From 197ceddab109a59288f0b0d868df2f5e6adb4da2 Mon Sep 17 00:00:00 2001 From: Lars Roland Date: Tue, 1 Feb 2005 12:12:35 +0000 Subject: From Alejandro Vaquero: h323 taps support up to 5 messages per packet now. VoIP call analysis: - Collect ISUP, SIP and H323 calls from a capture and show them in window with the following info: - Start and Stop time of the call - Init svn path=/trunk/; revision=13225 --- epan/dissectors/packet-h225.c | 148 +++++++++++---- epan/dissectors/packet-h225.h | 24 ++- epan/dissectors/packet-h245.c | 133 +++++++++++-- epan/dissectors/packet-h245.h | 6 +- epan/dissectors/packet-isup.c | 15 +- epan/dissectors/packet-isup.h | 3 + epan/dissectors/packet-q931.c | 421 ++++++++++++++++++++++++------------------ epan/dissectors/packet-q931.h | 14 +- epan/dissectors/packet-rtp.c | 32 ++++ epan/dissectors/packet-sdp.c | 17 ++ epan/dissectors/packet-sip.c | 23 ++- epan/dissectors/packet-sip.h | 6 + epan/libethereal.def | 2 + 13 files changed, 587 insertions(+), 257 deletions(-) (limited to 'epan') diff --git a/epan/dissectors/packet-h225.c b/epan/dissectors/packet-h225.c index 40acff090b..bd09350bcc 100644 --- a/epan/dissectors/packet-h225.c +++ b/epan/dissectors/packet-h225.c @@ -1,6 +1,6 @@ /* Do not modify this file. */ /* It is created automatically by the ASN.1 to Ethereal dissector compiler */ -/* .\packet-h225.c */ +/* ./packet-h225.c */ /* ../../tools/asn2eth.py -X -e -p h225 -c h225.cnf -s packet-h225-template h225.asn */ /* Input file: packet-h225-template.c */ @@ -74,7 +74,9 @@ static void reset_h225_packet_info(h225_packet_info *pi); static void ras_call_matching(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, h225_packet_info *pi); static int dissect_h225_H323UserInformation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); -static h225_packet_info h225_pi; +static h225_packet_info pi_arr[5]; /* We assuming a maximum of 5 H225 messaages per packet */ +static int pi_current=0; +h225_packet_info *h225_pi=NULL; static dissector_handle_t h225ras_handle; static dissector_handle_t H323UserInformation_handle; @@ -129,7 +131,7 @@ static int hf_h225_notify = -1; /* Notify_UUIE */ static int hf_h225_nonStandardData = -1; /* NonStandardParameter */ static int hf_h225_h4501SupplementaryService = -1; /* T_h4501SupplementaryService */ static int hf_h225_h4501SupplementaryService_item = -1; /* T_h4501SupplementaryService_item */ -static int hf_h225_h245Tunneling = -1; /* BOOLEAN */ +static int hf_h225_h245Tunneling = -1; /* T_h245Tunneling */ static int hf_h225_h245Control = -1; /* H245Control */ static int hf_h225_nonStandardControl = -1; /* SEQUENCE_OF_NonStandardParameter */ static int hf_h225_nonStandardControl_item = -1; /* NonStandardParameter */ @@ -1345,6 +1347,7 @@ dissect_h225_NULL(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree proto_item_append_text(ti_tmp, ": NULL"); } + if (h225_pi->cs_type == H225_OTHER) h225_pi->cs_type = H225_EMPTY; return offset; } static int dissect_empty_flg(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -2209,9 +2212,9 @@ dissect_h225_H245TransportAddress(tvbuff_t *tvb, int offset, packet_info *pinfo NULL); /* we need this info for TAPing */ - h225_pi.is_h245 = TRUE; - h225_pi.h245_address = ipv4_address; - h225_pi.h245_port = ipv4_port; + h225_pi->is_h245 = TRUE; + h225_pi->h245_address = ipv4_address; + h225_pi->h245_port = ipv4_port; if((!pinfo->fd->flags.visited) && ipv4_address!=0 && ipv4_port!=0 && h245_handle){ address src_addr; @@ -3506,9 +3509,6 @@ dissect_h225_BOOLEAN(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tr return offset; } -static int dissect_h245Tunneling(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { - return dissect_h225_BOOLEAN(tvb, offset, pinfo, tree, hf_h225_h245Tunneling); -} static int dissect_multipleCalls(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { return dissect_h225_BOOLEAN(tvb, offset, pinfo, tree, hf_h225_multipleCalls); } @@ -4002,7 +4002,7 @@ dissect_h225_T_guid(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tre guint32 guid_offset,guid_len; offset = dissect_per_octet_string(tvb,offset,pinfo,tree,hf_index,16,16,&guid_offset,&guid_len); - tvb_memcpy(tvb,h225_pi.guid,guid_offset,guid_len); + tvb_memcpy(tvb,h225_pi->guid,guid_offset,guid_len); return offset; } @@ -4242,14 +4242,19 @@ static int dissect_h225_FastStart_item(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) { guint32 newoffset; guint32 length; + char codec_str[50]; offset=dissect_per_length_determinant(tvb, offset, pinfo, tree, hf_h225_fastStart_item_length, &length); newoffset=offset + (length<<3); /* please note that offset is in bits in PER dissectors, but the item length is in octets */ - offset=dissect_h245_OpenLogicalChannel(tvb,offset, pinfo, tree, hf_index); + offset=dissect_h245_OpenLogicalChannelCodec(tvb,offset, pinfo, tree, hf_index, codec_str); + + /* Add to packet info */ + g_snprintf(h225_pi->frame_label, 50, "%s %s", h225_pi->frame_label, codec_str); + contains_faststart = TRUE; - h225_pi.is_faststart = TRUE; + h225_pi->is_faststart = TRUE; return newoffset; @@ -5337,7 +5342,12 @@ dissect_h225_Setup_UUIE(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto offset = dissect_per_sequence(tvb, offset, pinfo, tree, hf_index, ett_h225_Setup_UUIE, Setup_UUIE_sequence); - h225_pi.cs_type = H225_SETUP; + /* Add to packet info */ + h225_pi->cs_type = H225_SETUP; + if (contains_faststart == TRUE ) + g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, ""), h225_pi->frame_label); + else + g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "")); return offset; } static int dissect_setup(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -5384,7 +5394,12 @@ dissect_h225_CallProceeding_UUIE(tvbuff_t *tvb, int offset, packet_info *pinfo _ offset = dissect_per_sequence(tvb, offset, pinfo, tree, hf_index, ett_h225_CallProceeding_UUIE, CallProceeding_UUIE_sequence); - h225_pi.cs_type = H225_CALL_PROCEDING; + /* Add to packet info */ + h225_pi->cs_type = H225_CALL_PROCEDING; + if (contains_faststart == TRUE ) + g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, ""), h225_pi->frame_label); + else + g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "")); return offset; } static int dissect_callProceeding(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -5431,7 +5446,12 @@ dissect_h225_Connect_UUIE(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, pro offset = dissect_per_sequence(tvb, offset, pinfo, tree, hf_index, ett_h225_Connect_UUIE, Connect_UUIE_sequence); - h225_pi.cs_type = H225_CONNECT; + /* Add to packet info */ + h225_pi->cs_type = H225_CONNECT; + if (contains_faststart == TRUE ) + g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, ""), h225_pi->frame_label); + else + g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "")); return offset; } static int dissect_connect(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -5464,7 +5484,12 @@ dissect_h225_Alerting_UUIE(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, pr offset = dissect_per_sequence(tvb, offset, pinfo, tree, hf_index, ett_h225_Alerting_UUIE, Alerting_UUIE_sequence); - h225_pi.cs_type = H225_ALERTING; + /* Add to packet info */ + h225_pi->cs_type = H225_ALERTING; + if (contains_faststart == TRUE ) + g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, ""), h225_pi->frame_label); + else + g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "")); return offset; } static int dissect_alerting(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -5487,6 +5512,9 @@ dissect_h225_Information_UUIE(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, offset = dissect_per_sequence(tvb, offset, pinfo, tree, hf_index, ett_h225_Information_UUIE, Information_UUIE_sequence); + /* Add to packet info */ + h225_pi->cs_type = H225_INFORMATION; + g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "")); return offset; } static int dissect_information(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -5618,7 +5646,7 @@ dissect_h225_ReleaseCompleteReason(tvbuff_t *tvb, int offset, packet_info *pinfo offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_ReleaseCompleteReason, ReleaseCompleteReason_choice, "ReleaseCompleteReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; } @@ -5646,7 +5674,9 @@ dissect_h225_ReleaseComplete_UUIE(tvbuff_t *tvb, int offset, packet_info *pinfo offset = dissect_per_sequence(tvb, offset, pinfo, tree, hf_index, ett_h225_ReleaseComplete_UUIE, ReleaseComplete_UUIE_sequence); - h225_pi.cs_type = H225_RELEASE_COMPLET; + /* Add to packet info */ + h225_pi->cs_type = H225_RELEASE_COMPLET; + g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "")); return offset; } static int dissect_releaseComplete(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -5691,7 +5721,7 @@ dissect_h225_FacilityReason(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, p offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_FacilityReason, FacilityReason_choice, "FacilityReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; @@ -5760,6 +5790,9 @@ dissect_h225_Facility_UUIE(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, pr offset = dissect_per_sequence(tvb, offset, pinfo, tree, hf_index, ett_h225_Facility_UUIE, Facility_UUIE_sequence); + /* Add to packet info */ + h225_pi->cs_type = H225_FACILITY; + g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "")); return offset; } static int dissect_facility(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -5786,6 +5819,12 @@ dissect_h225_Progress_UUIE(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, pr offset = dissect_per_sequence(tvb, offset, pinfo, tree, hf_index, ett_h225_Progress_UUIE, Progress_UUIE_sequence); + /* Add to packet info */ + h225_pi->cs_type = H225_PROGRESS; + if (contains_faststart == TRUE ) + g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, ""), h225_pi->frame_label); + else + g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "")); return offset; } static int dissect_progress(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -5805,6 +5844,9 @@ dissect_h225_Status_UUIE(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, prot offset = dissect_per_sequence(tvb, offset, pinfo, tree, hf_index, ett_h225_Status_UUIE, Status_UUIE_sequence); + /* Add to packet info */ + h225_pi->cs_type = H225_STATUS; + g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "")); return offset; } static int dissect_status(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -5917,9 +5959,9 @@ dissect_h225_T_h323_message_body(tvbuff_t *tvb, int offset, packet_info *pinfo _ val_to_str(message_body_val, T_h323_message_body_vals, "")); } - if (h225_pi.msg_type == H225_CS) { + if (h225_pi->msg_type == H225_CS) { /* Don't override msg_tag value from IRR */ - h225_pi.msg_tag = message_body_val; + h225_pi->msg_tag = message_body_val; } if (contains_faststart == TRUE ) @@ -5973,6 +6015,17 @@ static int dissect_h4501SupplementaryService(tvbuff_t *tvb, int offset, packet_i } +static int +dissect_h225_T_h245Tunneling(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) { + offset=dissect_per_boolean(tvb, offset, pinfo, tree, hf_h225_h245Tunneling, &(h225_pi->is_h245Tunneling), NULL); + + return offset; +} +static int dissect_h245Tunneling(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { + return dissect_h225_T_h245Tunneling(tvb, offset, pinfo, tree, hf_h225_h245Tunneling); +} + + static int dissect_h225_H245Control_item(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) { @@ -6428,7 +6481,7 @@ static int dissect_securityError(tvbuff_t *tvb, int offset, packet_info *pinfo, static int dissect_h225_RequestSeqNum(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) { offset = dissect_per_constrained_integer(tvb, offset, pinfo, tree, hf_index, - 1U, 65535U, &(h225_pi.requestSeqNum), NULL, FALSE); + 1U, 65535U, &(h225_pi->requestSeqNum), NULL, FALSE); return offset; @@ -7055,7 +7108,7 @@ dissect_h225_GatekeeperRejectReason(tvbuff_t *tvb, int offset, packet_info *pinf offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_GatekeeperRejectReason, GatekeeperRejectReason_choice, "GatekeeperRejectReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; @@ -7328,7 +7381,7 @@ dissect_h225_RegistrationRejectReason(tvbuff_t *tvb, int offset, packet_info *pi offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_RegistrationRejectReason, RegistrationRejectReason_choice, "RegistrationRejectReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; } @@ -7390,7 +7443,7 @@ dissect_h225_UnregRequestReason(tvbuff_t *tvb, int offset, packet_info *pinfo _U offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_UnregRequestReason, UnregRequestReason_choice, "UnregRequestReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; @@ -7478,7 +7531,7 @@ dissect_h225_UnregRejectReason(tvbuff_t *tvb, int offset, packet_info *pinfo _U_ offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_UnregRejectReason, UnregRejectReason_choice, "UnregRejectReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; } @@ -7784,7 +7837,7 @@ dissect_h225_AdmissionRejectReason(tvbuff_t *tvb, int offset, packet_info *pinfo offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_AdmissionRejectReason, AdmissionRejectReason_choice, "AdmissionRejectReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; } @@ -7917,7 +7970,7 @@ dissect_h225_BandRejectReason(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_BandRejectReason, BandRejectReason_choice, "BandRejectReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; } @@ -7971,7 +8024,7 @@ dissect_h225_DisengageReason(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_DisengageReason, DisengageReason_choice, "DisengageReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; } @@ -8061,7 +8114,7 @@ dissect_h225_DisengageRejectReason(tvbuff_t *tvb, int offset, packet_info *pinfo offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_DisengageRejectReason, DisengageRejectReason_choice, "DisengageRejectReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; } @@ -8212,7 +8265,7 @@ dissect_h225_LocationRejectReason(tvbuff_t *tvb, int offset, packet_info *pinfo offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_LocationRejectReason, LocationRejectReason_choice, "LocationRejectReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; } @@ -8605,7 +8658,7 @@ dissect_h225_InfoRequestNakReason(tvbuff_t *tvb, int offset, packet_info *pinfo offset = dissect_per_choice(tvb, offset, pinfo, tree, hf_index, ett_h225_InfoRequestNakReason, InfoRequestNakReason_choice, "InfoRequestNakReason", &value); - h225_pi.reason = value; + h225_pi->reason = value; return offset; } @@ -8832,7 +8885,7 @@ dissect_h225_RasMessage(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto val_to_str(rasmessage_value, RasMessage_vals, "")); } - h225_pi.msg_tag = rasmessage_value; + h225_pi->msg_tag = rasmessage_value; return offset; } @@ -8849,9 +8902,15 @@ dissect_h225_H323UserInformation(tvbuff_t *tvb, packet_info *pinfo, proto_tree * proto_tree *tr; int offset = 0; + pi_current++; + if(pi_current==5){ + pi_current=0; + } + h225_pi=&pi_arr[pi_current]; + /* Init struct for collecting h225_packet_info */ - reset_h225_packet_info(&(h225_pi)); - h225_pi.msg_type = H225_CS; + reset_h225_packet_info(h225_pi); + h225_pi->msg_type = H225_CS; if (check_col(pinfo->cinfo, COL_PROTOCOL)){ col_set_str(pinfo->cinfo, COL_PROTOCOL, "H.225.0"); @@ -8865,7 +8924,7 @@ dissect_h225_H323UserInformation(tvbuff_t *tvb, packet_info *pinfo, proto_tree * offset = dissect_h225_H323_UserInformation(tvb, offset,pinfo, tr, hf_h225_H323_UserInformation); - tap_queue_packet(h225_tap, pinfo, &h225_pi); + tap_queue_packet(h225_tap, pinfo, h225_pi); return offset; } @@ -8875,9 +8934,15 @@ dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree proto_tree *tr; guint32 offset=0; + pi_current++; + if(pi_current==5){ + pi_current=0; + } + h225_pi=&pi_arr[pi_current]; + /* Init struct for collecting h225_packet_info */ - reset_h225_packet_info(&(h225_pi)); - h225_pi.msg_type = H225_RAS; + reset_h225_packet_info(h225_pi); + h225_pi->msg_type = H225_RAS; if (check_col(pinfo->cinfo, COL_PROTOCOL)){ col_set_str(pinfo->cinfo, COL_PROTOCOL, "H.225.0"); @@ -8888,12 +8953,13 @@ dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree offset = dissect_h225_RasMessage(tvb, 0, pinfo,tr, hf_h225_RasMessage ); - ras_call_matching(tvb, pinfo, tr, &(h225_pi)); + ras_call_matching(tvb, pinfo, tr, h225_pi); - tap_queue_packet(h225_tap, pinfo, &h225_pi); + tap_queue_packet(h225_tap, pinfo, h225_pi); return offset; } + /*--- proto_register_h225 -------------------------------------------*/ void proto_register_h225(void) { @@ -12231,8 +12297,10 @@ static void reset_h225_packet_info(h225_packet_info *pi) pi->request_available = FALSE; pi->is_faststart = FALSE; pi->is_h245 = FALSE; + pi->is_h245Tunneling = FALSE; pi->h245_address = 0; pi->h245_port = 0; + pi->frame_label[0] = '\0'; } /* diff --git a/epan/dissectors/packet-h225.h b/epan/dissectors/packet-h225.h index 172618e380..68855914bc 100644 --- a/epan/dissectors/packet-h225.h +++ b/epan/dissectors/packet-h225.h @@ -1,6 +1,6 @@ /* Do not modify this file. */ /* It is created automatically by the ASN.1 to Ethereal dissector compiler */ -/* .\packet-h225.h */ +/* ./packet-h225.h */ /* ../../tools/asn2eth.py -X -e -p h225 -c h225.cnf -s packet-h225-template h225.asn */ /* Input file: packet-h225-template.h */ @@ -40,12 +40,20 @@ typedef enum _h225_msg_type { } h225_msg_type; typedef enum _h225_cs_type { - H225_SETUP, - H225_CALL_PROCEDING, - H225_ALERTING, - H225_CONNECT, - H225_RELEASE_COMPLET, - H225_OTHER + H225_SETUP, + H225_CALL_PROCEDING, + H225_CONNECT, + H225_ALERTING, + H225_INFORMATION, + H225_RELEASE_COMPLET, + H225_FACILITY, + H225_PROGRESS, + H225_EMPTY, + H225_STATUS, + H225_STATUS_INQUIRY, + H225_SETUP_ACK, + H225_NOTIFY, + H225_OTHER } h225_cs_type; typedef struct _h225_packet_info { @@ -61,8 +69,10 @@ typedef struct _h225_packet_info { /* added for h225 conversations analysis */ gboolean is_faststart; /* true, if faststart field is included */ gboolean is_h245; + gboolean is_h245Tunneling; guint32 h245_address; guint16 h245_port; + gchar frame_label[50]; /* the Fram label used by graph_analysis, what is a abreviation of cinfo */ } h225_packet_info; /* diff --git a/epan/dissectors/packet-h245.c b/epan/dissectors/packet-h245.c index a6bbcf3c58..e91ffa26d3 100644 --- a/epan/dissectors/packet-h245.c +++ b/epan/dissectors/packet-h245.c @@ -1,6 +1,6 @@ /* Do not modify this file. */ /* It is created automatically by the ASN.1 to Ethereal dissector compiler */ -/* .\packet-h245.c */ +/* ./packet-h245.c */ /* ../../tools/asn2eth.py -X -e -p h245 -c h245.cnf -s packet-h245-template h245.asn */ /* Input file: packet-h245-template.c */ @@ -77,7 +77,10 @@ static int hf_h245_pdu_type = -1; static int hf_h245Manufacturer = -1; static int h245_tap = -1; static int ett_h245 = -1; -static h245_packet_info h245_pi; +static int h245dg_tap = -1; +static h245_packet_info pi_arr[5]; /* We assuming a maximum of 5 H245 messaages per packet */ +static int pi_current=0; +h245_packet_info *h245_pi=NULL; static gboolean h245_reassembly = TRUE; static gboolean h245_shorttypes = FALSE; @@ -171,6 +174,34 @@ static const value_string h245_CommandMessage_short_vals[] = { { 12, "GC" }, { 0, NULL } }; +static const value_string h245_AudioCapability_short_vals[] = { + { 0, "nonStd" }, + { 1, "g711A" }, + { 2, "g711A56k" }, + { 3, "g711U" }, + { 4, "g711U56k" }, + { 5, "g722-64k" }, + { 6, "g722-56k" }, + { 7, "g722-48k" }, + { 8, "g7231" }, + { 9, "g728" }, + { 10, "g729" }, + { 11, "g729A" }, + { 12, "is11172" }, + { 13, "is13818" }, + { 14, "g729B" }, + { 15, "g729AB" }, + { 16, "g7231C" }, + { 17, "gsmFR" }, + { 18, "gsmHR" }, + { 19, "gsmEFR" }, + { 20, "generic" }, + { 21, "g729Ext" }, + { 22, "vbd" }, + { 23, "audioTelEvent" }, + { 24, "audioTone" }, + { 0, NULL } +}; /* To put the codec type only in COL_INFO when an OLC is read */ @@ -2418,7 +2449,7 @@ dissect_h245_MasterSlaveDetermination(tvbuff_t *tvb, int offset, packet_info *pi ett_h245_MasterSlaveDetermination, MasterSlaveDetermination_sequence); - h245_pi.msg_type = H245_MastSlvDet; + h245_pi->msg_type = H245_MastSlvDet; return offset; } static int dissect_masterSlaveDetermination(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -5460,6 +5491,7 @@ dissect_h245_Application(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, prot &value); codec_type = val_to_str(value, h245_Application_vals, ""); + if (h245_pi != NULL) g_snprintf(h245_pi->frame_label, 50, "%s %s", h245_pi->frame_label, codec_type); return offset; } @@ -7226,6 +7258,8 @@ dissect_h245_VideoCapability(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, &value); codec_type = val_to_str(value, h245_VideoCapability_vals, ""); + if (h245_pi != NULL) g_snprintf(h245_pi->frame_label, 50, "%s %s", h245_pi->frame_label, codec_type); + return offset; } @@ -7595,7 +7629,9 @@ dissect_h245_AudioCapability(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, ett_h245_AudioCapability, AudioCapability_choice, "AudioCapability", &value); - codec_type = val_to_str(value, h245_AudioCapability_vals, ""); + codec_type = val_to_str(value, h245_AudioCapability_short_vals, ""); + if (h245_pi != NULL) g_snprintf(h245_pi->frame_label, 50, "%s %s", h245_pi->frame_label, val_to_str(value, h245_AudioCapability_short_vals, "ukn")); + return offset; } @@ -8187,7 +8223,7 @@ dissect_h245_TerminalCapabilitySet(tvbuff_t *tvb, int offset, packet_info *pinfo ett_h245_TerminalCapabilitySet, TerminalCapabilitySet_sequence); - h245_pi.msg_type = H245_TermCapSet; + h245_pi->msg_type = H245_TermCapSet; return offset; } static int dissect_terminalCapabilitySet(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -10089,7 +10125,7 @@ dissect_h245_OpenLogicalChannel(tvbuff_t *tvb, int offset, packet_info *pinfo _U ett_h245_OpenLogicalChannel, OpenLogicalChannel_sequence); - h245_pi.msg_type = H245_OpenLogChn; + if (h245_pi != NULL) h245_pi->msg_type = H245_OpenLogChn; return offset; } static int dissect_openLogicalChannel(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -10161,7 +10197,7 @@ dissect_h245_CloseLogicalChannel(tvbuff_t *tvb, int offset, packet_info *pinfo _ ett_h245_CloseLogicalChannel, CloseLogicalChannel_sequence); - h245_pi.msg_type = H245_CloseLogChn; + h245_pi->msg_type = H245_CloseLogChn; return offset; } static int dissect_closeLogicalChannel(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -12166,6 +12202,20 @@ dissect_h245_RequestMessage(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, p col_set_fence(pinfo->cinfo,COL_INFO); + /* Add to packet info */ + + /* if it is TCS*/ + if ((codec_type != NULL) && ( value == 2)) + g_snprintf(h245_pi->frame_label, 50, "%s (%s) ",val_to_str(value, h245_RequestMessage_short_vals, "UKN"), h245_pi->frame_label); + else + g_snprintf(h245_pi->frame_label, 50, "%s ", val_to_str(value, h245_RequestMessage_short_vals, "UKN")); + + g_snprintf(h245_pi->comment, 50, "%s %s ", h245_pi->comment, val_to_str(value, h245_RequestMessage_vals, "")); + + /* if it is OLC or RM*/ + if ((codec_type != NULL) && (( value == 3) || ( value == 8))) + g_snprintf(h245_pi->frame_label, 50, "%s (%s) ", h245_pi->frame_label, codec_type); + return offset; } static int dissect_request(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -12208,7 +12258,7 @@ dissect_h245_MasterSlaveDeterminationAck(tvbuff_t *tvb, int offset, packet_info ett_h245_MasterSlaveDeterminationAck, MasterSlaveDeterminationAck_sequence); - h245_pi.msg_type = H245_MastSlvDetAck; + h245_pi->msg_type = H245_MastSlvDetAck; return offset; } static int dissect_masterSlaveDeterminationAck(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -12249,7 +12299,7 @@ dissect_h245_MasterSlaveDeterminationReject(tvbuff_t *tvb, int offset, packet_in ett_h245_MasterSlaveDeterminationReject, MasterSlaveDeterminationReject_sequence); - h245_pi.msg_type = H245_MastSlvDetRjc; + h245_pi->msg_type = H245_MastSlvDetRjc; return offset; } static int dissect_masterSlaveDeterminationReject(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -12267,7 +12317,7 @@ dissect_h245_TerminalCapabilitySetAck(tvbuff_t *tvb, int offset, packet_info *pi ett_h245_TerminalCapabilitySetAck, TerminalCapabilitySetAck_sequence); - h245_pi.msg_type = H245_TermCapSetAck; + h245_pi->msg_type = H245_TermCapSetAck; return offset; } static int dissect_terminalCapabilitySetAck(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -12340,7 +12390,7 @@ dissect_h245_TerminalCapabilitySetReject(tvbuff_t *tvb, int offset, packet_info ett_h245_TerminalCapabilitySetReject, TerminalCapabilitySetReject_sequence); - h245_pi.msg_type = H245_TermCapSetRjc; + h245_pi->msg_type = H245_TermCapSetRjc; return offset; } static int dissect_terminalCapabilitySetReject(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -12510,7 +12560,7 @@ dissect_h245_OpenLogicalChannelAck(tvbuff_t *tvb, int offset, packet_info *pinfo ett_h245_OpenLogicalChannelAck, OpenLogicalChannelAck_sequence); - h245_pi.msg_type = H245_OpenLogChnAck; + h245_pi->msg_type = H245_OpenLogChnAck; return offset; } static int dissect_openLogicalChannelAck(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -12578,7 +12628,7 @@ dissect_h245_OpenLogicalChannelReject(tvbuff_t *tvb, int offset, packet_info *pi ett_h245_OpenLogicalChannelReject, OpenLogicalChannelReject_sequence); - h245_pi.msg_type = H245_OpenLogChnRjc; + h245_pi->msg_type = H245_OpenLogChnRjc; return offset; } static int dissect_openLogicalChannelReject(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -12596,7 +12646,7 @@ dissect_h245_CloseLogicalChannelAck(tvbuff_t *tvb, int offset, packet_info *pinf ett_h245_CloseLogicalChannelAck, CloseLogicalChannelAck_sequence); - h245_pi.msg_type = H245_CloseLogChnAck; + h245_pi->msg_type = H245_CloseLogChnAck; return offset; } static int dissect_closeLogicalChannelAck(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -13867,6 +13917,10 @@ dissect_h245_ResponseMessage(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, col_set_fence(pinfo->cinfo,COL_INFO); + /* Add to packet info */ + g_snprintf(h245_pi->frame_label, 50, "%s %s ", h245_pi->frame_label, val_to_str(value, h245_ResponseMessage_short_vals, "UKN")); + g_snprintf(h245_pi->comment, 50, "%s %s ", h245_pi->comment, val_to_str(value, h245_ResponseMessage_vals, "")); + return offset; } static int dissect_response(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -15032,6 +15086,10 @@ dissect_h245_CommandMessage(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, p } col_set_fence(pinfo->cinfo,COL_INFO); + /* Add to packet info */ + g_snprintf(h245_pi->frame_label, 50, "%s %s ", h245_pi->frame_label, val_to_str(value, h245_CommandMessage_short_vals, "UKN")); + g_snprintf(h245_pi->comment, 50, "%s %s ", h245_pi->comment, val_to_str(value, h245_CommandMessage_vals, "")); + return offset; } @@ -15076,7 +15134,7 @@ dissect_h245_MasterSlaveDeterminationRelease(tvbuff_t *tvb, int offset, packet_i ett_h245_MasterSlaveDeterminationRelease, MasterSlaveDeterminationRelease_sequence); - h245_pi.msg_type = H245_MastSlvDetRls; + h245_pi->msg_type = H245_MastSlvDetRls; return offset; } static int dissect_masterSlaveDeterminationRelease(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -15093,7 +15151,7 @@ dissect_h245_TerminalCapabilitySetRelease(tvbuff_t *tvb, int offset, packet_info ett_h245_TerminalCapabilitySetRelease, TerminalCapabilitySetRelease_sequence); - h245_pi.msg_type = H245_TermCapSetRls; + h245_pi->msg_type = H245_TermCapSetRls; return offset; } static int dissect_terminalCapabilitySetRelease(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -15111,7 +15169,7 @@ dissect_h245_OpenLogicalChannelConfirm(tvbuff_t *tvb, int offset, packet_info *p ett_h245_OpenLogicalChannelConfirm, OpenLogicalChannelConfirm_sequence); - h245_pi.msg_type = H245_OpenLogChnCnf; + h245_pi->msg_type = H245_OpenLogChnCnf; return offset; } static int dissect_openLogicalChannelConfirm(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) { @@ -16193,6 +16251,9 @@ dissect_h245_IndicationMessage(tvbuff_t *tvb, int offset, packet_info *pinfo _U_ } col_set_fence(pinfo->cinfo,COL_INFO); + /* Add to packet info */ + g_snprintf(h245_pi->frame_label, 50, "%s %s ", h245_pi->frame_label, val_to_str(value, h245_IndicationMessage_short_vals, "UKN")); + g_snprintf(h245_pi->comment, 50, "%s %s ", h245_pi->comment, val_to_str(value, h245_IndicationMessage_vals, "")); return offset; } @@ -16255,12 +16316,18 @@ dissect_h245_Moderfc2733(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, prot void dissect_h245(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) { - reset_h245_packet_info(&(h245_pi)); - h245_pi.msg_type = H245_OTHER; + pi_current++; + if(pi_current==5){ + pi_current=0; + } + h245_pi=&pi_arr[pi_current]; + + reset_h245_packet_info(h245_pi); + h245_pi->msg_type = H245_OTHER; dissect_tpkt_encap(tvb, pinfo, parent_tree, h245_reassembly, MultimediaSystemControlMessage_handle); - tap_queue_packet(h245_tap, pinfo, &h245_pi); + tap_queue_packet(h245_tap, pinfo, h245_pi); } void @@ -16270,6 +16337,14 @@ dissect_h245_h245(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) proto_tree *tr; guint32 offset=0; + pi_current++; + if(pi_current==5){ + pi_current=0; + } + h245_pi=&pi_arr[pi_current]; + + reset_h245_packet_info(h245_pi); + h245_pi->msg_type = H245_OTHER; if (check_col(pinfo->cinfo, COL_PROTOCOL)){ col_set_str(pinfo->cinfo, COL_PROTOCOL, "H.245"); @@ -16278,8 +16353,23 @@ dissect_h245_h245(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) it=proto_tree_add_protocol_format(parent_tree, proto_h245, tvb, 0, tvb_length(tvb), "H.245"); tr=proto_item_add_subtree(it, ett_h245); dissect_h245_MultimediaSystemControlMessage(tvb, offset, pinfo ,tr, hf_h245_pdu_type); + tap_queue_packet(h245dg_tap, pinfo, h245_pi); } +int +dissect_h245_OpenLogicalChannelCodec(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index, char *codec_str) { + offset = dissect_per_sequence(tvb, offset, pinfo, tree, hf_index, + ett_h245_OpenLogicalChannel, OpenLogicalChannel_sequence); + + + if (h245_pi != NULL) h245_pi->msg_type = H245_OpenLogChn; + + if (codec_str){ + g_strlcpy(codec_str, codec_type, 50); + } + + return offset; +} /*--- proto_register_h245 -------------------------------------------*/ void proto_register_h245(void) { @@ -22148,6 +22238,7 @@ void proto_register_h245(void) { nsp_object_dissector_table = register_dissector_table("h245.nsp.object", "H.245 NonStandardParameter (object)", FT_STRING, BASE_NONE); nsp_h221_dissector_table = register_dissector_table("h245.nsp.h221", "H.245 NonStandardParameter (h221)", FT_UINT32, BASE_HEX); h245_tap = register_tap("h245"); + h245dg_tap = register_tap("h245dg"); register_ber_oid_name("0.0.8.239.1.1","itu-t(0) recommendation(0) h(8) h239(239) generic-capabilities(1) h239ControlCapability(1)"); register_ber_oid_name("0.0.8.239.1.2","itu-t(0) recommendation(0) h(8) h239(239) generic-capabilities(1) h239ExtendedVideoCapability(2)"); @@ -22187,5 +22278,7 @@ static void reset_h245_packet_info(h245_packet_info *pi) } pi->msg_type = H245_OTHER; + pi->frame_label[0] = '\0'; + sprintf(pi->comment, "H245 "); } diff --git a/epan/dissectors/packet-h245.h b/epan/dissectors/packet-h245.h index 71822bfedd..2c0d3633a2 100644 --- a/epan/dissectors/packet-h245.h +++ b/epan/dissectors/packet-h245.h @@ -1,6 +1,6 @@ /* Do not modify this file. */ /* It is created automatically by the ASN.1 to Ethereal dissector compiler */ -/* .\packet-h245.h */ +/* ./packet-h245.h */ /* ../../tools/asn2eth.py -X -e -p h245 -c h245.cnf -s packet-h245-template h245.asn */ /* Input file: packet-h245-template.h */ @@ -52,6 +52,8 @@ typedef enum _h245_msg_type { typedef struct _h245_packet_info { h245_msg_type msg_type; /* type of message */ + gchar frame_label[50]; /* the Frame label used by graph_analysis, what is a abreviation of cinfo */ + gchar comment[50]; /* the Frame Comment used by graph_analysis, what is a message desc */ } h245_packet_info; @@ -65,6 +67,8 @@ int dissect_h245_OpenLogicalChannel(tvbuff_t *tvb, int offset, packet_info *pinf /*--- End of included file: packet-h245-exp.h ---*/ +int dissect_h245_OpenLogicalChannelCodec(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index, char *codec_str); + #endif /* PACKET_H245_H */ diff --git a/epan/dissectors/packet-isup.c b/epan/dissectors/packet-isup.c index e89de7fe8b..63880f559b 100644 --- a/epan/dissectors/packet-isup.c +++ b/epan/dissectors/packet-isup.c @@ -1315,6 +1315,10 @@ static gint ett_bat_ase_iwfa = -1; static dissector_handle_t sdp_handle = NULL; static dissector_handle_t q931_ie_handle = NULL; +/* Info for the tap that must be passed between procedures */ +gchar *tap_called_number = NULL; +gchar *tap_calling_number = NULL; + /* ------------------------------------------------------------------ Mapping number to ASCII-character ------------------------------------------------------------------ */ @@ -1461,6 +1465,7 @@ dissect_isup_called_party_number_parameter(tvbuff_t *parameter_tvb, proto_tree * proto_tree_add_string(address_digits_tree, hf_isup_called, parameter_tvb, offset - length, length, called_number); } + tap_called_number = g_strdup(called_number); } /* ------------------------------------------------------------------ Dissector Parameter Subsequent number @@ -2868,8 +2873,8 @@ dissect_isup_calling_party_number_parameter(tvbuff_t *parameter_tvb, proto_tree } else { proto_tree_add_string(address_digits_tree, hf_isup_calling, parameter_tvb, offset - length, length, calling_number); - } + tap_calling_number = g_strdup(calling_number); } /* ------------------------------------------------------------------ Dissector Parameter Original called number @@ -5143,8 +5148,8 @@ dissect_isup_message(tvbuff_t *message_tvb, packet_info *pinfo, proto_tree *isup offset += MESSAGE_TYPE_LENGTH; tap_rec.message_type = message_type; - - tap_queue_packet(isup_tap, pinfo, &tap_rec); + tap_rec.calling_number = NULL; + tap_rec.called_number = NULL; parameter_tvb = tvb_new_subset(message_tvb, offset, -1, -1); @@ -5359,7 +5364,11 @@ dissect_isup_message(tvbuff_t *message_tvb, packet_info *pinfo, proto_tree *isup } else if (message_type !=MESSAGE_TYPE_CHARGE_INFO) proto_tree_add_text(isup_tree, message_tvb, 0, 0, "No optional parameters are possible with this message type"); + /* if there are calling/called number, we'll get them for the tap */ + tap_rec.calling_number=tap_calling_number; + tap_rec.called_number=tap_called_number; + tap_queue_packet(isup_tap, pinfo, &tap_rec); } /* ------------------------------------------------------------------ */ diff --git a/epan/dissectors/packet-isup.h b/epan/dissectors/packet-isup.h index 450b325fcb..edae5fb6c0 100644 --- a/epan/dissectors/packet-isup.h +++ b/epan/dissectors/packet-isup.h @@ -28,6 +28,9 @@ typedef struct _isup_tap_rec_t { guint8 message_type; + /* added for VoIP calls analysis, see gtk/voip_calls.c*/ + gchar *called_number; + gchar *calling_number; } isup_tap_rec_t; diff --git a/epan/dissectors/packet-q931.c b/epan/dissectors/packet-q931.c index 2bcffd08b9..6bb9ba79ed 100644 --- a/epan/dissectors/packet-q931.c +++ b/epan/dissectors/packet-q931.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include "nlpid.h" #include "packet-q931.h" @@ -54,6 +55,12 @@ * http://www.andrews-arnold.co.uk/isdn/q931cause.html * http://www.tulatelecom.ru/staff/german/DSSHelp/MessList/InfEl/InfElList.html */ +static void reset_q931_packet_info(q931_packet_info *pi); +static gboolean have_valid_q931_pi=FALSE; +static q931_packet_info pi_arr[5]; /* We assuming a maximum of 5 q931 messaages per packet */ +static int pi_current=0; +static q931_packet_info *q931_pi=NULL; +static int q931_tap = -1; static int proto_q931 = -1; static int hf_q931_discriminator = -1; @@ -1211,6 +1218,12 @@ dissect_q931_cause_ie(tvbuff_t *tvb, int offset, int len, return; octet = tvb_get_guint8(tvb, offset); cause_value = octet & 0x7F; + + /* add cause value to packet info for use in tap */ + if(have_valid_q931_pi) { + q931_pi->cause_value = cause_value; + } + proto_tree_add_uint(tree, hf_cause_value, tvb, offset, 1, cause_value); proto_tree_add_boolean(tree, hf_q931_extension_ind, tvb, offset, 1, octet); offset += 1; @@ -2112,6 +2125,11 @@ dissect_q931_number_ie(tvbuff_t *tvb, int offset, int len, } } + /* Collect q931_packet_info */ + if ( e164_info.e164_number_type == CALLING_PARTY_NUMBER && have_valid_q931_pi) + q931_pi->calling_number = tvb_get_string(tvb, offset, len); + if ( e164_info.e164_number_type == CALLED_PARTY_NUMBER && have_valid_q931_pi) + q931_pi->called_number = tvb_get_string(tvb, offset, len); } /* @@ -2352,6 +2370,15 @@ dissect_q931_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, fragment_data *fd_head; tvbuff_t *next_tvb = NULL; + pi_current++; + if(pi_current==5){ + pi_current=0; + } + q931_pi=&pi_arr[pi_current]; + /* Init struct for collecting q931_packet_info */ + reset_q931_packet_info(q931_pi); + have_valid_q931_pi=TRUE; + if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, "Q.931"); @@ -2382,7 +2409,11 @@ dissect_q931_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, call_ref[0] &= 0x7F; proto_tree_add_bytes(q931_tree, hf_q931_call_ref, tvb, offset, call_ref_len, call_ref); + } else + { /* info for the tap */ + call_ref[0] &= 0x7F; } + g_memmove(&(q931_pi->crv), call_ref, call_ref_len); offset += call_ref_len; } message_type = tvb_get_guint8(tvb, offset); @@ -2689,196 +2720,202 @@ dissect_q931_IEs(tvbuff_t *tvb, packet_info *pinfo, proto_tree *root_tree, proto_tree_add_text(q931_tree, tvb, offset + 4, tvb_reported_length_remaining(tvb, offset + 4), "Message segment"); info_element_len += tvb_reported_length_remaining(tvb, offset + 4); } - } else if (q931_tree != NULL) { - switch ((codeset << 8) | info_element) { - - case CS0 | Q931_IE_BEARER_CAPABILITY: - case CS0 | Q931_IE_LOW_LAYER_COMPAT: - dissect_q931_bearer_capability_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_CAUSE: - dissect_q931_cause_ie(tvb, - offset + 2, info_element_len, - ie_tree, - hf_q931_cause_value); - break; - - case CS0 | Q931_IE_CALL_STATE: - dissect_q931_call_state_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_CHANNEL_IDENTIFICATION: - dissect_q931_channel_identification_ie( - tvb, offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_PROGRESS_INDICATOR: - dissect_q931_progress_indicator_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_NETWORK_SPECIFIC_FACIL: - case CS0 | Q931_IE_TRANSIT_NETWORK_SEL: - dissect_q931_ns_facilities_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_NOTIFICATION_INDICATOR: - dissect_q931_notification_indicator_ie( - tvb, offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_DISPLAY: - dissect_q931_ia5_ie(tvb, offset + 2, - info_element_len, ie_tree, - "Display information"); - break; - - case CS0 | Q931_IE_DATE_TIME: - dissect_q931_date_time_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_KEYPAD_FACILITY: - dissect_q931_ia5_ie(tvb, offset + 2, - info_element_len, ie_tree, - "Keypad facility"); - break; - - case CS0 | Q931_IE_SIGNAL: - dissect_q931_signal_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_INFORMATION_RATE: - dissect_q931_information_rate_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_E2E_TRANSIT_DELAY: - dissect_q931_e2e_transit_delay_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_TD_SELECTION_AND_INT: - dissect_q931_td_selection_and_int_ie( - tvb, offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_PL_BINARY_PARAMETERS: - dissect_q931_pl_binary_parameters_ie( - tvb, offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_PL_WINDOW_SIZE: - dissect_q931_pl_window_size_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_PACKET_SIZE: - dissect_q931_packet_size_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_CUG: - dissect_q931_cug_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_REVERSE_CHARGE_IND: - dissect_q931_reverse_charge_ind_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_CALLING_PARTY_NUMBER: - e164_info.e164_number_type = CALLING_PARTY_NUMBER; - dissect_q931_number_ie(tvb, - offset + 2, info_element_len, - ie_tree, - hf_q931_calling_party_number, e164_info); - break; - - case CS0 | Q931_IE_CONNECTED_NUMBER_DEFAULT: - dissect_q931_number_ie(tvb, - offset + 2, info_element_len, - ie_tree, - hf_q931_connected_number, e164_info); - break; - - case CS0 | Q931_IE_CALLED_PARTY_NUMBER: - e164_info.e164_number_type = CALLED_PARTY_NUMBER; - dissect_q931_number_ie(tvb, - offset + 2, info_element_len, - ie_tree, - hf_q931_called_party_number, e164_info); - break; - - case CS0 | Q931_IE_REDIRECTING_NUMBER: - dissect_q931_number_ie(tvb, - offset + 2, info_element_len, - ie_tree, - hf_q931_redirecting_number, e164_info); - break; - - case CS0 | Q931_IE_CALLING_PARTY_SUBADDR: - case CS0 | Q931_IE_CALLED_PARTY_SUBADDR: - dissect_q931_party_subaddr_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_RESTART_INDICATOR: - dissect_q931_restart_indicator_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_HIGH_LAYER_COMPAT: - dissect_q931_high_layer_compat_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - case CS0 | Q931_IE_USER_USER: - dissect_q931_user_user_ie(tvb, - offset + 2, info_element_len, - ie_tree); - break; - - default: - proto_tree_add_text(ie_tree, tvb, - offset + 2, info_element_len, - "Data: %s", - bytes_to_str( - tvb_get_ptr(tvb, offset + 2, - info_element_len), - info_element_len)); - break; + } else { + /* we move calling, called number and release cause to not check tree=NULL for the tap used in Voip Calls... */ + switch ((codeset << 8) | info_element){ + case CS0 | Q931_IE_CALLING_PARTY_NUMBER: + e164_info.e164_number_type = CALLING_PARTY_NUMBER; + dissect_q931_number_ie(tvb, + offset + 2, info_element_len, + ie_tree, + hf_q931_calling_party_number, e164_info); + break; + case CS0 | Q931_IE_CALLED_PARTY_NUMBER: + e164_info.e164_number_type = CALLED_PARTY_NUMBER; + dissect_q931_number_ie(tvb, + offset + 2, info_element_len, + ie_tree, + hf_q931_called_party_number, e164_info); + break; + case CS0 | Q931_IE_CAUSE: + dissect_q931_cause_ie(tvb, + offset + 2, info_element_len, + ie_tree, + hf_q931_cause_value); + break; + } + if (q931_tree != NULL) { + switch ((codeset << 8) | info_element) { + + case CS0 | Q931_IE_BEARER_CAPABILITY: + case CS0 | Q931_IE_LOW_LAYER_COMPAT: + dissect_q931_bearer_capability_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_CALL_STATE: + dissect_q931_call_state_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_CHANNEL_IDENTIFICATION: + dissect_q931_channel_identification_ie( + tvb, offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_PROGRESS_INDICATOR: + dissect_q931_progress_indicator_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_NETWORK_SPECIFIC_FACIL: + case CS0 | Q931_IE_TRANSIT_NETWORK_SEL: + dissect_q931_ns_facilities_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_NOTIFICATION_INDICATOR: + dissect_q931_notification_indicator_ie( + tvb, offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_DISPLAY: + dissect_q931_ia5_ie(tvb, offset + 2, + info_element_len, ie_tree, + "Display information"); + break; + + case CS0 | Q931_IE_DATE_TIME: + dissect_q931_date_time_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_KEYPAD_FACILITY: + dissect_q931_ia5_ie(tvb, offset + 2, + info_element_len, ie_tree, + "Keypad facility"); + break; + + case CS0 | Q931_IE_SIGNAL: + dissect_q931_signal_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_INFORMATION_RATE: + dissect_q931_information_rate_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_E2E_TRANSIT_DELAY: + dissect_q931_e2e_transit_delay_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_TD_SELECTION_AND_INT: + dissect_q931_td_selection_and_int_ie( + tvb, offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_PL_BINARY_PARAMETERS: + dissect_q931_pl_binary_parameters_ie( + tvb, offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_PL_WINDOW_SIZE: + dissect_q931_pl_window_size_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_PACKET_SIZE: + dissect_q931_packet_size_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_CUG: + dissect_q931_cug_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_REVERSE_CHARGE_IND: + dissect_q931_reverse_charge_ind_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_CONNECTED_NUMBER_DEFAULT: + dissect_q931_number_ie(tvb, + offset + 2, info_element_len, + ie_tree, + hf_q931_connected_number, e164_info); + break; + + case CS0 | Q931_IE_REDIRECTING_NUMBER: + dissect_q931_number_ie(tvb, + offset + 2, info_element_len, + ie_tree, + hf_q931_redirecting_number, e164_info); + break; + + case CS0 | Q931_IE_CALLING_PARTY_SUBADDR: + case CS0 | Q931_IE_CALLED_PARTY_SUBADDR: + dissect_q931_party_subaddr_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_RESTART_INDICATOR: + dissect_q931_restart_indicator_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_HIGH_LAYER_COMPAT: + dissect_q931_high_layer_compat_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + case CS0 | Q931_IE_USER_USER: + dissect_q931_user_user_ie(tvb, + offset + 2, info_element_len, + ie_tree); + break; + + default: + proto_tree_add_text(ie_tree, tvb, + offset + 2, info_element_len, + "Data: %s", + bytes_to_str( + tvb_get_ptr(tvb, offset + 2, + info_element_len), + info_element_len)); + break; + } } } offset += 1 + 1 + info_element_len; } codeset = locked_codeset; } + if(have_valid_q931_pi) { + tap_queue_packet(q931_tap, pinfo, q931_pi); + } + have_valid_q931_pi=FALSE; } /* @@ -3143,6 +3180,8 @@ proto_register_q931(void) "Reassemble segmented Q.931 messages", "Reassemble segmented Q.931 messages (Q.931 - Annex H)", &q931_reassembly); + /* Register for tapping */ + q931_tap = register_tap("q931"); } void @@ -3166,3 +3205,17 @@ proto_reg_handoff_q931(void) */ heur_dissector_add("tcp", dissect_q931_tpkt, proto_q931); } + +static void reset_q931_packet_info(q931_packet_info *pi) +{ + if(pi == NULL) { + return; + } + + g_free(pi->calling_number); + g_free(pi->called_number); + pi->calling_number = NULL; + pi->called_number = NULL; + pi->cause_value = 0xFF; + pi->crv = -1; +} diff --git a/epan/dissectors/packet-q931.h b/epan/dissectors/packet-q931.h index 8ce65ca368..0f0a12ced2 100644 --- a/epan/dissectors/packet-q931.h +++ b/epan/dissectors/packet-q931.h @@ -44,7 +44,19 @@ extern void dissect_q931_user_user_ie(tvbuff_t *tvb, int offset, int len, extern const value_string q931_cause_location_vals[]; -extern const value_string q931_cause_code_vals[]; +typedef struct _q931_packet_info { + gchar *calling_number; + gchar *called_number; + guint8 cause_value; + gint32 crv; +} q931_packet_info; + +/* + * the following allows TAP code access to the messages + * without having to duplicate it. With MSVC and a + * libethereal.dll, we need a special declaration. + */ +ETH_VAR_IMPORT const value_string q931_cause_code_vals[]; extern const value_string q931_protocol_discriminator_vals[]; diff --git a/epan/dissectors/packet-rtp.c b/epan/dissectors/packet-rtp.c index 80ef73577a..3d12e5ca35 100644 --- a/epan/dissectors/packet-rtp.c +++ b/epan/dissectors/packet-rtp.c @@ -190,6 +190,38 @@ const value_string rtp_payload_type_vals[] = { 0, NULL }, }; +const value_string rtp_payload_type_short_vals[] = +{ + { PT_PCMU, "g711U" }, + { PT_1016, "fs-1016" }, + { PT_G721, "g721" }, + { PT_GSM, "GSM" }, + { PT_G723, "g723" }, + { PT_DVI4_8000, "DVI4 8k" }, + { PT_DVI4_16000, "DVI4 16k" }, + { PT_LPC, "Exp. from Xerox PARC" }, + { PT_PCMA, "g711A" }, + { PT_G722, "g722" }, + { PT_L16_STEREO, "16-bit audio, stereo" }, + { PT_L16_MONO, "16-bit audio, monaural" }, + { PT_QCELP, "Qualcomm" }, + { PT_CN, "CN" }, + { PT_MPA, "MPEG-I/II Audio"}, + { PT_G728, "g728" }, + { PT_DVI4_11025, "DVI4 11k" }, + { PT_DVI4_22050, "DVI4 22k" }, + { PT_G729, "g729" }, + { PT_CN_OLD, "CN(old)" }, + { PT_CELB, "CellB" }, + { PT_JPEG, "JPEG" }, + { PT_NV, "NV" }, + { PT_H261, "h261" }, + { PT_MPV, "MPEG-I/II Video"}, + { PT_MP2T, "MPEG-II streams"}, + { PT_H263, "h263" }, + { 0, NULL }, +}; + /* Set up an RTP conversation */ void rtp_add_address(packet_info *pinfo, address *addr, int port, diff --git a/epan/dissectors/packet-sdp.c b/epan/dissectors/packet-sdp.c index b88719584a..9afa2e6af5 100644 --- a/epan/dissectors/packet-sdp.c +++ b/epan/dissectors/packet-sdp.c @@ -57,6 +57,9 @@ #include #include +#include "tap.h" +#include "packet-sdp.h" + #include "packet-rtp.h" #include "rtp_pt.h" #include "packet-rtcp.h" @@ -68,6 +71,10 @@ static dissector_handle_t rtcp_handle=NULL; static dissector_handle_t t38_handle=NULL; +static void reset_sdp_packet_info(sdp_packet_info *pi); +static int sdp_tap = -1; +static sdp_packet_info *sdp_pi; + static int proto_sdp = -1; /* Top level fields */ @@ -213,6 +220,10 @@ dissect_sdp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) guint32 ipaddr[4]; gint n; + /* Initialise packet info for passing to tap */ + sdp_pi = g_malloc(sizeof(sdp_packet_info)); + sdp_pi->summary_str[0] = '\0'; + /* Initialise RTP channel info */ transport_info.connection_address=NULL; transport_info.connection_type=NULL; @@ -436,6 +447,8 @@ dissect_sdp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proto_tree_add_text(sdp_tree, tvb, offset, datalen, "Data (%d bytes)", datalen); } + /* Report this packet to the tap */ + tap_queue_packet(sdp_tap, pinfo, sdp_pi); } static void @@ -884,6 +897,7 @@ dissect_sdp_media(tvbuff_t *tvb, proto_item *ti, media_format = tvb_get_string(tvb, offset, tokenlen); proto_tree_add_string(sdp_media_tree, hf_media_format, tvb, offset, tokenlen, val_to_str(atol(media_format), rtp_payload_type_vals, "%u")); + g_snprintf(sdp_pi->summary_str, 50, "%s %s", sdp_pi->summary_str, val_to_str(atol(media_format), rtp_payload_type_short_vals, "%u")); g_free(media_format); } else { proto_tree_add_item(sdp_media_tree, hf_media_format, tvb, @@ -1167,6 +1181,9 @@ proto_register_sdp(void) * on Windows without stuffing it into the Big Transfer Vector). */ register_dissector("sdp", dissect_sdp, proto_sdp); + + /* Register for tapping */ + sdp_tap = register_tap("sdp"); } void diff --git a/epan/dissectors/packet-sip.c b/epan/dissectors/packet-sip.c index d373e42189..1bb62b8ca8 100644 --- a/epan/dissectors/packet-sip.c +++ b/epan/dissectors/packet-sip.c @@ -605,12 +605,17 @@ dissect_sip_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, char *media_type_str_lower_case = NULL; char *content_type_parameter_str = NULL; guint resend_for_packet = 0; + char *string; /* Initialise stat info for passing to tap */ stat_info = g_malloc(sizeof(sip_info_value_t)); stat_info->response_code = 0; stat_info->request_method = NULL; + stat_info->reason_phrase = NULL; stat_info->resend = 0; + stat_info->tap_call_id = NULL; + stat_info->tap_from_addr = NULL; + stat_info->tap_to_addr = NULL; /* * Note that "tvb_find_line_end()" will return a value that @@ -660,6 +665,11 @@ dissect_sip_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, col_add_fstr(pinfo->cinfo, COL_INFO, "Status: %s", tvb_format_text(tvb, SIP2_HDR_LEN + 1, linelen - SIP2_HDR_LEN - 1)); } + string = tvb_get_string(tvb, SIP2_HDR_LEN + 5, linelen - (SIP2_HDR_LEN + 5)); + stat_info->reason_phrase = g_malloc(linelen - (SIP2_HDR_LEN + 5) + 1); + strncpy(stat_info->reason_phrase, string, linelen - (SIP2_HDR_LEN + 5) + 1); + /* String no longer needed */ + g_free(string); break; case OTHER_LINE: @@ -843,6 +853,9 @@ dissect_sip_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, parameter_len = parameter_end_offset - parameter_offset; proto_tree_add_item(sip_element_tree, hf_sip_to_addr, tvb, parameter_offset, parameter_len, FALSE); + /*info for the tap for voip_calls.c*/ + stat_info->tap_to_addr=tvb_get_string(tvb, parameter_offset, parameter_len); + parameter_offset = parameter_end_offset + 1; /* * URI parameters ? @@ -875,6 +888,8 @@ dissect_sip_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, parameter_len = parameter_end_offset - parameter_offset; proto_tree_add_item(sip_element_tree, hf_sip_to_addr, tvb, parameter_offset, parameter_len, FALSE); + /*info for the tap for voip_calls.c*/ + stat_info->tap_to_addr=tvb_get_string(tvb, parameter_offset, parameter_len); offset = parameter_end_offset; } /* Find parameter tag if present. @@ -948,6 +963,8 @@ dissect_sip_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, parameter_len = parameter_end_offset - parameter_offset; dfilter_store_sip_from_addr(tvb, sip_element_tree, parameter_offset, parameter_len); + /*info for the tap for voip_calls.c*/ + stat_info->tap_from_addr=tvb_get_string(tvb, parameter_offset, parameter_len); parameter_offset = parameter_end_offset + 1; /* * URI parameters ? @@ -980,6 +997,8 @@ dissect_sip_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, parameter_len = parameter_end_offset - parameter_offset; proto_tree_add_item(sip_element_tree, hf_sip_from_addr, tvb, parameter_offset, parameter_len, FALSE); + /*info for the tap for voip_calls.c*/ + stat_info->tap_from_addr=tvb_get_string(tvb, parameter_offset, parameter_len); offset = parameter_end_offset; } /* Find parameter tag if present. @@ -1008,6 +1027,7 @@ dissect_sip_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* Store the sequence number */ cseq_number = atoi(value); cseq_number_set = 1; + stat_info->tap_cseq_number=cseq_number; /* Extract method name from value */ for (value_offset = 0; value_offset < (gint)strlen(value); value_offset++) @@ -1034,7 +1054,8 @@ dissect_sip_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, strlen(value)+1 < MAX_CALL_ID_SIZE ? strlen(value)+1 : MAX_CALL_ID_SIZE); - + stat_info->tap_call_id = g_strdup(call_id); + /* Add 'Call-id' string item to tree */ if(hdr_tree) { proto_tree_add_string_format(hdr_tree, diff --git a/epan/dissectors/packet-sip.h b/epan/dissectors/packet-sip.h index e8702758e5..dae72fb8b6 100644 --- a/epan/dissectors/packet-sip.h +++ b/epan/dissectors/packet-sip.h @@ -31,6 +31,12 @@ typedef struct _sip_info_value_t gchar *request_method; guint response_code; guchar resend; + /* added for VoIP calls analysis, see gtk/voip_calls.c*/ + gchar *tap_call_id; + gchar *tap_from_addr; + gchar *tap_to_addr; + guint32 tap_cseq_number; + gchar *reason_phrase; } sip_info_value_t; extern void dfilter_store_sip_from_addr(tvbuff_t *tvb,proto_tree *tree,guint parameter_offset, diff --git a/epan/libethereal.def b/epan/libethereal.def index 25fd5495f3..dfe6789839 100644 --- a/epan/libethereal.def +++ b/epan/libethereal.def @@ -430,6 +430,7 @@ proto_tree_children_foreach proto_tree_get_parent p_add_proto_data p_get_proto_data +q931_cause_code_vals DATA range_convert_range range_convert_str range_copy @@ -470,6 +471,7 @@ rpc_roundup rtcp_add_address rtp_add_address rtp_payload_type_vals DATA +rtp_payload_type_short_vals DATA set_actual_length set_timestamp_setting show_fragment_seq_tree -- cgit v1.2.3