aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/gprs
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/gprs')
-rwxr-xr-xcontrib/gprs/gb-proxy-unblock-bug.py58
-rw-r--r--contrib/gprs/gprs-bssgp-histogram.lua78
-rw-r--r--contrib/gprs/gprs-buffer-count.lua80
-rw-r--r--contrib/gprs/gprs-split-trace-by-tlli.lua46
-rw-r--r--contrib/gprs/gprs-verify-nu.lua59
5 files changed, 321 insertions, 0 deletions
diff --git a/contrib/gprs/gb-proxy-unblock-bug.py b/contrib/gprs/gb-proxy-unblock-bug.py
new file mode 100755
index 00000000..0cd4b871
--- /dev/null
+++ b/contrib/gprs/gb-proxy-unblock-bug.py
@@ -0,0 +1,58 @@
+#!/usr/bin/env python
+
+"""
+demonstrate a unblock bug on the GB Proxy..
+"""
+
+bts_ns_reset = "\x02\x00\x81\x01\x01\x82\x1f\xe7\x04\x82\x1f\xe7"
+ns_reset_ack = "\x03\x01\x82\x1f\xe7\x04\x82\x1f\xe7"
+
+bts_ns_unblock = "\x06"
+ns_unblock_ack = "\x07"
+
+bts_bvc_reset_0 = "\x00\x00\x00\x00\x22\x04\x82\x00\x00\x07\x81\x03\x3b\x81\x02"
+ns_bvc_reset_0_ack = "\x00\x00\x00\x00\x23\x04\x82\x00\x00"
+
+bts_bvc_reset_8167 = "\x00\x00\x00\x00\x22\x04\x82\x1f\xe7\x07\x81\x08\x08\x88\x72\xf4\x80\x10\x1c\x00\x9c\x40"
+
+
+import socket
+socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+socket.bind(("0.0.0.0", 0))
+socket.setblocking(1)
+
+
+import sys
+port = int(sys.argv[1])
+print "Sending data to port: %d" % port
+
+def send_and_receive(packet):
+ socket.sendto(packet, ("127.0.0.1", port))
+
+ try:
+ data, addr = socket.recvfrom(4096)
+ except socket.error, e:
+ print "ERROR", e
+ import sys
+ sys.exit(0)
+ return data
+
+#send stuff once
+
+to_send = [
+ (bts_ns_reset, ns_reset_ack, "reset ack"),
+ (bts_ns_unblock, ns_unblock_ack, "unblock ack"),
+ (bts_bvc_reset_0, ns_bvc_reset_0_ack, "BVCI=0 reset ack"),
+]
+
+
+for (out, inp, type) in to_send:
+ res = send_and_receive(out)
+ if res != inp:
+ print "Failed to get the %s" % type
+ sys.exit(-1)
+
+import time
+time.sleep(3)
+res = send_and_receive(bts_bvc_reset_8167)
+print "Sent all messages... check wireshark for the last response"
diff --git a/contrib/gprs/gprs-bssgp-histogram.lua b/contrib/gprs/gprs-bssgp-histogram.lua
new file mode 100644
index 00000000..b1ab5df7
--- /dev/null
+++ b/contrib/gprs/gprs-bssgp-histogram.lua
@@ -0,0 +1,78 @@
+-- Simple LUA script to print the size of BSSGP messages over their type...
+
+do
+ local ip_bucket = {}
+
+ local pdu_types = {}
+ pdu_types[ 6] = "PAGING"
+ pdu_types[11] = "SUSPEND"
+ pdu_types[12] = "SUSPEND-ACK"
+ pdu_types[32] = "BVC-BLOCK"
+ pdu_types[33] = "BVC-BLOCK-ACK"
+ pdu_types[34] = "BVC-RESET"
+ pdu_types[35] = "BVC-RESET-ACK"
+ pdu_types[36] = "UNBLOCK"
+ pdu_types[37] = "UNBLOCK-ACK"
+ pdu_types[38] = "FLOW-CONTROL-BVC"
+ pdu_types[39] = "FLOW-CONTROL-BVC-ACK"
+ pdu_types[40] = "FLOW-CONTROL-MS"
+ pdu_types[41] = "FLOW-CONTROL-MS-ACK"
+ pdu_types[44] = "LLC-DISCARDED"
+
+ local function init_listener()
+ -- handle the port as NS over IP
+ local udp_port_table = DissectorTable.get("udp.port")
+ local gprs_ns_dis = Dissector.get("gprs_ns")
+ udp_port_table:add(23000,gprs_ns_dis)
+
+ -- bssgp filters
+ local bssgp_pdu_get = Field.new("bssgp.pdu_type")
+ local udp_length_get = Field.new("udp.length")
+
+ local tap = Listener.new("ip", "udp.port == 23000")
+ function tap.packet(pinfo,tvb,ip)
+ local pdu = bssgp_pdu_get()
+ local len = udp_length_get()
+
+ -- only handle bssgp, but we also want the IP frame
+ if not pdu then
+ return
+ end
+
+ pdu = tostring(pdu)
+ if tonumber(pdu) == 0 or tonumber(pdu) == 1 then
+ return
+ end
+
+ local ip_src = tostring(ip.ip_src)
+ local bssgp_histo = ip_bucket[ip_src]
+ if not bssgp_histo then
+ bssgp_histo = {}
+ ip_bucket[ip_src] = bssgp_histo
+ end
+
+ local key = pdu
+ local bucket = bssgp_histo[key]
+ if not bucket then
+ bucket = {}
+ bssgp_histo[key] = bucket
+ end
+
+ table.insert(bucket, tostring(len))
+ print("IP: " .. ip_src .. " PDU: " .. pdu_types[tonumber(pdu)] .. " Length: " .. tostring(len))
+ end
+
+ function tap.draw()
+ -- well... this will not be called...
+-- for ip,bssgp_histo in pairs(dumpers) do
+-- print("IP " .. ip)
+-- end
+ end
+
+ function tap.reset()
+ -- well... this will not be called...
+ end
+ end
+
+ init_listener()
+end
diff --git a/contrib/gprs/gprs-buffer-count.lua b/contrib/gprs/gprs-buffer-count.lua
new file mode 100644
index 00000000..ca8864ad
--- /dev/null
+++ b/contrib/gprs/gprs-buffer-count.lua
@@ -0,0 +1,80 @@
+-- I count the buffer space needed for LLC PDUs in the worse case and print it
+
+do
+ local function init_listener()
+ -- handle the port as NS over IP
+ local udp_port_table = DissectorTable.get("udp.port")
+ local gprs_ns_dis = Dissector.get("gprs_ns")
+ udp_port_table:add(23000,gprs_ns_dis)
+
+ -- bssgp filters
+ local bssgp_pdu_get = Field.new("bssgp.pdu_type")
+ local bssgp_delay_get = Field.new("bssgp.delay_val")
+ local llcgprs_get = Field.new("llcgprs")
+ local pdus = nil
+
+ print("START...")
+
+ local tap = Listener.new("ip", "udp.port == 23000 && bssgp.pdu_type == 0")
+ function tap.packet(pinfo,tvb,ip)
+ local pdu = bssgp_pdu_get()
+ local len = llcgprs_get().len
+ local delay = bssgp_delay_get()
+
+ -- only handle bssgp, but we also want the IP frame
+ if not pdu then
+ return
+ end
+
+ if tonumber(tostring(delay)) == 65535 then
+ pdus = { next = pdus,
+ len = len,
+ expires = -1 }
+ else
+ local off = tonumber(tostring(delay)) / 100.0
+ pdus = { next = pdus,
+ len = len,
+ expires = pinfo.rel_ts + off }
+ end
+ local now_time = tonumber(tostring(pinfo.rel_ts))
+ local now_size = 0
+ local l = pdus
+ local prev = nil
+ local count = 0
+ while l do
+ if now_time < l.expires or l.expires == -1 then
+ now_size = now_size + l.len
+ prev = l
+ l = l.next
+ count = count + 1
+ else
+ -- delete things
+ if prev == nil then
+ pdus = nil
+ l = nil
+ else
+ prev.next = l.next
+ l = l.next
+ end
+ end
+ end
+-- print("TOTAL: " .. now_time .. " PDU_SIZE: " .. now_size)
+ print(now_time .. " " .. now_size / 1024.0 .. " " .. count)
+-- print("NOW: " .. tostring(pinfo.rel_ts) .. " Delay: " .. tostring(delay) .. " Length: " .. tostring(len))
+ end
+
+ function tap.draw()
+ -- well... this will not be called...
+-- for ip,bssgp_histo in pairs(dumpers) do
+-- print("IP " .. ip)
+-- end
+ print("END")
+ end
+
+ function tap.reset()
+ -- well... this will not be called...
+ end
+ end
+
+ init_listener()
+end
diff --git a/contrib/gprs/gprs-split-trace-by-tlli.lua b/contrib/gprs/gprs-split-trace-by-tlli.lua
new file mode 100644
index 00000000..018c377c
--- /dev/null
+++ b/contrib/gprs/gprs-split-trace-by-tlli.lua
@@ -0,0 +1,46 @@
+-- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only)
+-- Dump files are created for both source and destination hosts
+do
+ local dir = "by_tlli"
+ local dumpers = {}
+ local function init_listener()
+ local udp_port_table = DissectorTable.get("udp.port")
+ local gprs_ns_dis = Dissector.get("gprs_ns")
+ udp_port_table:add(23000,gprs_ns_dis)
+
+ local field_tlli = Field.new("bssgp.tlli")
+ local tap = Listener.new("ip", "udp.port == 23000")
+
+ -- we will be called once for every IP Header.
+ -- If there's more than one IP header in a given packet we'll dump the packet once per every header
+ function tap.packet(pinfo,tvb,ip)
+ local tlli = field_tlli()
+ if not tlli then
+ return
+ end
+
+ local tlli_str = tostring(tlli)
+ tlli_dmp = dumpers[tlli_str]
+ if not tlli_dmp then
+ local tlli_hex = string.format("0x%x", tonumber(tlli_str))
+ print("Creating dump for TLLI " .. tlli_hex)
+ tlli_dmp = Dumper.new_for_current(dir .. "/" .. tlli_hex .. ".pcap")
+ dumpers[tlli_str] = tlli_dmp
+ end
+ tlli_dmp:dump_current()
+ tlli_dmp:flush()
+ end
+ function tap.draw()
+ for tlli,dumper in pairs(dumpers) do
+ dumper:flush()
+ end
+ end
+ function tap.reset()
+ for tlli,dumper in pairs(dumpers) do
+ dumper:close()
+ end
+ dumpers = {}
+ end
+ end
+ init_listener()
+end
diff --git a/contrib/gprs/gprs-verify-nu.lua b/contrib/gprs/gprs-verify-nu.lua
new file mode 100644
index 00000000..e44fdd16
--- /dev/null
+++ b/contrib/gprs/gprs-verify-nu.lua
@@ -0,0 +1,59 @@
+-- This script verifies that the N(U) is increasing...
+--
+do
+ local nu_state_src = {}
+
+ local function init_listener()
+ -- handle the port as NS over IP
+ local udp_port_table = DissectorTable.get("udp.port")
+ local gprs_ns_dis = Dissector.get("gprs_ns")
+ udp_port_table:add(23000,gprs_ns_dis)
+
+ -- we want to look here...
+ local llc_sapi_get = Field.new("llcgprs.sapib")
+ local llc_nu_get = Field.new("llcgprs.nu")
+ local bssgp_tlli_get = Field.new("bssgp.tlli")
+
+ local tap = Listener.new("ip", "udp.port == 23000")
+ function tap.packet(pinfo,tvb,ip)
+ local llc_sapi = llc_sapi_get()
+ local llc_nu = llc_nu_get()
+ local bssgp_tlli = bssgp_tlli_get()
+
+ if not llc_sapi or not llc_nu or not bssgp_tlli then
+ return
+ end
+
+ local ip_src = tostring(ip.ip_src)
+ local bssgp_tlli = tostring(bssgp_tlli)
+ local llc_nu = tostring(llc_nu)
+ local llc_sapi = tostring(llc_sapi)
+
+ local src_key = ip_src .. "-" .. bssgp_tlli .. "-" .. llc_sapi
+ local last_nu = nu_state_src[src_key]
+ if not last_nu then
+ -- print("Establishing mapping for " .. src_key)
+ nu_state_src[src_key] = llc_nu
+ return
+ end
+
+ local function tohex(number)
+ return string.format("0x%x", tonumber(number))
+ end
+
+ nu_state_src[src_key] = llc_nu
+ if tonumber(last_nu) + 1 ~= tonumber(llc_nu) then
+ print("JUMP in N(U) on TLLI " .. tohex(bssgp_tlli) .. " and SAPI: " .. llc_sapi .. " src: " .. ip_src)
+ print("\t last: " .. last_nu .. " now: " .. llc_nu)
+ end
+ end
+
+ function tap.draw()
+ end
+
+ function tap.reset()
+ end
+ end
+ init_listener()
+end
+