initial network analysis code

master
Sebastian Reichel 2010-12-30 02:10:23 +01:00
parent 433a64b72b
commit 2e702b4bf0
4 changed files with 197 additions and 1 deletions

View File

@ -1,5 +1,5 @@
CFLAGS+=-I/usr/include/wireshark -DHAVE_STDARG_H -DHAVE_CONFIG_H -g
OBJECTS:=src/packet-isi.o src/plugin.o src/isi-simauth.o src/isi-gps.o
OBJECTS:=src/packet-isi.o src/plugin.o src/isi-simauth.o src/isi-network.o src/isi-gps.o
PREFIX?=/usr
PLUGINDIR?=lib/wireshark/libwireshark0/plugins

186
src/isi-network.c Normal file
View File

@ -0,0 +1,186 @@
/* isi-network.c
* Dissector for ISI's network resource
* Copyright 2010, Sebastian Reichel <sre@ring0.de>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <glib.h>
#include <epan/prefs.h>
#include <epan/packet.h>
#include "packet-isi.h"
#include "isi-network.h"
static const value_string isi_network_id[] = {
{0x07, "NET_SET_REQ"},
{0x08, "NET_SET_RESP"},
{0x0B, "NET_RSSI_GET_REQ"},
{0x0C, "NET_RSSI_GET_RESP"},
{0x1E, "NET_RSSI_IND"},
{0x35, "NET_RAT_IND"},
{0x36, "NET_RAT_REQ"},
{0x37, "NET_RAT_RESP"},
{0xE0, "NET_REG_STATUS_GET_REQ"},
{0xE1, "NET_REG_STATUS_GET_RESP"},
{0xE2, "NET_REG_STATUS_IND"},
{0xE3, "NET_AVAILABLE_GET_REQ"},
{0xE4, "NET_AVAILABLE_GET_RESP"},
{0xE5, "NET_OPER_NAME_READ_REQ"},
{0xE6, "NET_OPER_NAME_READ_RESP"},
{0xF0, "NET_COMMON_MESSAGE"},
{0x00, NULL }
};
static const value_string isi_network_status_sub_id[] = {
{0x00, "NET_REG_INFO_COMMON"},
{0x02, "NET_OPERATOR_INFO_COMMON"},
{0x04, "NET_RSSI_CURRENT"},
{0x09, "NET_GSM_REG_INFO"},
{0x0B, "NET_DETAILED_NETWORK_INFO"},
{0x0C, "NET_GSM_OPERATOR_INFO"},
{0x11, "NET_GSM_BAND_INFO"},
{0x2C, "NET_RAT_INFO"},
{0xE1, "NET_AVAIL_NETWORK_INFO_COMMON"},
{0xE7, "NET_OPER_NAME_INFO"},
{0x00, NULL }
};
static dissector_handle_t isi_network_handle;
static void dissect_isi_network(tvbuff_t *tvb, packet_info *pinfo, proto_item *tree);
static guint32 hf_isi_network_cmd = -1;
static guint32 hf_isi_network_data_sub_pkgs = -1;
static guint32 hf_isi_network_status_sub_type = -1;
static guint32 hf_isi_network_status_sub_len = -1;
static guint32 hf_isi_network_status_sub_lac = -1;
static guint32 hf_isi_network_status_sub_cid = -1;
static guint32 hf_isi_network_status_sub_msg = -1;
void proto_reg_handoff_isi_network(void) {
static gboolean initialized=FALSE;
if (!initialized) {
isi_network_handle = create_dissector_handle(dissect_isi_network, proto_isi);
dissector_add("isi.resource", 0x0a, isi_network_handle);
}
}
void proto_register_isi_network(void) {
static hf_register_info hf[] = {
{ &hf_isi_network_cmd,
{ "Command", "isi.network.cmd", FT_UINT8, BASE_HEX, isi_network_id, 0x0, "Command", HFILL }},
{ &hf_isi_network_data_sub_pkgs,
{ "Number of Subpackets", "isi.network.pkgs", FT_UINT8, BASE_DEC, NULL, 0x0, "Number of Subpackets", HFILL }},
{ &hf_isi_network_status_sub_type,
{ "Subpacket Type", "isi.network.sub.type", FT_UINT8, BASE_HEX, isi_network_status_sub_id, 0x0, "Subpacket Type", HFILL }},
{ &hf_isi_network_status_sub_len,
{ "Subpacket Length", "isi.network.sub.len", FT_UINT8, BASE_DEC, NULL, 0x0, "Subpacket Length", HFILL }},
{ &hf_isi_network_status_sub_lac,
{ "Location Area Code (LAC)", "isi.network.sub.lac", FT_UINT16, BASE_HEX_DEC, NULL, 0x0, "Location Area Code (LAC)", HFILL }},
{ &hf_isi_network_status_sub_cid,
{ "Cell ID (CID)", "isi.network.sub.cid", FT_UINT32, BASE_HEX_DEC, NULL, 0x0, "Cell ID (CID)", HFILL }},
{ & hf_isi_network_status_sub_msg,
{ "Text", "isi.network.sub.msg", FT_STRING, BASE_NONE, NULL, 0x0, "Text", HFILL }}
};
proto_register_field_array(proto_isi, hf, array_length(hf));
register_dissector("isi.network", dissect_isi_network, proto_isi);
}
/* would be nice if wireshark could handle unicode... */
static void* utf16_to_ascii(char *in, guint16 len) {
char *out = malloc(len+1);
int i;
for(i=0; i<len; i++) {
out[i] = in[(i*2)+1];
}
out[len] = 0x00;
return out;
}
static void dissect_isi_network_status(tvbuff_t *tvb, packet_info *pinfo, proto_item *item, proto_tree *tree) {
guint8 len = tvb->length;
int i;
guint8 pkgcount = tvb_get_guint8(tvb, 0x02);
proto_tree_add_item(tree, hf_isi_network_data_sub_pkgs, tvb, 0x02, 1, FALSE);
size_t offset = 0x03; // subpackets start here
for(i=0; i<pkgcount; i++) {
guint8 sptype = tvb_get_guint8(tvb, offset+0);
guint8 splen = tvb_get_guint8(tvb, offset+1);
proto_item *subitem = proto_tree_add_text(tree, tvb, offset, splen, "Subpacket (%s)", val_to_str(sptype, isi_network_status_sub_id, "unknown: 0x%x"));
proto_tree *subtree = proto_item_add_subtree(subitem, ett_isi_msg);
proto_tree_add_item(subtree, hf_isi_network_status_sub_type, tvb, offset+0, 1, FALSE);
proto_tree_add_item(subtree, hf_isi_network_status_sub_len, tvb, offset+1, 1, FALSE);
offset += 2;
switch(sptype) {
case 0x00: // NET_REG_INFO_COMMON
/* FIXME: TODO */
break;
case 0x09: // NET_GSM_REG_INFO
proto_tree_add_item(subtree, hf_isi_network_status_sub_lac, tvb, offset+0, 2, FALSE);
proto_tree_add_item(subtree, hf_isi_network_status_sub_cid, tvb, offset+4, 4, FALSE);
/* FIXME: TODO */
break;
case 0xe3: ; // UNKNOWN
/* FIXME: TODO, byte 0-2: ???, encoding is UTF-16 */
guint16 strlen = tvb_get_ntohs(tvb, offset+2);
/* TODO: output string length */
char *utf16 = tvb_memdup(tvb, offset+4, strlen*2);
char *ascii = utf16_to_ascii(utf16, strlen);
proto_item *subitem = proto_tree_add_string(subtree, hf_isi_network_status_sub_msg, tvb, offset+4, strlen*2, ascii);
break;
default:
break;
}
offset += splen - 2;
}
}
static void dissect_isi_network(tvbuff_t *tvb, packet_info *pinfo, proto_item *isitree) {
proto_item *item = NULL;
proto_tree *tree = NULL;
guint8 cmd, code;
if(isitree) {
item = proto_tree_add_text(isitree, tvb, 0, -1, "Payload");
tree = proto_item_add_subtree(item, ett_isi_msg);
proto_tree_add_item(tree, hf_isi_network_cmd, tvb, 0, 1, FALSE);
cmd = tvb_get_guint8(tvb, 0);
switch(cmd) {
case 0xE2:
col_set_str(pinfo->cinfo, COL_INFO, "Network Status Indication");
dissect_isi_network_status(tvb, pinfo, item, tree);
break;
default:
col_set_str(pinfo->cinfo, COL_INFO, "unknown Network packet");
break;
}
}
}

7
src/isi-network.h Normal file
View File

@ -0,0 +1,7 @@
#ifndef _ISI_SIMAUTH_H
#define _ISI_SIMAUTH_H
void proto_reg_handoff_isi_network(void);
void proto_register_isi_network(void);
#endif

View File

@ -24,6 +24,7 @@
#include <epan/packet.h>
#include "packet-isi.h"
#include "isi-network.h"
#include "isi-simauth.h"
#include "isi-gps.h"
@ -86,6 +87,7 @@ void proto_reg_handoff_isi(void) {
/* handoff resource dissectors */
proto_reg_handoff_isi_sim_auth();
proto_reg_handoff_isi_network();
proto_reg_handoff_isi_gps();
}
}
@ -137,6 +139,7 @@ void proto_register_isi(void) {
/* register resource dissectors */
proto_register_isi_sim_auth();
proto_register_isi_network();
proto_register_isi_gps();
}