Ethereal-dev: Re: [Ethereal-dev] Q.931 patch - reassembly of segmented messages

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sat, 21 Feb 2004 02:53:00 -0800
On Fri, Feb 20, 2004 at 08:24:27PM -0800, Guy Harris wrote:
> If it is affected by the changes, then either
> 
> 	1) whoever sent the traffic being dissected violated H.225.0,
> 	   because they're using Segment messages
> 
> or
> 
> 	2) there's a bug that's *not* unique to H.323, because the
> 	   changes affect the dissection of non-segmented messages.

Well, there's *something* strange going on here - there's a capture
named "h225-setup.out" that I think was sent to the list at some point,
and one Q.931-inside-TPKT packet has:

	a Q.931 header, for a FACILITY message;

	a Facility IE, with a length of 0;

	a Display IE, with a length of 19, and display information of
	    "cisco Systems, Inc."[sic - "cisco", not "Cisco"];

	a User-user IE, with a length of 153, a protocol
	    discriminator of 5 ("X.208 and X.209 coded user
	    information"), and 152 bytes of H.225.0 stuff;

	4 bytes of 0, which are interpreted as Segmented message IEs
	    with lengths of 0.

Perhaps Cisco is just putting extra padding crap, and perhaps an H.323
implementation is supposed to ignore whatever IEs come after a User-user
IE.