5 files changed, 321 insertions, 0 deletions
diff --git a/contrib/gprs/gb-proxy-unblock-bug.py b/contrib/gprs/gb-proxy-unblock-bug.py
new file mode 100755
index 000000000..0cd4b871f
--- /dev/null
+++ b/contrib/gprs/gb-proxy-unblock-bug.py
@@ -0,0 +1,58 @@
+#!/usr/bin/env python
+
+"""
+demonstrate a unblock bug on the GB Proxy..
+"""
+
+bts_ns_reset = "\x02\x00\x81\x01\x01\x82\x1f\xe7\x04\x82\x1f\xe7"
+ns_reset_ack = "\x03\x01\x82\x1f\xe7\x04\x82\x1f\xe7"
+
+bts_ns_unblock = "\x06"
+ns_unblock_ack = "\x07"
+
+bts_bvc_reset_0 = "\x00\x00\x00\x00\x22\x04\x82\x00\x00\x07\x81\x03\x3b\x81\x02"
+ns_bvc_reset_0_ack = "\x00\x00\x00\x00\x23\x04\x82\x00\x00"
+
+bts_bvc_reset_8167 = "\x00\x00\x00\x00\x22\x04\x82\x1f\xe7\x07\x81\x08\x08\x88\x72\xf4\x80\x10\x1c\x00\x9c\x40"
+
+
+import socket
+socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+socket.bind(("0.0.0.0", 0))
+socket.setblocking(1)
+
+
+import sys
+port = int(sys.argv[1])
+print "Sending data to port: %d" % port
+
+def send_and_receive(packet):
+    socket.sendto(packet, ("127.0.0.1", port))
+
+    try:
+        data, addr = socket.recvfrom(4096)
+    except socket.error, e:
+        print "ERROR", e
+        import sys
+        sys.exit(0)
+    return data
+
+#send stuff once
+
+to_send = [
+    (bts_ns_reset, ns_reset_ack, "reset ack"),
+    (bts_ns_unblock, ns_unblock_ack, "unblock ack"),
+    (bts_bvc_reset_0, ns_bvc_reset_0_ack, "BVCI=0 reset ack"),
+]
+
+
+for (out, inp, type) in to_send:
+    res = send_and_receive(out)
+    if res != inp:
+        print "Failed to get the %s" % type
+        sys.exit(-1)
+
+import time
+time.sleep(3)
+res = send_and_receive(bts_bvc_reset_8167)
+print "Sent all messages... check wireshark for the last response"
diff --git a/contrib/gprs/gprs-bssgp-histogram.lua b/contrib/gprs/gprs-bssgp-histogram.lua
new file mode 100644
index 000000000..b1ab5df7f
--- /dev/null
+++ b/contrib/gprs/gprs-bssgp-histogram.lua
@@ -0,0 +1,78 @@
+-- Simple LUA script to print the size of BSSGP messages over their type...
+
+do
+	local ip_bucket = {}
+
+	local pdu_types = {}
+	pdu_types[ 6] = "PAGING"
+	pdu_types[11] = "SUSPEND"
+	pdu_types[12] = "SUSPEND-ACK"
+	pdu_types[32] = "BVC-BLOCK"
+	pdu_types[33] = "BVC-BLOCK-ACK"
+	pdu_types[34] = "BVC-RESET"
+	pdu_types[35] = "BVC-RESET-ACK"
+	pdu_types[36] = "UNBLOCK"
+	pdu_types[37] = "UNBLOCK-ACK"
+	pdu_types[38] = "FLOW-CONTROL-BVC"
+	pdu_types[39] = "FLOW-CONTROL-BVC-ACK"
+	pdu_types[40] = "FLOW-CONTROL-MS"
+	pdu_types[41] = "FLOW-CONTROL-MS-ACK"
+	pdu_types[44] = "LLC-DISCARDED"
+
+	local function init_listener()
+		-- handle the port as NS over IP
+		local udp_port_table = DissectorTable.get("udp.port")
+		local gprs_ns_dis = Dissector.get("gprs_ns")
+		udp_port_table:add(23000,gprs_ns_dis)
+
+		-- bssgp filters
+		local bssgp_pdu_get = Field.new("bssgp.pdu_type")
+		local udp_length_get = Field.new("udp.length")
+
+		local tap = Listener.new("ip", "udp.port == 23000")
+		function tap.packet(pinfo,tvb,ip)
+			local pdu = bssgp_pdu_get()
+			local len = udp_length_get()
+
+			-- only handle bssgp, but we also want the IP frame
+			if not pdu then
+				return
+			end
+
+			pdu = tostring(pdu)
+			if tonumber(pdu) == 0 or tonumber(pdu) == 1 then
+				return
+			end
+
+			local ip_src = tostring(ip.ip_src)
+			local bssgp_histo = ip_bucket[ip_src]
+			if not bssgp_histo then
+				bssgp_histo = {}
+				ip_bucket[ip_src] = bssgp_histo
+			end
+
+			local key = pdu
+			local bucket = bssgp_histo[key]
+			if not bucket then
+				bucket = {}
+				bssgp_histo[key] = bucket
+			end
+
+			table.insert(bucket, tostring(len))
+			print("IP: " .. ip_src .. " PDU: " .. pdu_types[tonumber(pdu)] .. " Length: " .. tostring(len))
+		end
+
+		function tap.draw()
+			-- well... this will not be called...
+--			for ip,bssgp_histo in pairs(dumpers) do
+--				print("IP " .. ip)
+--			end
+		end
+
+		function tap.reset()
+			-- well... this will not be called...
+		end
+	end
+
+	init_listener()
+end
diff --git a/contrib/gprs/gprs-buffer-count.lua b/contrib/gprs/gprs-buffer-count.lua
new file mode 100644
index 000000000..ca8864ad1
--- /dev/null
+++ b/contrib/gprs/gprs-buffer-count.lua
@@ -0,0 +1,80 @@
+-- I count the buffer space needed for LLC PDUs in the worse case and print it
+
+do
+	local function init_listener()
+		-- handle the port as NS over IP
+		local udp_port_table = DissectorTable.get("udp.port")
+		local gprs_ns_dis = Dissector.get("gprs_ns")
+		udp_port_table:add(23000,gprs_ns_dis)
+
+		-- bssgp filters
+		local bssgp_pdu_get = Field.new("bssgp.pdu_type")
+		local bssgp_delay_get = Field.new("bssgp.delay_val")
+		local llcgprs_get = Field.new("llcgprs")
+		local pdus = nil
+
+		print("START...")
+
+		local tap = Listener.new("ip", "udp.port == 23000 && bssgp.pdu_type == 0")
+		function tap.packet(pinfo,tvb,ip)
+			local pdu = bssgp_pdu_get()
+			local len = llcgprs_get().len
+			local delay = bssgp_delay_get()
+
+			-- only handle bssgp, but we also want the IP frame
+			if not pdu then
+				return
+			end
+
+			if tonumber(tostring(delay)) == 65535 then
+				pdus = { next = pdus,
+					 len = len,
+					 expires = -1 }
+			else
+				local off = tonumber(tostring(delay)) / 100.0
+				pdus = { next = pdus,
+					 len = len,
+					 expires = pinfo.rel_ts + off }
+			end
+			local now_time = tonumber(tostring(pinfo.rel_ts))
+			local now_size = 0
+			local l = pdus
+			local prev = nil
+			local count = 0
+			while l do
+				if now_time < l.expires or l.expires == -1 then
+					now_size = now_size + l.len
+					prev = l
+					l = l.next
+					count = count + 1
+				else
+					-- delete things
+					if prev == nil then
+						pdus = nil
+						l = nil
+					else
+						prev.next = l.next
+						l = l.next
+					end
+				end
+			end
+--			print("TOTAL: " .. now_time .. " PDU_SIZE: " .. now_size)
+			print(now_time .. " " .. now_size / 1024.0 .. " " .. count)
+--			print("NOW: " .. tostring(pinfo.rel_ts) .. " Delay: " .. tostring(delay) .. " Length: " .. tostring(len))
+		end
+
+		function tap.draw()
+			-- well... this will not be called...
+--			for ip,bssgp_histo in pairs(dumpers) do
+--				print("IP " .. ip)
+--			end
+			print("END")
+		end
+
+		function tap.reset()
+			-- well... this will not be called...
+		end
+	end
+
+	init_listener()
+end
diff --git a/contrib/gprs/gprs-split-trace-by-tlli.lua b/contrib/gprs/gprs-split-trace-by-tlli.lua
new file mode 100644
index 000000000..018c377c5
--- /dev/null
+++ b/contrib/gprs/gprs-split-trace-by-tlli.lua
@@ -0,0 +1,46 @@
+-- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only)
+-- Dump files are created for both source and destination hosts
+do
+	local dir = "by_tlli"
+	local dumpers = {}
+	local function init_listener()
+		local udp_port_table = DissectorTable.get("udp.port")
+		local gprs_ns_dis = Dissector.get("gprs_ns")
+		udp_port_table:add(23000,gprs_ns_dis)
+
+		local field_tlli = Field.new("bssgp.tlli")
+		local tap = Listener.new("ip", "udp.port == 23000")
+
+		-- we will be called once for every IP Header.
+		-- If there's more than one IP header in a given packet we'll dump the packet once per every header
+		function tap.packet(pinfo,tvb,ip)
+			local tlli = field_tlli()
+			if not tlli then
+				return
+			end
+
+			local tlli_str = tostring(tlli)
+			tlli_dmp = dumpers[tlli_str]
+			if not tlli_dmp then
+				local tlli_hex = string.format("0x%x", tonumber(tlli_str))
+				print("Creating dump for TLLI " .. tlli_hex)
+				tlli_dmp = Dumper.new_for_current(dir .. "/" .. tlli_hex .. ".pcap")
+				dumpers[tlli_str] = tlli_dmp
+			end
+			tlli_dmp:dump_current()
+			tlli_dmp:flush()
+		end
+		function tap.draw()
+			for tlli,dumper in pairs(dumpers) do
+				 dumper:flush()
+			end
+		end
+		function tap.reset()
+			for tlli,dumper in pairs(dumpers) do
+				 dumper:close()
+			end
+			dumpers = {}
+		end
+	end
+	init_listener()
+end
diff --git a/contrib/gprs/gprs-verify-nu.lua b/contrib/gprs/gprs-verify-nu.lua
new file mode 100644
index 000000000..e44fdd16f
--- /dev/null
+++ b/contrib/gprs/gprs-verify-nu.lua
@@ -0,0 +1,59 @@
+-- This script verifies that the N(U) is increasing...
+--
+do
+	local nu_state_src = {}
+
+	local function init_listener()
+		-- handle the port as NS over IP
+		local udp_port_table = DissectorTable.get("udp.port")
+		local gprs_ns_dis = Dissector.get("gprs_ns")
+		udp_port_table:add(23000,gprs_ns_dis)
+
+		-- we want to look here...
+		local llc_sapi_get = Field.new("llcgprs.sapib")
+		local llc_nu_get = Field.new("llcgprs.nu")
+		local bssgp_tlli_get = Field.new("bssgp.tlli")
+
+		local tap = Listener.new("ip", "udp.port == 23000")
+		function tap.packet(pinfo,tvb,ip)
+			local llc_sapi = llc_sapi_get()
+			local llc_nu = llc_nu_get()
+			local bssgp_tlli = bssgp_tlli_get()
+
+			if not llc_sapi or not llc_nu or not bssgp_tlli then
+				return
+			end
+
+			local ip_src = tostring(ip.ip_src)
+			local bssgp_tlli = tostring(bssgp_tlli)
+			local llc_nu = tostring(llc_nu)
+			local llc_sapi = tostring(llc_sapi)
+
+			local src_key = ip_src .. "-" .. bssgp_tlli .. "-" .. llc_sapi
+			local last_nu = nu_state_src[src_key]
+			if not last_nu then
+				-- print("Establishing mapping for " .. src_key)
+				nu_state_src[src_key] = llc_nu
+				return
+			end
+
+			local function tohex(number)
+				return string.format("0x%x", tonumber(number))
+			end
+
+			nu_state_src[src_key] = llc_nu
+			if tonumber(last_nu) + 1 ~= tonumber(llc_nu) then
+				print("JUMP in N(U) on TLLI " .. tohex(bssgp_tlli) .. " and SAPI: " .. llc_sapi .. " src: " .. ip_src)
+				print("\t last: " .. last_nu .. " now: " .. llc_nu)
+			end
+		end
+
+		function tap.draw()
+		end
+
+		function tap.reset()
+		end
+	end
+	init_listener()
+end
+