epan/dissectors/packet-gsm_ipa.c

   1 /* packet-gsm_ipa.c
   2  * Routines for packet dissection of ip.access GSM A-bis over IP
   3  * Copyright 2009 by Harald Welte <laforge@gnumonks.org>
   4  * Copyright 2009, 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
   5  *
   6  * $Id$
   7  *
   8  * Wireshark - Network traffic analyzer
   9  * By Gerald Combs <gerald@wireshark.org>
  10  * Copyright 1998 Gerald Combs
  11  *
  12  * This program is free software; you can redistribute it and/or
  13  * modify it under the terms of the GNU General Public License
  14  * as published by the Free Software Foundation; either version 2
  15  * of the License, or (at your option) any later version.
  16  *
  17  * This program is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU General Public License
  23  * along with this program; if not, write to the Free Software
  24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  25  */
  26
  27 #ifdef HAVE_CONFIG_H
  28 # include "config.h"
  29 #endif
  30
  31 #include <glib.h>
  32
  33 #include <epan/packet.h>
  34 #include <epan/ipproto.h>
  35 #include <epan/prefs.h>
  36
  37 /*
  38  * Protocol used by ip.access's nanoBTS/nanoGSM GSM picocells:
  39  *
  40  *      http://www.ipaccess.com/en/nanoGSM-picocell
  41  *
  42  * to transport the GSM A-bis interface over TCP and UDP.
  43  *
  44  * See
  45  *
  46  *      http://openbsc.osmocom.org/trac/wiki/nanoBTS
  47  *
  48  * for some information about this protocol determined by reverse-
  49  * engineering.
  50  */
  51
  52 /*
  53  * These ports are also registered for other protocols, as per
  54  *
  55  * http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
  56  *
  57  * exlm-agent     3002
  58  * cgms           3003
  59  * ii-admin       3006
  60  * vrml-multi-use 4200-4299
  61  * commplex-main  5000
  62  *
  63  * But, as that document says:
  64  *
  65  ************************************************************************
  66  * PLEASE NOTE THE FOLLOWING:                                           *
  67  *                                                                      *
  68  * ASSIGNMENT OF A PORT NUMBER DOES NOT IN ANY WAY IMPLY AN             *
  69  * ENDORSEMENT OF AN APPLICATION OR PRODUCT, AND THE FACT THAT NETWORK  *
  70  * TRAFFIC IS FLOWING TO OR FROM A REGISTERED PORT DOES NOT MEAN THAT   *
  71  * IT IS "GOOD" TRAFFIC, NOR THAT IT NECESSARILY CORRESPONDS TO THE     *
  72  * ASSIGNED SERVICE. FIREWALL AND SYSTEM ADMINISTRATORS SHOULD          *
  73  * CHOOSE HOW TO CONFIGURE THEIR SYSTEMS BASED ON THEIR KNOWLEDGE OF    *
  74  * THE TRAFFIC IN QUESTION, NOT WHETHER THERE IS A PORT NUMBER          *
  75  * REGISTERED OR NOT.                                                   *
  76  ************************************************************************
  77  */
  78 #define IPA_TCP_PORTS "3002,3003,3006,4249,4250,5000"
  79 #define IPA_UDP_PORTS "3006"
  80
  81 static dissector_handle_t ipa_handle;
  82 static range_t *global_ipa_tcp_ports = NULL;
  83 static range_t *global_ipa_udp_ports = NULL;
  84 static gboolean global_ipa_in_root = FALSE;
  85 static gboolean global_ipa_in_info = FALSE;
  86
  87 /* Initialize the protocol and registered fields */
  88 static int proto_ipa = -1;
  89 static int proto_ipaccess = -1;
  90
  91 static int hf_ipa_data_len = -1;
  92 static int hf_ipa_protocol = -1;
  93 static int hf_ipa_hsl_debug = -1;
  94 static int hf_ipa_osmo_proto = -1;
  95 static int hf_ipa_osmo_ctrl_data = -1;
  96
  97 static int hf_ipaccess_msgtype = -1;
  98 static int hf_ipaccess_attr_tag = -1;
  99 static int hf_ipaccess_attr_string = -1;
 100
 101 /* Initialize the subtree pointers */
 102 static gint ett_ipa = -1;
 103 static gint ett_ipaccess = -1;
 104
 105 enum {
 106         SUB_OML,
 107         SUB_RSL,
 108         SUB_SCCP,
 109         SUB_MGCP,
 110 /*      SUB_IPACCESS, */
 111         SUB_DATA,
 112
 113         SUB_MAX
 114 };
 115
 116 static dissector_handle_t sub_handles[SUB_MAX];
 117 static dissector_table_t osmo_dissector_table;
 118
 119
 120 #define ABISIP_RSL_MAX  0x20
 121 #define HSL_DEBUG       0xdd
 122 #define OSMO_EXT        0xee
 123 #define IPA_MGCP        0xfc
 124 #define AIP_SCCP        0xfd
 125 #define ABISIP_IPACCESS 0xfe
 126 #define ABISIP_OML      0xff
 127 #define IPAC_PROTO_EXT_CTRL     0x00
 128 #define IPAC_PROTO_EXT_MGCP     0x01
 129
 130 static const value_string ipa_protocol_vals[] = {
 131         { 0x00,         "RSL" },
 132         { 0xdd,         "HSL Debug" },
 133         { 0xee,         "OSMO EXT" },
 134         { 0xfc,         "MGCP (old)" },
 135         { 0xfd,         "SCCP" },
 136         { 0xfe,         "IPA" },
 137         { 0xff,         "OML" },
 138         { 0,            NULL }
 139 };
 140
 141 static const value_string ipaccess_msgtype_vals[] = {
 142         { 0x00,         "PING?" },
 143         { 0x01,         "PONG!" },
 144         { 0x04,         "IDENTITY REQUEST" },
 145         { 0x05,         "IDENTITY RESPONSE" },
 146         { 0x06,         "IDENTITY ACK" },
 147         { 0x07,         "IDENTITY NACK" },
 148         { 0x08,         "PROXY REQUEST" },
 149         { 0x09,         "PROXY ACK" },
 150         { 0x0a,         "PROXY NACK" },
 151         { 0,            NULL }
 152 };
 153
 154 static const value_string ipaccess_idtag_vals[] = {
 155         { 0x00,         "Serial Number" },
 156         { 0x01,         "Unit Name" },
 157         { 0x02,         "Location" },
 158         { 0x03,         "Unit Type" },
 159         { 0x04,         "Equipment Version" },
 160         { 0x05,         "Software Version" },
 161         { 0x06,         "IP Address" },
 162         { 0x07,         "MAC Address" },
 163         { 0x08,         "Unit ID" },
 164         { 0,            NULL }
 165 };
 166
 167 static const value_string ipa_osmo_proto_vals[] = {
 168         { 0x00,         "CTRL" },
 169         { 0x01,         "MGCP" },
 170         { 0x02,         "LAC" },
 171         { 0x03,         "SMSC" },
 172         { 0,            NULL }
 173 };
 174
 175
 176 static gint
 177 dissect_ipa_attr(tvbuff_t *tvb, int base_offs, proto_tree *tree)
 178 {
 179         guint8 len, attr_type;
 180
 181         int offset = base_offs;
 182
 183         while (tvb_reported_length_remaining(tvb, offset) > 0) {
 184                 attr_type = tvb_get_guint8(tvb, offset);
 185
 186                 switch (attr_type) {
 187                 case 0x00:      /* a string prefixed by its length */
 188                         len = tvb_get_guint8(tvb, offset+1);
 189                         proto_tree_add_item(tree, hf_ipaccess_attr_tag,
 190                                             tvb, offset+2, 1, ENC_BIG_ENDIAN);
 191                         proto_tree_add_item(tree, hf_ipaccess_attr_string,
 192                                             tvb, offset+3, len-1, ENC_ASCII|ENC_NA);
 193                         break;
 194                 case 0x01:      /* a single-byte reqest for a certain attr */
 195                         len = 0;
 196                         proto_tree_add_item(tree, hf_ipaccess_attr_tag,
 197                                             tvb, offset+1, 1, ENC_BIG_ENDIAN);
 198                         break;
 199                 default:
 200                         len = 0;
 201                         proto_tree_add_text(tree, tvb, offset+1, 1,
 202                                             "unknown attribute type 0x%02x",
 203                                             attr_type);
 204                         break;
 205                 };
 206                 offset += len + 2;
 207         };
 208         return offset;
 209 }
 210
 211 /* Dissect an ip.access specific message */
 212 static gint
 213 dissect_ipaccess(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 214 {
 215         proto_item *ti;
 216         proto_tree *ipaccess_tree;
 217         guint8 msg_type;
 218
 219         msg_type = tvb_get_guint8(tvb, 0);
 220
 221         col_append_fstr(pinfo->cinfo, COL_INFO, "%s ",
 222                         val_to_str(msg_type, ipaccess_msgtype_vals,
 223                                    "unknown 0x%02x"));
 224         if (tree) {
 225                 ti = proto_tree_add_item(tree, proto_ipaccess, tvb, 0, -1, ENC_NA);
 226                 ipaccess_tree = proto_item_add_subtree(ti, ett_ipaccess);
 227                 proto_tree_add_item(ipaccess_tree, hf_ipaccess_msgtype,
 228                                     tvb, 0, 1, ENC_BIG_ENDIAN);
 229                 switch (msg_type) {
 230                 case 4:
 231                 case 5:
 232                         dissect_ipa_attr(tvb, 1, ipaccess_tree);
 233                         break;
 234                 }
 235         }
 236
 237         return 1;
 238 }
 239
 240 /* Dissect the osmocom extension header */
 241 static gint
 242 dissect_osmo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ipatree, proto_tree *tree)
 243 {
 244         tvbuff_t *next_tvb;
 245         guint8 osmo_proto;
 246
 247         osmo_proto = tvb_get_guint8(tvb, 0);
 248
 249         col_append_fstr(pinfo->cinfo, COL_INFO, "%s ",
 250                         val_to_str(osmo_proto, ipa_osmo_proto_vals,
 251                                    "unknown 0x%02x"));
 252         if (ipatree) {
 253                 proto_tree_add_item(ipatree, hf_ipa_osmo_proto,
 254                                     tvb, 0, 1, ENC_BIG_ENDIAN);
 255         }
 256
 257         next_tvb = tvb_new_subset_remaining(tvb, 1);
 258
 259         /* Call any subdissectors that registered for this protocol */
 260         if (dissector_try_uint(osmo_dissector_table, osmo_proto, next_tvb, pinfo, tree))
 261                 return 1;
 262
 263         /* Fallback to the standard MGCP dissector */
 264         if (osmo_proto == IPAC_PROTO_EXT_MGCP) {
 265                 call_dissector(sub_handles[SUB_MGCP], next_tvb, pinfo, tree);
 266                 return 1;
 267         /* Simply display the CTRL data as text */
 268         } else if (osmo_proto == IPAC_PROTO_EXT_CTRL) {
 269                 if (tree) {
 270                         proto_tree_add_item(tree, hf_ipa_osmo_ctrl_data, next_tvb, 0, -1, ENC_ASCII|ENC_NA);
 271                 }
 272                 return 1;
 273         }
 274
 275         call_dissector(sub_handles[SUB_DATA], next_tvb, pinfo, tree);
 276
 277         return 1;
 278 }
 279
 280
 281
 282 /* Code to actually dissect the packets */
 283 static void
 284 dissect_ipa(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 285 {
 286         gint remaining;
 287         gint header_length = 3;
 288         int offset = 0;
 289
 290         col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPA");
 291         col_clear(pinfo->cinfo, COL_INFO);
 292
 293         while ((remaining = tvb_reported_length_remaining(tvb, offset)) > 0) {
 294                 proto_item *ti;
 295                 proto_tree *ipa_tree = NULL;
 296                 guint16 len, msg_type;
 297                 tvbuff_t *next_tvb;
 298
 299                 len = tvb_get_ntohs(tvb, offset);
 300                 msg_type = tvb_get_guint8(tvb, offset+2);
 301
 302                 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ",
 303                                 val_to_str(msg_type, ipa_protocol_vals,
 304                                            "unknown 0x%02x"));
 305
 306                 /*
 307                  * The IPA header is different depending on the transport protocol.
 308                  * With UDP there seems to be a fourth byte for the IPA header.
 309                  * We attempt to detect this by checking if the length from the
 310                  * header + four bytes of the IPA header equals the remaining size.
 311                  */
 312                 if ((pinfo->ipproto == IP_PROTO_UDP) && (len + 4 == remaining)) {
 313                         header_length++;
 314                 }
 315
 316                 if (tree) {
 317                         ti = proto_tree_add_protocol_format(tree, proto_ipa,
 318                                         tvb, offset, len+header_length,
 319                                         "IPA protocol ip.access, type: %s",
 320                                         val_to_str(msg_type, ipa_protocol_vals,
 321                                                    "unknown 0x%02x"));
 322                         ipa_tree = proto_item_add_subtree(ti, ett_ipa);
 323                         proto_tree_add_item(ipa_tree, hf_ipa_data_len,
 324                                             tvb, offset, 2, ENC_BIG_ENDIAN);
 325                         proto_tree_add_item(ipa_tree, hf_ipa_protocol,
 326                                             tvb, offset+2, 1, ENC_BIG_ENDIAN);
 327                 }
 328
 329                 next_tvb = tvb_new_subset(tvb, offset+header_length, len, len);
 330
 331                 switch (msg_type) {
 332                 case ABISIP_OML:
 333                         /* hand this off to the standard A-bis OML dissector */
 334                         if (sub_handles[SUB_OML])
 335                                 call_dissector(sub_handles[SUB_OML], next_tvb,
 336                                                  pinfo, tree);
 337                         break;
 338                 case ABISIP_IPACCESS:
 339                         dissect_ipaccess(next_tvb, pinfo, tree);
 340                         break;
 341                 case AIP_SCCP:
 342                         /* hand this off to the standard SCCP dissector */
 343                         call_dissector(sub_handles[SUB_SCCP], next_tvb, pinfo, tree);
 344                         break;
 345                 case IPA_MGCP:
 346                         /* hand this off to the standard MGCP dissector */
 347                         call_dissector(sub_handles[SUB_MGCP], next_tvb, pinfo, tree);
 348                         break;
 349                 case OSMO_EXT:
 350                         dissect_osmo(next_tvb, pinfo, ipa_tree, tree);
 351                         break;
 352                 case HSL_DEBUG:
 353                         if (tree) {
 354                                 proto_tree_add_item(ipa_tree, hf_ipa_hsl_debug,
 355                                                     next_tvb, 0, len, ENC_ASCII|ENC_NA);
 356                                 if (global_ipa_in_root == TRUE)
 357                                         proto_tree_add_item(tree, hf_ipa_hsl_debug,
 358                                                             next_tvb, 0, len, ENC_ASCII|ENC_NA);
 359                         }
 360                         if (global_ipa_in_info == TRUE)
 361                                 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ",
 362                                                 tvb_get_ephemeral_stringz(next_tvb, 0, NULL));
 363                         break;
 364                 default:
 365                         if (msg_type < ABISIP_RSL_MAX) {
 366                                 /* hand this off to the standard A-bis RSL dissector */
 367                                 call_dissector(sub_handles[SUB_RSL], next_tvb, pinfo, tree);
 368                         }
 369                         break;
 370                 }
 371                 offset += len + header_length;
 372         }
 373 }
 374
 375 void proto_reg_handoff_gsm_ipa(void);
 376
 377 void proto_register_ipa(void)
 378 {
 379         module_t *ipa_module;
 380
 381         static hf_register_info hf[] = {
 382                 {&hf_ipa_data_len,
 383                  {"DataLen", "ipa.data_len",
 384                   FT_UINT16, BASE_DEC, NULL, 0x0,
 385                   "The length of the data (in bytes)", HFILL}
 386                  },
 387                 {&hf_ipa_protocol,
 388                  {"Protocol", "ipa.protocol",
 389                   FT_UINT8, BASE_HEX, VALS(ipa_protocol_vals), 0x0,
 390                   "The IPA Sub-Protocol", HFILL}
 391                  },
 392                 {&hf_ipa_hsl_debug,
 393                  {"Debug Message", "ipa.hsl_debug",
 394                   FT_STRING, BASE_NONE, NULL, 0,
 395                   "Hay Systems Limited debug message", HFILL}
 396                 },
 397                 {&hf_ipa_osmo_proto,
 398                  {"Osmo ext protocol", "ipa.osmo.protocol",
 399                   FT_UINT8, BASE_HEX, VALS(ipa_osmo_proto_vals), 0x0,
 400                   "The osmo extension protocol", HFILL}
 401                 },
 402
 403                 {&hf_ipa_osmo_ctrl_data,
 404                  {"CTRL data", "ipa.ctrl.data",
 405                   FT_STRING, BASE_NONE, NULL, 0x0,
 406                   "Control interface data", HFILL}
 407                 },
 408
 409         };
 410         static hf_register_info hf_ipa[] = {
 411                 {&hf_ipaccess_msgtype,
 412                  {"MessageType", "ipaccess.msg_type",
 413                   FT_UINT8, BASE_HEX, VALS(ipaccess_msgtype_vals), 0x0,
 414                   "Type of ip.access messsage", HFILL}
 415                  },
 416                 {&hf_ipaccess_attr_tag,
 417                  {"Tag", "ipaccess.attr_tag",
 418                   FT_UINT8, BASE_HEX, VALS(ipaccess_idtag_vals), 0x0,
 419                   "Attribute Tag", HFILL}
 420                  },
 421                 {&hf_ipaccess_attr_string,
 422                  {"String", "ipaccess.attr_string",
 423                   FT_STRING, BASE_NONE, NULL, 0x0,
 424                   "String attribute", HFILL}
 425                  },
 426         };
 427
 428         static gint *ett[] = {
 429                 &ett_ipa,
 430                 &ett_ipaccess,
 431         };
 432
 433         proto_ipa =
 434             proto_register_protocol("GSM over IP protocol as used by ip.access",
 435                                     "GSM over IP", "gsm_ipa");
 436         proto_ipaccess =
 437             proto_register_protocol("GSM over IP ip.access CCM sub-protocol",
 438                                     "IPA", "ipaccess");
 439
 440         proto_register_field_array(proto_ipa, hf, array_length(hf));
 441         proto_register_field_array(proto_ipaccess, hf_ipa, array_length(hf_ipa));
 442         proto_register_subtree_array(ett, array_length(ett));
 443
 444         register_dissector("gsm_ipa", dissect_ipa, proto_ipa);
 445
 446         /* Register table for subdissectors */
 447         osmo_dissector_table = register_dissector_table("ipa.osmo.protocol",
 448                                         "ip.access Protocol", FT_UINT8, BASE_DEC);
 449
 450
 451         range_convert_str(&global_ipa_tcp_ports, IPA_TCP_PORTS, MAX_TCP_PORT);
 452         range_convert_str(&global_ipa_udp_ports, IPA_UDP_PORTS, MAX_UDP_PORT);
 453         ipa_module = prefs_register_protocol(proto_ipa,
 454                                              proto_reg_handoff_gsm_ipa);
 455
 456         prefs_register_range_preference(ipa_module, "tcp_ports",
 457                                         "GSM IPA TCP Port(s)",
 458                                         "Set the port(s) for ip.access IPA"
 459                                         " (default: " IPA_TCP_PORTS ")",
 460                                         &global_ipa_tcp_ports, MAX_TCP_PORT);
 461         prefs_register_range_preference(ipa_module, "udp_ports",
 462                                         "GSM IPA UDP Port(s)",
 463                                         "Set the port(s) for ip.access IPA"
 464                                         " (default: " IPA_UDP_PORTS ")",
 465                                         &global_ipa_udp_ports, MAX_UDP_PORT);
 466
 467         prefs_register_bool_preference(ipa_module, "hsl_debug_in_root_tree",
 468                                         "HSL Debug messages in root protocol tree",
 469                                         NULL, &global_ipa_in_root);
 470         prefs_register_bool_preference(ipa_module, "hsl_debug_in_info",
 471                                         "HSL Debug messages in INFO column",
 472                                         NULL, &global_ipa_in_info);
 473 }
 474
 475 static void ipa_tcp_delete_callback(guint32 port)
 476 {
 477         if (port)
 478                 dissector_delete_uint("tcp.port", port, ipa_handle);
 479 }
 480
 481 static void ipa_udp_delete_callback(guint32 port)
 482 {
 483         if (port)
 484                 dissector_delete_uint("udp.port", port, ipa_handle);
 485 }
 486
 487 static void ipa_tcp_add_callback(guint32 port)
 488 {
 489         if (port)
 490                 dissector_add_uint("tcp.port", port, ipa_handle);
 491 }
 492
 493 static void ipa_udp_add_callback(guint32 port)
 494 {
 495         if (port)
 496                 dissector_add_uint("udp.port", port, ipa_handle);
 497 }
 498
 499 void proto_reg_handoff_gsm_ipa(void)
 500 {
 501         static gboolean ipa_initialized = FALSE;
 502         static range_t *ipa_tcp_ports, *ipa_udp_ports;
 503
 504         if (!ipa_initialized) {
 505                 sub_handles[SUB_RSL] = find_dissector("gsm_abis_rsl");
 506                 sub_handles[SUB_OML] = find_dissector("gsm_abis_oml");
 507                 sub_handles[SUB_SCCP] = find_dissector("sccp");
 508                 sub_handles[SUB_MGCP] = find_dissector("mgcp");
 509                 sub_handles[SUB_DATA] = find_dissector("data");
 510
 511                 ipa_handle = create_dissector_handle(dissect_ipa, proto_ipa);
 512                 ipa_initialized = TRUE;
 513         } else {
 514                 range_foreach(ipa_tcp_ports, ipa_tcp_delete_callback);
 515                 g_free(ipa_tcp_ports);
 516                 range_foreach(ipa_udp_ports, ipa_udp_delete_callback);
 517                 g_free(ipa_udp_ports);
 518         }
 519
 520         ipa_tcp_ports = range_copy(global_ipa_tcp_ports);
 521         ipa_udp_ports = range_copy(global_ipa_udp_ports);
 522
 523         range_foreach(ipa_tcp_ports, ipa_tcp_add_callback);
 524         range_foreach(ipa_udp_ports, ipa_udp_add_callback);
 525 }