_PT_SCTP; + + } + } + } + } /* g_warning("scan_found:%u, %u.%u.%u.%u Port %u transport %s", scan_found, d1, d2, d3, d4, port, transp_str); */ } } else { @@ -1013,15 +1070,16 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_ curr_pos = curr_pos + 7; /* Excample from one trace, unsure if it's generic... * {address == 192.168.73.1, port == 5062, transport == Udp} + * {address == [2001:1b70:8294:210a::78], port == 34189, transport == Tcp} */ scan_found = sscanf(curr_pos, "%*s %3u.%3u.%3u.%3u, %*s %*s %5u, %*s %*s %4s", &d1, &d2, &d3, &d4, &port, transp_str); if (scan_found == 6) { exported_pdu_info.precense_flags = exported_pdu_info.precense_flags + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_DST_PORT_BIT; - exported_pdu_info.dst_ipv4_d1 = d1; - exported_pdu_info.dst_ipv4_d2 = d2; - exported_pdu_info.dst_ipv4_d3 = d3; - exported_pdu_info.dst_ipv4_d4 = d4; + exported_pdu_info.dst_ip[0] = d1; + exported_pdu_info.dst_ip[1] = d2; + exported_pdu_info.dst_ip[2] = d3; + exported_pdu_info.dst_ip[3] = d4; /* Only add port_type once */ if (exported_pdu_info.ptype == OLD_PT_NONE) { if (g_ascii_strncasecmp(transp_str, "udp", 3) == 0) exported_pdu_info.ptype = OLD_PT_UDP; @@ -1030,6 +1088,35 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_ } exported_pdu_info.dst_port = port; } else { + /* See if we can find [ (an IPv6 address)*/ + curr_pos = strstr(curr_pos, "["); + if ((curr_pos) && (curr_pos < next_pos)) { + char *square_brk_pos = curr_pos; + curr_pos = strstr(square_brk_pos + 1, "]"); + if ((curr_pos) && (curr_pos < next_pos)) { + /* Found somthing between square brackets */ + char ipv6_str[WS_INET6_ADDRSTRLEN]; + ws_in6_addr ip6_addr; + int str_len; + + str_len = (int)(curr_pos - square_brk_pos); + g_strlcpy(ipv6_str, square_brk_pos + 1, str_len); + /*g_warning("found IPv6 %s", ipv6_str);*/ + if (ws_inet_pton6(ipv6_str, &ip6_addr)) { + curr_pos++; + scan_found = sscanf(curr_pos, ", %*s %*s %5u, %*s %*s %4s", &port, transp_str); + exported_pdu_info.precense_flags = exported_pdu_info.precense_flags + EXP_PDU_TAG_IP6_DST_BIT + EXP_PDU_TAG_DST_PORT_BIT; + memcpy(exported_pdu_info.dst_ip, ip6_addr.bytes, EXP_PDU_TAG_IPV6_LEN); + /* Only add port_type once */ + if (exported_pdu_info.ptype == OLD_PT_NONE) { + if (g_ascii_strncasecmp(transp_str, "udp", 3) == 0) exported_pdu_info.ptype = OLD_PT_UDP; + else if (g_ascii_strncasecmp(transp_str, "tcp", 3) == 0) exported_pdu_info.ptype = OLD_PT_TCP; + else if (g_ascii_strncasecmp(transp_str, "sctp", 4) == 0) exported_pdu_info.ptype = OLD_PT_SCTP; + + } + } + } + } /* g_warning("scan_found:%u, %u.%u.%u.%u Port %u transport %s", scan_found, d1, d2, d3, d4, port, transp_str); */ } } |