This patch introduces support for the DAG ERF type
TYPE_COLOR_MC_HDLC_POS.
The patch also allows appropriate DAG cards (DAG 3.7T, DAG 7.1S) to
optionally produce DLT_MTP2_WITH_PHDR (139) traces when capturing from
channelised HDLC links, as an alternative to DLT_MTP2 (140). When using
the new DLT, the 'DAG channel' is recorded in the pcap record pseudo
header as the 'link_number'.
Basic BPF filtering support for DLT_MTP2_WITH_PHDR is also added.
DLT_MTP2_WITH_PHDR is currently handled by Wireshark (svn?), but not
tcpdump.
This patch was tested with assistance from Florent Drouin.
Regards,
Stephen.
--
-----------------------------------------------------------------------
Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED]
Endace Technology Ltd phone: +64 7 839 0540
Hamilton, New Zealand cell: +64 21 1104378
-----------------------------------------------------------------------
Index: gencode.c
===================================================================
RCS file: /tcpdump/master/libpcap/gencode.c,v
retrieving revision 1.283
diff -u -r1.283 gencode.c
--- gencode.c 14 Jun 2007 20:55:44 -0000 1.283
+++ gencode.c 20 Jun 2007 22:39:00 -0000
@@ -1267,6 +1267,17 @@
off_nl_nosnap = -1;
return;
+ case DLT_MTP2_WITH_PHDR:
+ off_li = 6;
+ off_sio = 7;
+ off_opc = 8;
+ off_dpc = 8;
+ off_sls = 11;
+ off_linktype = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
#ifdef DLT_PFSYNC
case DLT_PFSYNC:
off_linktype = -1;
@@ -7010,14 +7021,16 @@
switch (type) {
case M_FISU:
- if (linktype != DLT_MTP2)
+ if ( (linktype != DLT_MTP2) &&
+ (linktype != DLT_MTP2_WITH_PHDR) )
bpf_error("'fisu' supported only on MTP2");
/* gen_ncmp(offrel, offset, size, mask, jtype, reverse, value) */
b0 = gen_ncmp(OR_PACKET, off_li, BPF_B, 0x3f, BPF_JEQ, 0, 0);
break;
case M_LSSU:
- if (linktype != DLT_MTP2)
+ if ( (linktype != DLT_MTP2) &&
+ (linktype != DLT_MTP2_WITH_PHDR) )
bpf_error("'lssu' supported only on MTP2");
b0 = gen_ncmp(OR_PACKET, off_li, BPF_B, 0x3f, BPF_JGT, 1, 2);
b1 = gen_ncmp(OR_PACKET, off_li, BPF_B, 0x3f, BPF_JGT, 0, 0);
@@ -7025,7 +7038,8 @@
break;
case M_MSU:
- if (linktype != DLT_MTP2)
+ if ( (linktype != DLT_MTP2) &&
+ (linktype != DLT_MTP2_WITH_PHDR) )
bpf_error("'msu' supported only on MTP2");
b0 = gen_ncmp(OR_PACKET, off_li, BPF_B, 0x3f, BPF_JGT, 0, 2);
break;
Index: pcap-dag.c
===================================================================
RCS file: /tcpdump/master/libpcap/pcap-dag.c,v
retrieving revision 1.28
diff -u -r1.28 pcap-dag.c
--- pcap-dag.c 1 Feb 2007 02:58:39 -0000 1.28
+++ pcap-dag.c 20 Jun 2007 22:39:00 -0000
@@ -49,6 +49,18 @@
#define ATM_CELL_SIZE 52
#define ATM_HDR_SIZE 4
+/*
+ * A header containing additional MTP information.
+ */
+#define MTP2_SENT_OFFSET 0 /* 1 byte */
+#define MTP2_ANNEX_A_USED_OFFSET 1 /* 1 byte */
+#define MTP2_LINK_NUMBER_OFFSET 2 /* 2 bytes */
+#define MTP2_HDR_LEN 4 /* length of the header */
+
+#define MTP2_ANNEX_A_NOT_USED 0
+#define MTP2_ANNEX_A_USED 1
+#define MTP2_ANNEX_A_USED_UNKNOWN 2
+
/* SunATM pseudo header */
struct sunatm_hdr {
unsigned char flags; /* destination and traffic type */
@@ -78,6 +90,10 @@
#define dag_platform_finddevs pcap_platform_finddevs
#endif /* DAG_ONLY */
+#define MAX_DAG_PACKET 65536
+
+static unsigned char TempPkt[MAX_DAG_PACKET];
+
static int dag_setfilter(pcap_t *p, struct bpf_program *fp);
static int dag_stats(pcap_t *p, struct pcap_stat *ps);
static int dag_set_datalink(pcap_t *p, int dlt);
@@ -340,6 +356,9 @@
caplen = packet_len;
}
break;
+#ifdef TYPE_COLOR_MC_HDLC_POS
+ case TYPE_COLOR_MC_HDLC_POS:
+#endif
#ifdef TYPE_MC_HDLC
case TYPE_MC_HDLC:
packet_len = ntohs(header->wlen);
@@ -348,7 +367,20 @@
if (caplen > packet_len) {
caplen = packet_len;
}
+ /* jump the MC_HDLC_HEADER */
dp += 4;
+ if (p->linktype == DLT_MTP2_WITH_PHDR) {
+ /* Add the MTP2 Pseudo Header */
+ caplen += MTP2_HDR_LEN;
+ packet_len += MTP2_HDR_LEN;
+
+ TempPkt[MTP2_SENT_OFFSET] = 0;
+ TempPkt[MTP2_ANNEX_A_USED_OFFSET] = MTP2_ANNEX_A_USED_UNKNOWN;
+ *(TempPkt+MTP2_LINK_NUMBER_OFFSET) = ((header->rec.mc_hdlc.mc_header>>16)&0x01);
+ *(TempPkt+MTP2_LINK_NUMBER_OFFSET+1) = ((header->rec.mc_hdlc.mc_header>>24)&0xff);
+ memcpy(TempPkt+MTP2_HDR_LEN, dp, caplen);
+ dp = TempPkt;
+ }
break;
#endif
default:
@@ -383,6 +415,10 @@
case TYPE_DSM_COLOR_ETH:
break;
#endif
+#ifdef TYPE_COLOR_MC_HDLC_POS
+ case TYPE_COLOR_MC_HDLC_POS:
+ break;
+#endif
default:
if (header->lctr) {
@@ -936,6 +972,9 @@
p->linktype = DLT_ATM_RFC1483;
break;
+#ifdef TYPE_COLOR_MC_HDLC_POS
+ case TYPE_COLOR_MC_HDLC_POS:
+#endif
#ifdef TYPE_MC_HDLC
case TYPE_MC_HDLC:
if (p->dlt_list != NULL) {
@@ -943,6 +982,7 @@
p->dlt_list[index++] = DLT_PPP_SERIAL;
p->dlt_list[index++] = DLT_FRELAY;
p->dlt_list[index++] = DLT_MTP2;
+ p->dlt_list[index++] = DLT_MTP2_WITH_PHDR;
}
if(!p->linktype)
p->linktype = DLT_CHDLC;
Index: pcap.c
===================================================================
RCS file: /tcpdump/master/libpcap/pcap.c,v
retrieving revision 1.105
diff -u -r1.105 pcap.c
--- pcap.c 11 Jun 2007 10:04:25 -0000 1.105
+++ pcap.c 20 Jun 2007 22:39:01 -0000
@@ -388,6 +388,7 @@
DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"),
DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"),
+ DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
DLT_CHOICE_SENTINEL
};
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
