diff options
Diffstat (limited to 'contrib/gprs')
-rwxr-xr-x | contrib/gprs/gb-proxy-unblock-bug.py | 58 | ||||
-rw-r--r-- | contrib/gprs/gprs-bssgp-histogram.lua | 78 | ||||
-rw-r--r-- | contrib/gprs/gprs-buffer-count.lua | 80 | ||||
-rw-r--r-- | contrib/gprs/gprs-split-trace-by-tlli.lua | 46 | ||||
-rw-r--r-- | contrib/gprs/gprs-verify-nu.lua | 59 |
5 files changed, 321 insertions, 0 deletions
diff --git a/contrib/gprs/gb-proxy-unblock-bug.py b/contrib/gprs/gb-proxy-unblock-bug.py new file mode 100755 index 000000000..0cd4b871f --- /dev/null +++ b/contrib/gprs/gb-proxy-unblock-bug.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python + +""" +demonstrate a unblock bug on the GB Proxy.. +""" + +bts_ns_reset = "\x02\x00\x81\x01\x01\x82\x1f\xe7\x04\x82\x1f\xe7" +ns_reset_ack = "\x03\x01\x82\x1f\xe7\x04\x82\x1f\xe7" + +bts_ns_unblock = "\x06" +ns_unblock_ack = "\x07" + +bts_bvc_reset_0 = "\x00\x00\x00\x00\x22\x04\x82\x00\x00\x07\x81\x03\x3b\x81\x02" +ns_bvc_reset_0_ack = "\x00\x00\x00\x00\x23\x04\x82\x00\x00" + +bts_bvc_reset_8167 = "\x00\x00\x00\x00\x22\x04\x82\x1f\xe7\x07\x81\x08\x08\x88\x72\xf4\x80\x10\x1c\x00\x9c\x40" + + +import socket +socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) +socket.bind(("0.0.0.0", 0)) +socket.setblocking(1) + + +import sys +port = int(sys.argv[1]) +print "Sending data to port: %d" % port + +def send_and_receive(packet): + socket.sendto(packet, ("127.0.0.1", port)) + + try: + data, addr = socket.recvfrom(4096) + except socket.error, e: + print "ERROR", e + import sys + sys.exit(0) + return data + +#send stuff once + +to_send = [ + (bts_ns_reset, ns_reset_ack, "reset ack"), + (bts_ns_unblock, ns_unblock_ack, "unblock ack"), + (bts_bvc_reset_0, ns_bvc_reset_0_ack, "BVCI=0 reset ack"), +] + + +for (out, inp, type) in to_send: + res = send_and_receive(out) + if res != inp: + print "Failed to get the %s" % type + sys.exit(-1) + +import time +time.sleep(3) +res = send_and_receive(bts_bvc_reset_8167) +print "Sent all messages... check wireshark for the last response" diff --git a/contrib/gprs/gprs-bssgp-histogram.lua b/contrib/gprs/gprs-bssgp-histogram.lua new file mode 100644 index 000000000..b1ab5df7f --- /dev/null +++ b/contrib/gprs/gprs-bssgp-histogram.lua @@ -0,0 +1,78 @@ +-- Simple LUA script to print the size of BSSGP messages over their type... + +do + local ip_bucket = {} + + local pdu_types = {} + pdu_types[ 6] = "PAGING" + pdu_types[11] = "SUSPEND" + pdu_types[12] = "SUSPEND-ACK" + pdu_types[32] = "BVC-BLOCK" + pdu_types[33] = "BVC-BLOCK-ACK" + pdu_types[34] = "BVC-RESET" + pdu_types[35] = "BVC-RESET-ACK" + pdu_types[36] = "UNBLOCK" + pdu_types[37] = "UNBLOCK-ACK" + pdu_types[38] = "FLOW-CONTROL-BVC" + pdu_types[39] = "FLOW-CONTROL-BVC-ACK" + pdu_types[40] = "FLOW-CONTROL-MS" + pdu_types[41] = "FLOW-CONTROL-MS-ACK" + pdu_types[44] = "LLC-DISCARDED" + + local function init_listener() + -- handle the port as NS over IP + local udp_port_table = DissectorTable.get("udp.port") + local gprs_ns_dis = Dissector.get("gprs_ns") + udp_port_table:add(23000,gprs_ns_dis) + + -- bssgp filters + local bssgp_pdu_get = Field.new("bssgp.pdu_type") + local udp_length_get = Field.new("udp.length") + + local tap = Listener.new("ip", "udp.port == 23000") + function tap.packet(pinfo,tvb,ip) + local pdu = bssgp_pdu_get() + local len = udp_length_get() + + -- only handle bssgp, but we also want the IP frame + if not pdu then + return + end + + pdu = tostring(pdu) + if tonumber(pdu) == 0 or tonumber(pdu) == 1 then + return + end + + local ip_src = tostring(ip.ip_src) + local bssgp_histo = ip_bucket[ip_src] + if not bssgp_histo then + bssgp_histo = {} + ip_bucket[ip_src] = bssgp_histo + end + + local key = pdu + local bucket = bssgp_histo[key] + if not bucket then + bucket = {} + bssgp_histo[key] = bucket + end + + table.insert(bucket, tostring(len)) + print("IP: " .. ip_src .. " PDU: " .. pdu_types[tonumber(pdu)] .. " Length: " .. tostring(len)) + end + + function tap.draw() + -- well... this will not be called... +-- for ip,bssgp_histo in pairs(dumpers) do +-- print("IP " .. ip) +-- end + end + + function tap.reset() + -- well... this will not be called... + end + end + + init_listener() +end diff --git a/contrib/gprs/gprs-buffer-count.lua b/contrib/gprs/gprs-buffer-count.lua new file mode 100644 index 000000000..ca8864ad1 --- /dev/null +++ b/contrib/gprs/gprs-buffer-count.lua @@ -0,0 +1,80 @@ +-- I count the buffer space needed for LLC PDUs in the worse case and print it + +do + local function init_listener() + -- handle the port as NS over IP + local udp_port_table = DissectorTable.get("udp.port") + local gprs_ns_dis = Dissector.get("gprs_ns") + udp_port_table:add(23000,gprs_ns_dis) + + -- bssgp filters + local bssgp_pdu_get = Field.new("bssgp.pdu_type") + local bssgp_delay_get = Field.new("bssgp.delay_val") + local llcgprs_get = Field.new("llcgprs") + local pdus = nil + + print("START...") + + local tap = Listener.new("ip", "udp.port == 23000 && bssgp.pdu_type == 0") + function tap.packet(pinfo,tvb,ip) + local pdu = bssgp_pdu_get() + local len = llcgprs_get().len + local delay = bssgp_delay_get() + + -- only handle bssgp, but we also want the IP frame + if not pdu then + return + end + + if tonumber(tostring(delay)) == 65535 then + pdus = { next = pdus, + len = len, + expires = -1 } + else + local off = tonumber(tostring(delay)) / 100.0 + pdus = { next = pdus, + len = len, + expires = pinfo.rel_ts + off } + end + local now_time = tonumber(tostring(pinfo.rel_ts)) + local now_size = 0 + local l = pdus + local prev = nil + local count = 0 + while l do + if now_time < l.expires or l.expires == -1 then + now_size = now_size + l.len + prev = l + l = l.next + count = count + 1 + else + -- delete things + if prev == nil then + pdus = nil + l = nil + else + prev.next = l.next + l = l.next + end + end + end +-- print("TOTAL: " .. now_time .. " PDU_SIZE: " .. now_size) + print(now_time .. " " .. now_size / 1024.0 .. " " .. count) +-- print("NOW: " .. tostring(pinfo.rel_ts) .. " Delay: " .. tostring(delay) .. " Length: " .. tostring(len)) + end + + function tap.draw() + -- well... this will not be called... +-- for ip,bssgp_histo in pairs(dumpers) do +-- print("IP " .. ip) +-- end + print("END") + end + + function tap.reset() + -- well... this will not be called... + end + end + + init_listener() +end diff --git a/contrib/gprs/gprs-split-trace-by-tlli.lua b/contrib/gprs/gprs-split-trace-by-tlli.lua new file mode 100644 index 000000000..018c377c5 --- /dev/null +++ b/contrib/gprs/gprs-split-trace-by-tlli.lua @@ -0,0 +1,46 @@ +-- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only) +-- Dump files are created for both source and destination hosts +do + local dir = "by_tlli" + local dumpers = {} + local function init_listener() + local udp_port_table = DissectorTable.get("udp.port") + local gprs_ns_dis = Dissector.get("gprs_ns") + udp_port_table:add(23000,gprs_ns_dis) + + local field_tlli = Field.new("bssgp.tlli") + local tap = Listener.new("ip", "udp.port == 23000") + + -- we will be called once for every IP Header. + -- If there's more than one IP header in a given packet we'll dump the packet once per every header + function tap.packet(pinfo,tvb,ip) + local tlli = field_tlli() + if not tlli then + return + end + + local tlli_str = tostring(tlli) + tlli_dmp = dumpers[tlli_str] + if not tlli_dmp then + local tlli_hex = string.format("0x%x", tonumber(tlli_str)) + print("Creating dump for TLLI " .. tlli_hex) + tlli_dmp = Dumper.new_for_current(dir .. "/" .. tlli_hex .. ".pcap") + dumpers[tlli_str] = tlli_dmp + end + tlli_dmp:dump_current() + tlli_dmp:flush() + end + function tap.draw() + for tlli,dumper in pairs(dumpers) do + dumper:flush() + end + end + function tap.reset() + for tlli,dumper in pairs(dumpers) do + dumper:close() + end + dumpers = {} + end + end + init_listener() +end diff --git a/contrib/gprs/gprs-verify-nu.lua b/contrib/gprs/gprs-verify-nu.lua new file mode 100644 index 000000000..e44fdd16f --- /dev/null +++ b/contrib/gprs/gprs-verify-nu.lua @@ -0,0 +1,59 @@ +-- This script verifies that the N(U) is increasing... +-- +do + local nu_state_src = {} + + local function init_listener() + -- handle the port as NS over IP + local udp_port_table = DissectorTable.get("udp.port") + local gprs_ns_dis = Dissector.get("gprs_ns") + udp_port_table:add(23000,gprs_ns_dis) + + -- we want to look here... + local llc_sapi_get = Field.new("llcgprs.sapib") + local llc_nu_get = Field.new("llcgprs.nu") + local bssgp_tlli_get = Field.new("bssgp.tlli") + + local tap = Listener.new("ip", "udp.port == 23000") + function tap.packet(pinfo,tvb,ip) + local llc_sapi = llc_sapi_get() + local llc_nu = llc_nu_get() + local bssgp_tlli = bssgp_tlli_get() + + if not llc_sapi or not llc_nu or not bssgp_tlli then + return + end + + local ip_src = tostring(ip.ip_src) + local bssgp_tlli = tostring(bssgp_tlli) + local llc_nu = tostring(llc_nu) + local llc_sapi = tostring(llc_sapi) + + local src_key = ip_src .. "-" .. bssgp_tlli .. "-" .. llc_sapi + local last_nu = nu_state_src[src_key] + if not last_nu then + -- print("Establishing mapping for " .. src_key) + nu_state_src[src_key] = llc_nu + return + end + + local function tohex(number) + return string.format("0x%x", tonumber(number)) + end + + nu_state_src[src_key] = llc_nu + if tonumber(last_nu) + 1 ~= tonumber(llc_nu) then + print("JUMP in N(U) on TLLI " .. tohex(bssgp_tlli) .. " and SAPI: " .. llc_sapi .. " src: " .. ip_src) + print("\t last: " .. last_nu .. " now: " .. llc_nu) + end + end + + function tap.draw() + end + + function tap.reset() + end + end + init_listener() +end + |