From 6fd8a743ddef469fef5bbd6095398188fb6fc829 Mon Sep 17 00:00:00 2001 From: Eduardo Ramos Testillano Date: Fri, 3 Apr 2015 01:27:21 +0200 Subject: [PATCH] PCAP decoder and example dictionary --- README.md | 3 + example/diameter/pcapDecoder/SConscript | 38 + example/diameter/pcapDecoder/SConstruct | 8 + example/diameter/pcapDecoder/dictionary.xml | 2141 +++++++++++++++++++ example/diameter/pcapDecoder/main.cpp | 438 ++++ example/diameter/pcapDecoder/my.pcap | Bin 0 -> 4314 bytes 6 files changed, 2628 insertions(+) create mode 100644 example/diameter/pcapDecoder/SConscript create mode 100644 example/diameter/pcapDecoder/SConstruct create mode 100644 example/diameter/pcapDecoder/dictionary.xml create mode 100644 example/diameter/pcapDecoder/main.cpp create mode 100644 example/diameter/pcapDecoder/my.pcap diff --git a/README.md b/README.md index 1b95114..56a695f 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,9 @@ Execute 'sudo scons uninstall' ### OpenLDAP: sudo apt-get install libldap2-dev +### Pcap: + sudo apt-get install libpcap-dev + ### MySql: sudo apt-get install libmysqlclient-dev diff --git a/example/diameter/pcapDecoder/SConscript b/example/diameter/pcapDecoder/SConscript new file mode 100644 index 0000000..ab3bc06 --- /dev/null +++ b/example/diameter/pcapDecoder/SConscript @@ -0,0 +1,38 @@ +Import ('env') + +# Process ################################################################# +#pName = "example__" +bnames = Dir('..').abspath.rsplit('/', 2) +pName = "example_" + bnames[-2] + "_" + bnames[-1] +pPath = pName.replace("_", "/") + "/" + +# Anna modules ############################################################ +pwd = str(Dir ('.').abspath); +anna_libpaths = [] +anna_libs = [] +modules = [ 'core', 'io', 'xml', 'time', 'diameter' ]; +for module in modules: + anna_libs.append ("anna_" + module) + #module = module.replace("_", ".") + anna_libpaths.append (pwd.replace (pPath, ("source/" + module + "/"))) + +anna_rlibs = list(anna_libs) +anna_rlibs.reverse() + +# Libraries ############################################################### +# To avoid other libraries accumulation: +localEnv = env.Clone() + +anna_library = { 'LIBS' : anna_rlibs } +localEnv.MergeFlags (anna_library) + +system_library = { 'LIBS' : [ 'xml2', 'rt', 'pcap' ] } +localEnv.MergeFlags (system_library) + +localEnv.Append(LIBPATH = anna_libpaths) + +# Linking ################################################################# +result = localEnv.Program (pName, Glob ('*.cpp')) + + +Return ('result') diff --git a/example/diameter/pcapDecoder/SConstruct b/example/diameter/pcapDecoder/SConstruct new file mode 100644 index 0000000..3275f35 --- /dev/null +++ b/example/diameter/pcapDecoder/SConstruct @@ -0,0 +1,8 @@ +Import ('env') + +variant = env ['VARIANT'] + +result = SConscript ('SConscript', exports='env', variant_dir='%s' % variant, duplicate=0) + +Return ('result') + diff --git a/example/diameter/pcapDecoder/dictionary.xml b/example/diameter/pcapDecoder/dictionary.xml new file mode 100644 index 0000000..99c4b3a --- /dev/null +++ b/example/diameter/pcapDecoder/dictionary.xml @@ -0,0 +1,2141 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/example/diameter/pcapDecoder/main.cpp b/example/diameter/pcapDecoder/main.cpp new file mode 100644 index 0000000..f3330b7 --- /dev/null +++ b/example/diameter/pcapDecoder/main.cpp @@ -0,0 +1,438 @@ +// ANNA - Anna is Not Nothingness Anymore +// +// (c) Copyright 2005-2014 Eduardo Ramos Testillano & Francisco Ruiz Rayo +// +// http://redmine.teslayout.com/projects/anna-suite +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of the copyright holder nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// +// Authors: eduardo.ramos.testillano@gmail.com +// cisco.tierra@gmail.com + + +// Standard +#include +#include +#include +#include +#include +#include + +// STL +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + + + +using namespace anna; +using namespace anna::diameter; + + +// Payload and frame metadata ///////////////////////////////////////////////////////////////////////////// +class Payload { + + std::string _sourceIP; + std::string _destinationIP; + time_t _timestamp; + int _timestampU; // usecs + std::string _data; + size_t _diameterLength; + +public: + Payload() { reset(); } + + void setDiameterLength(size_t dl) { + if (_diameterLength == -1) { + _diameterLength=dl; + LOGDEBUG (Logger::debug(anna::functions::asString("Diameter message length: %d bytes", dl), ANNA_FILE_LOCATION)); + } + } + + void setSourceIP(const std::string &srcIP) throw() { _sourceIP = srcIP; } + void setDestinationIP(const std::string &dstIP) throw() { _destinationIP = dstIP; } + void setTimestamp(time_t ts) throw() { _timestamp = ts; } + void setTimestampU(int tsu) throw() { _timestampU = tsu; } + // Returns true if completed: + bool appendData(const char *data, size_t size) throw(RuntimeException) { + LOGDEBUG (Logger::debug(anna::functions::asString("Appending %d bytes", size), ANNA_FILE_LOCATION)); + _data.append(data, size); + if (_data.size() > _diameterLength) throw RuntimeException("Data overflow (unexpected offset exceed diameter message length)", ANNA_FILE_LOCATION); + if (_data.size() < _diameterLength) return false; + LOGDEBUG (anna::Logger::debug("Completed!", ANNA_FILE_LOCATION)); + return true; + } + + void reset() throw() { + _sourceIP = ""; + _destinationIP = ""; + _timestamp = 0; + _timestampU = 0; + _data = ""; + _diameterLength = -1; // not calculated yet + } + + const std::string &getSourceIP() const throw() { return _sourceIP; } + const std::string &getDestinationIP() const throw() { return _destinationIP; } + time_t getTimestamp() const throw() { return _timestamp; } + int getTimestampU() const throw() { return _timestampU; } + const std::string &getData() const throw() { return _data; } + std::string getDataAsHex() const throw() { return anna::functions::asHexString(anna::DataBlock(_data.c_str(), _data.size())); } +}; + + + +// Data maps ////////////////////////////////////////////////////////////////////////////////////////////// +typedef std::map payloads_t; +typedef std::map ::const_iterator payloads_it; +payloads_t G_payloads; +anna::diameter::codec::Message G_codecMsg; + + + + + +// Sniffing structures //////////////////////////////////////////////////////////////////////////////////// + +/* ethernet headers are always exactly 14 bytes */ +#define SIZE_ETHERNET 14 +/* Ethernet addresses are 6 bytes */ +#define ETHER_ADDR_LEN 6 + +/* Ethernet header */ +struct sniff_ethernet { + u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */ + u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */ + u_short ether_type; /* IP? ARP? RARP? etc */ +}; + +/* IP header */ +struct sniff_ip { + u_char ip_vhl; /* version << 4 | header length >> 2 */ + u_char ip_tos; /* type of service */ + u_short ip_len; /* total length */ + u_short ip_id; /* identification */ + u_short ip_off; /* fragment offset field */ +#define IP_RF 0x8000 /* reserved fragment flag */ +#define IP_DF 0x4000 /* dont fragment flag */ +#define IP_MF 0x2000 /* more fragments flag */ +#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ + u_char ip_ttl; /* time to live */ + u_char ip_p; /* protocol */ + u_short ip_sum; /* checksum */ + struct in_addr ip_src,ip_dst; /* source and dest address */ +}; +#define IP_OFF(ip) (((ip)->ip_off) & IP_OFFMASK) +#define IP_DF_VAL(ip) ((((ip)->ip_off) & IP_DF) >> 14) +#define IP_MF_VAL(ip) ((((ip)->ip_off) & IP_MF) >> 13) +#define IP_HL(ip) (((ip)->ip_vhl) & 0x0f) +#define IP_V(ip) (((ip)->ip_vhl) >> 4) + +/* TCP header */ +typedef u_int tcp_seq; + +struct sniff_tcp { + u_short th_sport; /* source port */ + u_short th_dport; /* destination port */ + tcp_seq th_seq; /* sequence number */ + tcp_seq th_ack; /* acknowledgement number */ + u_char th_offx2; /* data offset, rsvd */ +#define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4) + u_char th_flags; +#define TH_FIN 0x01 +#define TH_SYN 0x02 +#define TH_RST 0x04 +#define TH_PUSH 0x08 +#define TH_ACK 0x10 +#define TH_URG 0x20 +#define TH_ECE 0x40 +#define TH_CWR 0x80 +#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR) + u_short th_win; /* window */ + u_short th_sum; /* checksum */ + u_short th_urp; /* urgent pointer */ +}; + +// Payload extraction ///////////////////////////////////////////////////////////////////////////////////// +u_char *getPayload(const u_char* packet, int packetSize, int &payloadSize, std::string &srcIp, std::string &dstIp, int &fragmentId, bool &dfFlag, bool &mfFlag, int &fragmentOffset) { + + const struct sniff_ethernet *ethernet; /* The ethernet header */ + const struct sniff_ip *ip; /* The IP header */ + const struct sniff_tcp *tcp; /* The TCP header */ + + u_int size_ip; + u_int size_tcp; + + ethernet = (struct sniff_ethernet*)(packet); + ip = (struct sniff_ip*)(packet + SIZE_ETHERNET); + size_ip = IP_HL(ip)*4; // 4 bytes per 32 bits word + if (size_ip < 20) { + LOGDEBUG (Logger::debug(anna::functions::asString("Invalid IP header length: %d bytes", size_ip), ANNA_FILE_LOCATION)); + return NULL; + } + + static char str[INET_ADDRSTRLEN]; + inet_ntop(AF_INET, &(ip->ip_src), str, INET_ADDRSTRLEN); + srcIp = str; + inet_ntop(AF_INET, &(ip->ip_dst), str, INET_ADDRSTRLEN); + dstIp = str; + + LOGDEBUG (Logger::debug(anna::functions::asString("ip_id: %d | ip_off: %d", ip->ip_id, ip->ip_off), ANNA_FILE_LOCATION)); + fragmentId = ip->ip_id; + dfFlag = IP_DF_VAL(ip); + mfFlag = IP_MF_VAL(ip); + fragmentOffset = IP_OFF(ip); + + + tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip); + size_tcp = TH_OFF(tcp)*4; + if (size_tcp < 20) { + LOGDEBUG (Logger::debug(anna::functions::asString("Invalid TCP header length: %d bytes", size_tcp), ANNA_FILE_LOCATION)); + return NULL; + } + + int payloadOffset = SIZE_ETHERNET + size_ip + size_tcp; + LOGDEBUG (Logger::debug(anna::functions::asString("PayloadOffset=%d", payloadOffset), ANNA_FILE_LOCATION)); + payloadSize = packetSize - payloadOffset; + return ((u_char *)(packet + payloadOffset)); +} + +// Sniffing callback ////////////////////////////////////////////////////////////////////////////////////// +void my_callback(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet) +{ + static int count = 1; + + static Payload auxPayload; + + int packetSize = pkthdr->len; + int payloadSize; + std::string srcIp, dstIp; + int fragmentId, fragmentOffset; + bool dfFlag, mfFlag; + const u_char* payload = getPayload(packet, packetSize, payloadSize, srcIp, dstIp, fragmentId, dfFlag, mfFlag, fragmentOffset); + if (payload && (payloadSize > 0)) { + LOGDEBUG ( + std::string msg; + msg += anna::functions::asString("\nFrame %d:", count); + msg += anna::functions::asHexString(anna::DataBlock((const char *)packet, pkthdr->len)); + time_t time = pkthdr->ts.tv_sec; + msg += "\n"; + msg += anna::functions::asString("\ntimestamp %d.%d", pkthdr->ts.tv_sec, pkthdr->ts.tv_usec); + msg += anna::functions::asString("\ndate %s", ctime(&time)); + msg += anna::functions::asString("\ncaplen %d", pkthdr->caplen); + msg += anna::functions::asString("\npacketSize %d", packetSize); + msg += anna::functions::asString("\npayloadSize %d", payloadSize); + msg += "\nPayload:"; + msg += anna::functions::asHexString(anna::DataBlock((const char *)payload, payloadSize)); + msg += "\n"; + msg += anna::functions::asString("\nsourceIP %s", srcIp.c_str()); + msg += anna::functions::asString("\ndestinationIP %s", dstIp.c_str()); + msg += "\n"; + msg += anna::functions::asString("\nfragmentId %d:", fragmentId); + msg += anna::functions::asString("\nDF %s:", (dfFlag ? "1":"0")); + msg += anna::functions::asString("\nMF %s:", (mfFlag ? "1":"0")); + msg += anna::functions::asString("\nfragmentOffset %d:", fragmentOffset); + + Logger::debug(msg, ANNA_FILE_LOCATION); + ); + + auxPayload.setDiameterLength((payload[1] << 16) + (payload[2] << 8) + payload[3]); + auxPayload.setSourceIP(srcIp); + auxPayload.setDestinationIP(dstIp); + auxPayload.setTimestamp(pkthdr->ts.tv_sec); + auxPayload.setTimestampU(pkthdr->ts.tv_usec); + bool completed = auxPayload.appendData((const char *)payload, payloadSize); + if (completed) { + G_payloads[count] = auxPayload; + auxPayload.reset(); + } + } + + count++; +} + + + +//------------------------------------------------------------------- +int main(int argc, char **argv) +{ + std::string exec = argv[0]; + + std::cout << std::endl; + + //check command line arguments + if (argc < 3) { + std::cout << "Usage: " << exec << " [--ignore-flags: non-strict validation]" << std::endl << std::endl; + return 1; + } + + // Command-line parameters: + std::string dictionaries = argv[1]; + std::string pcapFile = argv[2]; + std::string optional = argv[3]; + bool ignoreFlags = ((argc == 4) && (optional == "--ignore-flags")); + std::cout << "Dictionary(ies) provided: " << dictionaries << std::endl; + std::cout << "Pcap file provided: " << pcapFile << std::endl; + std::cout << "Validation kindness: " << (ignoreFlags ? "non strict":"strict") << std::endl; + + // Logger and engines: + Logger::setLevel(Logger::Debug); + Logger::initialize("pcapDecoder", new TraceWriter("file.trace", 2048000)); + anna::diameter::codec::Engine *codecEngine = new anna::diameter::codec::Engine(); + anna::diameter::stack::Engine &stackEngine = anna::diameter::stack::Engine::instantiate(); + + try { + anna::diameter::stack::Dictionary * d = stackEngine.createDictionary(0 /* stack id */); + // Analyze comma-separated list: + anna::Tokenizer lst; + lst.apply(dictionaries, ","); + + if (lst.size() >= 1) { // always true (at least one, because -dictionary is mandatory) + anna::Tokenizer::const_iterator tok_min(lst.begin()); + anna::Tokenizer::const_iterator tok_max(lst.end()); + anna::Tokenizer::const_iterator tok_iter; + std::string pathFile; + d->allowUpdates(); + + for (tok_iter = tok_min; tok_iter != tok_max; tok_iter++) { + pathFile = anna::Tokenizer::data(tok_iter); + d->load(pathFile); + } + } + + codecEngine->setDictionary(d); + //LOGDEBUG(anna::Logger::debug(codecEngine->asString(), ANNA_FILE_LOCATION)); + + if (lst.size() > 1) { + std::ofstream out("./dictionary.xml", std::ifstream::out); + std::string buffer = d->asXMLString(); + out.write(buffer.c_str(), buffer.size()); + out.close(); + std::cout << "Written 'dictionary.xml' (provide it next time to be more comfortable)." << std::endl; + } + + } catch (anna::RuntimeException &ex) { + std::cerr << ex.asString() << std::endl << std::endl; + return 1; + } + + codecEngine->ignoreFlagsOnValidation(ignoreFlags); + // Tracing: + //if (cl.exists("trace")) + // anna::Logger::setLevel(anna::Logger::asLevel(cl.getValue("trace"))); + + + + // SNIFFING //////////////////////////////////////////////////////////////////////////////////////////////7 + + //temporary packet buffers + struct pcap_pkthdr header; // The header that pcap gives us + const u_char *packet; // The actual packet + + //------------------ + //open the pcap file + pcap_t *handle; + char errbuf[PCAP_ERRBUF_SIZE]; //not sure what to do with this, oh well + handle = pcap_open_offline(pcapFile.c_str(), errbuf); //call pcap library function + + if (handle == NULL) { + std::cerr << errbuf << std::endl << std::endl; + return 2; + } + + + //begin processing the packets in this particular file + int packets = -1; + try { + while (packets != 0) + packets = pcap_dispatch(handle, -1, (pcap_handler)my_callback, NULL); + } + catch (RuntimeException &ex) { + std::cerr << ex.asString() << std::endl << std::endl; + return 1; + } + pcap_close(handle); //close the pcap file + + // Print payloads ////////////////////////////////////////////////////////////////////////////////////////////// + + // Open output file: + std::string output = pcapFile; output += ".report"; + std::ofstream out(output, std::ifstream::out); + std::string xmlStr; + anna::DataBlock db_aux(true); + + //out.write(str.c_str(), str.size()); + + + for (payloads_it it = G_payloads.begin(); it != G_payloads.end(); it++) { + LOGDEBUG (Logger::debug(anna::functions::asString("Dumping frame %d", it->first), ANNA_FILE_LOCATION)); + time_t ts = (it->second).getTimestamp(); + int tsu = (it->second).getTimestampU(); + std::string ts_str = ctime(&ts); + ts_str.erase (ts_str.find ("\n")); + + out << std::endl; + out << "===================================================================================================" << std::endl; + out << "Date: " << ts_str << std::endl; + out << "Timestamp: " << std::to_string(ts) << "." << std::to_string(tsu) << std::endl; + out << "Origin IP: " << (it->second).getSourceIP() << std::endl; + out << "Destination IP: " << (it->second).getDestinationIP() << std::endl; + out << std::endl; + + // decode hex string: + anna::functions::fromHexString((it->second).getDataAsHex(), db_aux); + try { + G_codecMsg.decode(db_aux); + } + catch (RuntimeException &ex) { + std::cerr << ex.asString() << std::endl << std::endl; + return 1; + } + out << G_codecMsg.asXMLString(); + } + + + // Close output file: + out.close(); + + std::cout << "Open 'file.trace' in order to see process traces." << std::endl; + std::cout << "Open '" << output << "' to see conversion results." << std::endl; + std::cout << std::endl; + return 0; +} + diff --git a/example/diameter/pcapDecoder/my.pcap b/example/diameter/pcapDecoder/my.pcap new file mode 100644 index 0000000000000000000000000000000000000000..82180aea9e7fb7d61fbd8831567926c6c51751c5 GIT binary patch literal 4314 zcmeHKYfM{p6hHqABdVc43W(=Lzn0W<2Jt-qHeIDTl}DI?tw9Q&cD6A4+?P)6F+$A zr9J=0@0{~LzjN-n-%g)6Du528YjF{Pq0lf=ywm=E0sM{v-8&F!aFTkdFSBG8f*whyaHST&cR=00otfwvF4{V9V;yu1_z@{A75%7h=wysFH zPONje9S(O@g%_d6c#JMdE8I9LLZJx zI?yg*zd|k~2Ked=p$UNB$N-FeiU-61aEWhtp9565^~#h{!2Ct0kNgyyzn; zD8sq?#V?A@KjD{=bORX9p>7`YoyEh)@HcT~Io>V92O*wVCT=*cikm_%MD8pm<$0h} zzxjh+8AnwngUj>)W%6*5I+G7yIWl@-K4FGKZ+(gO^GqI0fG{f(;>ADo@M$jaTU#4) z$EQvZ;`cWs#JP&1$^~dRKa$_{1tK0envNrz96SiZk4XlGlL=t?7_(9^#->5{^<~sa zv1`)Q24A{0h63x_cL7~OZW08{6Q1+>q|6O8MKGZJdAc_IrJiGdqTEb# zSV+UcxFy(Q5o;~oy^*lRZWCP|o5yW))>s@4r^^zLSVTJwh)%oBZRdl4eiFt;1xBPV zo&j01fl#!_h@s@OfHs4|PSmli54iRYd~j#;!F{Jba1@OX2(qFN6o)*GPdZt~X%KSM zvKEhhm6~_V&|>`LtJez!8rdkx8-x3I<9gx<^74O-&~WB3e6KO1-@mska`Ko%)j$7N(0+meN4 zIk=W8(W%rN%T|dR6jcN(Q82o+5;^TWhaI&x5&vpMi_?x)q^rON#eS+n5`ZWzcUW9} zzcPDW96)=LODd2udnx;L=!-e!%ZsRA5g8y^i>Jz7ss@Ve<@*)q$oJnyd|v4rH?3>+ z`Fn$YM8$oDIG)x^ou*(ynP+t@60>y&djmLTPNc`$Hn&+ex3oWn_9&|d?PCfYokq^n z$oVK2Db~~eyXiPfh>h>*49ZSL({YZ)s6W(wAoquJ6~x2^Xz5Rwt)2CC=u4{OoS@#~ z2}C?L%iwXeiS8vG=i0G2A?8eEMJ%^=-aaHD&h8;Z1i6JH+D=9A%1?F!{=V0)tl@LuOggCrPLQK73 zru))jWnVh9hWb)M+;)8>#Hk5x