Age | Commit message (Collapse) | Author | Files | Lines |
|
Remove init of proto, header field, expert info and subtree variables.
This will reduces the binary size by approximate 1266320 bytes due to
using .bss to zero-initialize the fields.
The conversion is done using the tools/convert-proto-init.py script.
|
|
This change adds a dissector for the X.75 protocol,
commonly used on ISDN B-channels.
The protocol is defined in ITU-T Rec. X.75 (10/96).
X.75 is similar to LAPB, but has no further protocols on top
of the asychronous link layer.
|
|
GSMTAP introduced a number of new sub-types for ISDN B-channel
protocols, such as V.120, PPP, etc.
Add the new sub-types and add the dispatch for each protocol
for which Wireshark already has a dissector.
|
|
|
|
Changes several calls of `create_dissector_handle()` to instead call
`register_dissector()` with a name for the dissector.
This should handle all dissectors in `epan/` from `packet-g*` to
`packet-i*`.
This change allows affected dissectors to be findable by calls to
`find_dissector()`. In turn, this opens up more command-line use for
these protocols, including fuzzshark and rawshark, as well as lua use
via `Dissector.get()`.
Where needed, move the call from the protocol handoff function to the
protocol register function, save the result in a static variable,
and use that variable in the handoff function.
There were some calls to `create_dissector_handle()` or
`register_dissector()` which passed `-1` as the protocol argument. When
I saw those I corrected them to pass the actual `proto_foo` identifier
instead.
Partially addresses #5612
|
|
The header for frame_data can forward declare an incomplete type
for wtap_rec, since it only takes a pointer to it.
This prevents every dissector from automatically including
wiretap/wtap.h
Add wiretap/wtap.h to some dissectors that need it.
Remove it from some other dissectors that had the explicit include
but don't actually need it.
A few other dissectors actually need wsutil/inet_addr.h but were
getting that via wtap.h - include what they actually need.
This reduces the number of files that are recompiled when
wiretap/wtap.h is touched from ~2500 to ~800.
Note that most of the dissectors that still include wiretap/wtap.h
really only need to use a WTAP_ENCAP_ value, and most of the rest
just need a pseudoheader. Those could be moved into another wiretap
include to further reduce recompilation.
Related to #19127
|
|
|
|
format B4 is used for UI frames only
|
|
This protocol is used in the user plane of non-transparent CSD (Circuit
Switched Data) calls in GSM networks. RLP frames are sent over the Um
air interface, and are sent as modified V.110 frames over 64k TDM
channels in the back-haul/core network. For modern implementations,
this means in RFC4040 RTP CLEARMODE.
As there's no V.110 decoder in wireshark, we cannot connect the RLP
decoder to that. However, we hook it up to the GSMTAP dissector to
enable other software to pass the decoded RLP frames into wireshark.
|
|
|
|
GSMTAP has had support for various other ISDN related protocols as
sub-types of the GSMTAP_TYPE_E1T1 type. We've recently started to work
on V5 (ITU-T G.964/G.965) and introduced a new sub-type for this.
Let's add the related dispatch from packet-gsmtap.c to packet-v5ef.c
|
|
When the ability to dispatch GSMTAP E1/T1 frames to the LAPD dissector
was merged in August 2020, a recent July 2020 change earlier has
restructured and renamed the lapd dissector. So at the time the GSMTAP
support for LAPD was added, the dissector was no longer called 'lapd'
and hence it never worked.
commit 75c739e4b71f1fb6d907b8d5ceb31db50dbd1fc7
Author: Guy Harris <gharris@sonic.net>
Date: Sat Jul 25 02:20:10 2020 -0700
ISDN, LAPD: clean up the way they connect to other dissectors.
commit 132d6ec70bd9e17e124e4f94537c903bd4b286d7
Author: Harald Welte <laforge@osmocom.org>
Date: Thu Aug 20 19:11:58 2020 +0200
Let's fix this by properly dispatching the LAPD frames from GSMTAP.
|
|
And change them to say "set" rather than "create"; they do more than
just allocate an array of conversation elements, they stuff a pointer to
that array into pinfo, which may affect what other dissectors do.
|
|
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
|
|
Switch the non-endpoint *_by_id conversation routines to use element
lists. Change the ID type from guint32 to guint64. None of them used the
address+port option flag arguments, so remove them.
|
|
|
|
For more details, see 3GPP TS 44.004:
- section 6.1 "Physical layer protocol fields and procedures",
- figures 7.1.1-2 "SACCH downlink block format",
- figures 7.2.1-2 "SACCH uplink block format".
|
|
GSMTAP has recently gained support for wrapping E1/T1 protocol traces.
This is very useful as contrary to pcap/wtap file based protocol traces,
GSMTAP can be streamed in real-time.
The GSMTAP pseudo-header encodes information such as
* the E1/T1 timeslot number
* the E1/T1 subeslot number (if I.460 is used)
* the E1/T1 line/span number (somewhat awkwardly as 'antenna number')
* the payload (LAPD, Frame Relay, TRAU, ...)
In this first implementation in wireshark, only FR and LAPD
sub-dissectors are added. The other payloads (TRAU) do not have any
wireshark dissectors so far.
Change-Id: Ib699e9231ef7b9e6c5053e6b920954b3e7b0a4a4
Reviewed-on: https://code.wireshark.org/review/38213
Reviewed-by: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I57853e706b58fd3bb46d952fcb1f517f435fd737
Reviewed-on: https://code.wireshark.org/review/37193
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Work based on current code from epan/dissectors/packet-gsm_abis_pgsl.c,
as well as on initial patch from Holger Hans Peter Freyther [1].
Tested with one downlink MCS1 data block generated by osmo-pcu.
[1] https://osmocom.org/issues/1542
Change-Id: I01a8bd1cdb78d1c236a451fbee37854eb688fa14
Reviewed-on: https://code.wireshark.org/review/36489
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The GSMTAP Um interface type has so far only been used for transporting
signaling messages. Osmocom has recently introduced support for
encapsulating user-plane data (voice codec frames) in virtphy and
osmo-bts-virtual. Let's catch up with this capability here.
For the Osmcoom side, see:
* https://gerrit.osmocom.org/c/osmocom-bb/+/17415
* https://gerrit.osmocom.org/c/osmo-bts/+/17377
Change-Id: Icceb524f0f47bab206ead8345d405ffea06ac109
Reviewed-on: https://code.wireshark.org/review/36359
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vadim Yanitskiy <axilirator@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The absolute radio-frequency channel numbers may overlap between
both DCS1800 and PCS1900 frequency bands. The purpose of the PCS
band indocator is to avoid ambiguity for the overlapping numbers.
Change-Id: I5c6e429e9c579d1e132994954a4d32f2f1bd6ca5
Reviewed-on: https://code.wireshark.org/review/36240
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I3abc627ee0e88cc276511af66b33bda990fe5624
Reviewed-on: https://code.wireshark.org/review/35157
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
|
|
Change-Id: Ie4cf6e5a00aa2a699e979f0ebd52f7dce084c8f4
Reviewed-on: https://code.wireshark.org/review/35156
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
|
|
Change-Id: I1489239ba6f0f687d933e94e811e916300fe7089
Reviewed-on: https://code.wireshark.org/review/35155
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
|
|
Change-Id: I00abb41f513c7afcf95c8ed9a1fcdb64f3f14aa4
Reviewed-on: https://code.wireshark.org/review/35154
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
|
|
According to 3GPP TS 45.002, section 3.3.4.2, PTCCH (Packet Timing
advance control channel) is a packet dedicated channel, that is
used for continuous Timing Advance control in (E)GPRS.
There are two sub-types of that logical channel:
- PTCCH/U (Uplink): used to transmit random Access Bursts
to allow estimation of the Timing Advance for one MS in
packet transfer mode.
- PTCCH/D (Downlink): used by the network to transmit
Timing Advance updates for several MS.
As per 3GPP TS 45.003, section 5.2, the coding scheme used for
PTCCH/U is the same as for PRACH as specified in subclause 5.3,
while the coding scheme used for PTCCH/D is the same as for
CS-1 as specified in subclause 5.1.1.
The format of PTCCH/D messages can be described as follows:
+--------------+--------------+-----+---------------+------------------+
| Octet 1 | Octet 2 | | Octet 16 | Octet 17 .. 23 |
+---+----------+---+----------+-----+---+-----------+------------------+
| 0 | TA TAI=0 | 0 | TA TAI=1 | ... | 0 | TA TAI=15 | Padding 00101011 |
+---+----------+---+----------+-----+---+-----------+------------------+
what gives us 16 Timing Advance values (7 bit each) for 16 different
mobile stations identified by TAI (0..15). The remaining space is
padding and shall be filled with constant value 0x2B.
Bug: 16096
Change-Id: I0ce81d922a8a8c3981da2486baa3e1efcff46539
Reviewed-on: https://code.wireshark.org/review/34660
Reviewed-by: Pau Espin Pedrol <pespin@sysmocom.de>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Idf0b7b81192827e8c71876c47a66e275f31f32cb
Reviewed-on: https://code.wireshark.org/review/30074
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Later release of 3GPP TS 36.331 added new LTE RRC channels. This commit
additionally defines LTE RRC message types existing in Release V15.3.0.
Change-Id: If20710c15823ed879bddde17355704c769845d0d
Reviewed-on: https://code.wireshark.org/review/30073
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Issue was spotted because the bit used by wireshark in this field
didn't make sense, as same bit was being used by MS Power field.
According to spec "3GPP TS 44.004" section "7.2 SACCH uplink block format",
the field is located in bit 6 of the 1st octet.
Change-Id: Ia4390b79d9d2b3966c4ca69eda0bf1ae10be7398
Reviewed-on: https://code.wireshark.org/review/29893
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
GSMTAP_TYPE_LTE_NAS has been set to 0x12 by osmocom:
https://gerrit.osmocom.org/5018
Change-Id: Ia248e54cd73eaa9b8ad02aa40145e5a87baca79e
Reviewed-on: https://code.wireshark.org/review/24554
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I92c94448e6641716d03158a5f332c8b53709423a
Reviewed-on: https://code.wireshark.org/review/25756
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Replace with conversation API that limits the "endpoint" to a single
uint32 value.
The intention is to eventually have "layered" endpoints, because circuit_id
was used in cases where src/dest port have already been populated (and
are used for layers above). Those src/dest ports should just be treated
as just another endpoint, but we currently only have support for one.
Change-Id: Ic6aa7ef0241275aa4dfde9459194369b48c72960
Reviewed-on: https://code.wireshark.org/review/24369
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Showing a description of the 'sub_type' in the
fields tree for RRC payloads.
Change-Id: Ie4fd4498690db27d4b996fff99fa74b676be9ddb
Reviewed-on: https://code.wireshark.org/review/23133
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ie71db56327e1cb17b46da0d0675e3485bebd2439
Reviewed-on: https://code.wireshark.org/review/22885
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The RLC/MAC dissector decodes both signalling (PACCH) and data (PDTCH)
RLC/MAC blocks, so let's make sure we dispatch both logical channels
into that dissector.
Change-Id: Ia26a1ba74468a49da071185cc5ee876ade907207
Reviewed-on: https://code.wireshark.org/review/22861
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
PDCH is the physical channel name, while PDTCH is one of the logical
channels (goether with PTCCH and PACCH) on the PDTCH. Let's call it
by its proper name, rather than keeping the misnomer.
Change-Id: I724fcfba595c9c861b64a30d5510468ec007424c
Reviewed-on: https://code.wireshark.org/review/22860
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This code is borrowed from a patch proposed by altaf329@gmail.com in june 2015
(Ice136a9cb950bb97a11bee4486071b6883a0cad7) and adapted to fit current wireshark code (and minus the LTE MAC frame dissector).
Change-Id: Iaa1ea8b2d7a3e618f8aa14203449f2c77b4727f5
Reviewed-on: https://code.wireshark.org/review/22515
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
The B4 Frame Format is used on the downlink SACCH and has no length
field.
While the comment on top of packet-lapdm.c claimed ever since its
introduction in 2009 that B4 was a supported format, in fact it was not
supported yet. This patch makes handling the length field conditional
to a frame format that has a length field, and introduces lapdm_data_t
that can be passed using call_dissector_with_data().
The GSMTAP dissector is updated to use this mechanism to specify the
frame format based on the channel type.
Change-Id: I52cb1cedbc8c7baf65e70d3e050e8932573647aa
Reviewed-on: https://code.wireshark.org/review/21767
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Applications can also use GSMTAP framing to convey log messages
which would traditionally be printed on stderr or on log files. This
allows the ordered/interspersed display of protocol messages with log
lines from the applications that send or received those messages.
The osmocom logging framework (part of libosmocore) implements this in
libosmocore.git Change-Id I9a7e72b8c9c6f6f2d76d1ea2332dcdee12394625
Change-Id: I0de723445e5b5ce0199a4081808111240a9ed047
Reviewed-on: https://code.wireshark.org/review/19183
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Several calls to proto_tree_add_uint_format_value could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field. There also
a few cases where proto_tree_add_uint_format_value could just be
proto_tree_add_uint.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Iaedff82c515269c9c31ab9100dff19f5563c932d
Reviewed-on: https://code.wireshark.org/review/19242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Move the GSMTAP protocol related #defines to packet-gsmtap.h, as there
are other dissectors (like packet-gsm_sim.c and future dissectors) need
access to some of those #defines.
Change-Id: Ibb3517bd773be63b7e3cd30104a5351427e22ebf
Reviewed-on: https://code.wireshark.org/review/19185
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This finalizes the transformation for dissectors.
Change-Id: Ie5986b72bb69a6e8779ca3f5e20a80357c9e6fea
Reviewed-on: https://code.wireshark.org/review/12122
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|