Support filtering filtering E1 SS7 traffic on MTP2 layer Annex A.

Originally written by Florent Drouin; applied to 1.3.0 by
[email protected].

Reviewed-By: Guy Harris <[email protected]>

diff --git a/CREDITS b/CREDITS
index 45e169ec913526784a003d74a07d3bd65e05bead..20af2d600acb6132b3c5922db2f286f4609ea32e 100644 (file)
--- a/CREDITS
+++ b/CREDITS
@@ -39,6 +39,7 @@ Additional people who have contributed patches:
     Don Ebright                   <Don dot Ebright at compuware dot com> 
     Dug Song                      <dugsong at monkey dot org>
     Dustin Spicuzza               <dustin at virtualroadside dot com>
+    dzejarczech                   <dzejarczech at sourceforge dot net>
     Eric Anderson                 <anderse at hpl dot hp dot com>
     Erik de Castro Lopo           <erik dot de dot castro dot lopo at sensorynetworks dot com>
     Felix Obenhuber               <felix at obenhuber dot de>

diff --git a/gencode.c b/gencode.c
index ab78566afeac733843f989abb1e751ec318334bb..4151519f52b5bc4b54bd4142848ee2911303cef1 100644 (file)
--- a/gencode.c
+++ b/gencode.c
@@ -876,6 +876,7 @@ static u_int off_proto;
  * These are offsets for the MTP2 fields.
  */
 static u_int off_li;
+static u_int off_li_hsl;
 
 /*
  * These are offsets for the MTP3 fields.
@@ -949,6 +950,7 @@ init_linktype(p)
         * And assume we're not doing SS7.
         */
        off_li = -1;
+       off_li_hsl = -1;
        off_sio = -1;
        off_opc = -1;
        off_dpc = -1;
@@ -1381,6 +1383,7 @@ init_linktype(p)
 
        case DLT_MTP2:
                off_li = 2;
+               off_li_hsl = 4;
                off_sio = 3;
                off_opc = 4;
                off_dpc = 4;
@@ -1393,6 +1396,7 @@ init_linktype(p)
 
        case DLT_MTP2_WITH_PHDR:
                off_li = 6;
+               off_li_hsl = 8;
                off_sio = 7;
                off_opc = 8;
                off_dpc = 8;
@@ -1405,6 +1409,7 @@ init_linktype(p)
 
        case DLT_ERF:
                off_li = 22;
+               off_li_hsl = 24;
                off_sio = 23;
                off_opc = 24;
                off_dpc = 24;
@@ -8250,6 +8255,7 @@ gen_atmtype_abbrev(type)
  * FISU, length is null
  * LSSU, length is 1 or 2
  * MSU, length is 3 or more
+ * For MTP2_HSL, sequences are on 2 bytes, and length on 9 bits
  */
 struct block *
 gen_mtp2type_abbrev(type)
@@ -8286,6 +8292,33 @@ gen_mtp2type_abbrev(type)
                b0 = gen_ncmp(OR_PACKET, off_li, BPF_B, 0x3f, BPF_JGT, 0, 2);
                break;
 
+       case MH_FISU:
+               if ( (linktype != DLT_MTP2) &&
+                    (linktype != DLT_ERF) &&
+                    (linktype != DLT_MTP2_WITH_PHDR) )
+                       bpf_error("'hfisu' supported only on MTP2_HSL");
+               /* gen_ncmp(offrel, offset, size, mask, jtype, reverse, value) */
+               b0 = gen_ncmp(OR_PACKET, off_li_hsl, BPF_H, 0xff80, BPF_JEQ, 0, 0);
+               break;
+
+       case MH_LSSU:
+               if ( (linktype != DLT_MTP2) &&
+                    (linktype != DLT_ERF) &&
+                    (linktype != DLT_MTP2_WITH_PHDR) )
+                       bpf_error("'hlssu' supported only on MTP2_HSL");
+               b0 = gen_ncmp(OR_PACKET, off_li_hsl, BPF_H, 0xff80, BPF_JGT, 1, 0x0100);
+               b1 = gen_ncmp(OR_PACKET, off_li_hsl, BPF_H, 0xff80, BPF_JGT, 0, 0);
+               gen_and(b1, b0);
+               break;
+
+       case MH_MSU:
+               if ( (linktype != DLT_MTP2) &&
+                    (linktype != DLT_ERF) &&
+                    (linktype != DLT_MTP2_WITH_PHDR) )
+                       bpf_error("'hmsu' supported only on MTP2_HSL");
+               b0 = gen_ncmp(OR_PACKET, off_li_hsl, BPF_H, 0xff80, BPF_JGT, 0, 0x0100);
+               break;
+
        default:
                abort();
        }
@@ -8301,9 +8334,17 @@ gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
 {
        struct block *b0;
        bpf_u_int32 val1 , val2 , val3;
+       u_int newoff_sio=off_sio;
+       u_int newoff_opc=off_opc;
+       u_int newoff_dpc=off_dpc;
+       u_int newoff_sls=off_sls;
 
        switch (mtp3field) {
 
+       case MH_SIO:
+               newoff_sio += 3; /* offset for MTP2_HSL */
+               /* FALLTHROUGH */
+
        case M_SIO:
                if (off_sio == (u_int)-1)
                        bpf_error("'sio' supported only on SS7");
@@ -8311,10 +8352,12 @@ gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
                if(jvalue > 255)
                        bpf_error("sio value %u too big; max value = 255",
                            jvalue);
-               b0 = gen_ncmp(OR_PACKET, off_sio, BPF_B, 0xffffffff,
+               b0 = gen_ncmp(OR_PACKET, newoff_sio, BPF_B, 0xffffffff,
                    (u_int)jtype, reverse, (u_int)jvalue);
                break;
 
+       case MH_OPC:
+               newoff_opc+=3;
         case M_OPC:
                if (off_opc == (u_int)-1)
                        bpf_error("'opc' supported only on SS7");
@@ -8331,10 +8374,14 @@ gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
                val3 = jvalue & 0x00000003;
                val3 = val3 <<22;
                jvalue = val1 + val2 + val3;
-               b0 = gen_ncmp(OR_PACKET, off_opc, BPF_W, 0x00c0ff0f,
+               b0 = gen_ncmp(OR_PACKET, newoff_opc, BPF_W, 0x00c0ff0f,
                    (u_int)jtype, reverse, (u_int)jvalue);
                break;
 
+       case MH_DPC:
+               newoff_dpc += 3;
+               /* FALLTHROUGH */
+
        case M_DPC:
                if (off_dpc == (u_int)-1)
                        bpf_error("'dpc' supported only on SS7");
@@ -8349,10 +8396,12 @@ gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
                val2 = jvalue & 0x00003f00;
                val2 = val2 << 8;
                jvalue = val1 + val2;
-               b0 = gen_ncmp(OR_PACKET, off_dpc, BPF_W, 0xff3f0000,
+               b0 = gen_ncmp(OR_PACKET, newoff_dpc, BPF_W, 0xff3f0000,
                    (u_int)jtype, reverse, (u_int)jvalue);
                break;
 
+       case MH_SLS:
+         newoff_sls+=3;
        case M_SLS:
                if (off_sls == (u_int)-1)
                        bpf_error("'sls' supported only on SS7");
@@ -8363,7 +8412,7 @@ gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
                /* the following instruction is made to convert jvalue
                 * to the forme used to write sls in an ss7 message*/
                jvalue = jvalue << 4;
-               b0 = gen_ncmp(OR_PACKET, off_sls, BPF_B, 0xf0,
+               b0 = gen_ncmp(OR_PACKET, newoff_sls, BPF_B, 0xf0,
                    (u_int)jtype,reverse, (u_int)jvalue);
                break;
 

diff --git a/gencode.h b/gencode.h
index 29d2d10f26019468877120318a7dcfa0d3546f7c..5399d07b29f5a0966914e844ebbb4dfdbf6ba436 100644 (file)
--- a/gencode.h
+++ b/gencode.h
@@ -186,12 +186,23 @@
 #define M_LSSU         23      /* LSSU */
 #define M_MSU          24      /* MSU */
 
+/* MTP2 HSL types */
+#define MH_FISU                25      /* FISU for HSL */
+#define MH_LSSU                26      /* LSSU */
+#define MH_MSU         27      /* MSU */
+
 /* MTP3 field types */
 #define M_SIO          1
 #define M_OPC          2
 #define M_DPC          3
 #define M_SLS          4
 
+/* MTP3 field types in case of MTP2 HSL */
+#define MH_SIO         5
+#define MH_OPC         6
+#define MH_DPC         7
+#define MH_SLS         8
+
 
 struct slist;
 

diff --git a/grammar.y b/grammar.y
index f92e90dd73c76f4515d2a4d3752e747402e80aa0..34a710e43bc5be46c393a4fa53382379c5e48192 100644 (file)
--- a/grammar.y
+++ b/grammar.y
@@ -294,8 +294,9 @@ pfaction_to_num(const char *action)
 %token OAM OAMF4 CONNECTMSG METACONNECT
 %token VPI VCI
 %token RADIO
-%token FISU LSSU MSU
-%token SIO OPC DPC SLS
+%token FISU LSSU MSU HFISU HLSSU HMSU
+%token SIO OPC DPC SLS HSIO HOPC HDPC HSLS
+ 
 
 %type  <s> ID
 %type  <e> EID
@@ -670,12 +671,19 @@ atmlistvalue: atmfieldvalue
 mtp2type: FISU                 { $$ = M_FISU; }
        | LSSU                  { $$ = M_LSSU; }
        | MSU                   { $$ = M_MSU; }
+       | HFISU                 { $$ = MH_FISU; }
+       | HLSSU                 { $$ = MH_LSSU; }
+       | HMSU                  { $$ = MH_MSU; }
        ;
        /* MTP3 field types quantifier */
 mtp3field: SIO                 { $$.mtp3fieldtype = M_SIO; }
        | OPC                   { $$.mtp3fieldtype = M_OPC; }
        | DPC                   { $$.mtp3fieldtype = M_DPC; }
        | SLS                   { $$.mtp3fieldtype = M_SLS; }
+       | HSIO                  { $$.mtp3fieldtype = MH_SIO; }
+       | HOPC                  { $$.mtp3fieldtype = MH_OPC; }
+       | HDPC                  { $$.mtp3fieldtype = MH_DPC; }
+       | HSLS                  { $$.mtp3fieldtype = MH_SLS; }
        ;
 mtp3value: mtp3fieldvalue
        | relop NUM             { $$.b = gen_mtp3field_code($<blk>0.mtp3fieldtype, (u_int)$2, (u_int)$1, 0); }
@@ -687,7 +695,11 @@ mtp3fieldvalue: NUM {
        if ($$.mtp3fieldtype == M_SIO ||
            $$.mtp3fieldtype == M_OPC ||
            $$.mtp3fieldtype == M_DPC ||
-           $$.mtp3fieldtype == M_SLS )
+           $$.mtp3fieldtype == M_SLS ||
+           $$.mtp3fieldtype == MH_SIO ||
+           $$.mtp3fieldtype == MH_OPC ||
+           $$.mtp3fieldtype == MH_DPC ||
+           $$.mtp3fieldtype == MH_SLS)
                $$.b = gen_mtp3field_code($$.mtp3fieldtype, (u_int) $1, BPF_JEQ, 0);
        }
        ;

diff --git a/scanner.l b/scanner.l
index 73183dd0d7de1a591f33a6c99568fa06803bb1c1..daa5eae0cb41e0023aca2d1f7afde42ca9877b92 100644 (file)
--- a/scanner.l
+++ b/scanner.l
@@ -311,10 +311,17 @@ fisu              return FISU;
 lssu           return LSSU;
 lsu            return LSSU;
 msu            return MSU;
+hfisu          return HFISU;
+hlssu          return HLSSU;
+hmsu           return HMSU;
 sio            return SIO;
 opc            return OPC;
 dpc            return DPC;
 sls            return SLS;
+hsio           return HSIO;
+hopc           return HOPC;
+hdpc           return HDPC;
+hsls           return HSLS;
 
 [ \r\n\t]              ;
 [+\-*/:\[\]!<>()&|=]   return yytext[0];