Wireshark-bugs: [Wireshark-bugs] [Bug 1719] New: A bug in CAMEL ApplyCharging message.

Date: Tue, 31 Jul 2007 08:46:13 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1719

           Summary: A bug in CAMEL ApplyCharging message.
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: palos@xxxxxxxxxxxxx


Build Information:
Version 0.99.7

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0
--
Hi,

The wireshark does not dissect well timeDurationCharging parameter in
CAMEL ApplyCharging message.

The ASN.1 definition is different between V3 and V4 in
CAMEL-AChBillingChargingCharacteristics

CAP version 3 
CAMEL-AChBillingChargingCharacteristics {PARAMETERS-BOUND : bound} ::= CHOICE {
        timeDurationCharging            [0] SEQUENCE {
                maxCallPeriodDuration           [0] INTEGER (1..864000),
                releaseIfdurationExceeded       [1] BOOLEAN DEFAULT FALSE,
                tariffSwitchInterval            [2] INTEGER (1..86400)         
        OPTIONAL,
here=>          tone                            [3] BOOLEAN DEFAULT FALSE,
                extensions                      [4] Extensions  {bound}
OPTIONAL,
                ...
                }
        }

CAP version 4
CAMEL-AChBillingChargingCharacteristics {PARAMETERS-BOUND : bound} ::= CHOICE {
        timeDurationCharging            [0] SEQUENCE {
                maxCallPeriodDuration           [0] INTEGER (1..864000),
                releaseIfdurationExceeded       [1] BOOLEAN DEFAULT FALSE,
                tariffSwitchInterval            [2] INTEGER (1..86400)         
OPTIONAL,
changed=>       audibleIndicator                [3] AudibleIndicator DEFAULT
{tone FALSE},      
                extensions                      [4] Extensions {bound}         
OPTIONAL,
                ...
                }
        }

AudibleIndicator ::= CHOICE {
        tone                                    BOOLEAN,
        burstList                               [1] BurstList
        }

I think ApplicationContext version can be a solution for which asn.1 to use .

A text log is as follows.

No.     Time        Source                Destination           Protocol Info
      1 0.000000    2ae3                  2413                  Camel    invoke
requestReportBCSMEvent invoke applyCharging [Malformed Packet]

Frame 1 (265 bytes on wire, 265 bytes captured)
    Arrival Time: Jun 21, 2007 21:04:35.730919000
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 265 bytes
    Capture Length: 265 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:udp:lge_monitor:mtp3:sccp:tcap:camel:camel]
Ethernet II, Src: Goldstar_73:3f:49 (00:40:5a:73:3f:49), Dst: HewlettP_10:75:29
(00:15:60:10:75:29)
    Destination: HewlettP_10:75:29 (00:15:60:10:75:29)
        Address: HewlettP_10:75:29 (00:15:60:10:75:29)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: Goldstar_73:3f:49 (00:40:5a:73:3f:49)
        Address: Goldstar_73:3f:49 (00:40:5a:73:3f:49)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 10.64.65.141 (10.64.65.141), Dst: 10.64.65.142
(10.64.65.142)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 251
    Identification: 0x659a (26010)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (0x11)
    Header checksum: 0x7cbd [correct]
        [Good: True]
        [Bad : False]
    Source: 10.64.65.141 (10.64.65.141)
    Destination: 10.64.65.142 (10.64.65.142)
User Datagram Protocol, Src Port: 10000 (10000), Dst Port: 10000 (10000)
    Source port: 10000 (10000)
    Destination port: 10000 (10000)
    Length: 231
    Checksum: 0x56bd [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
LGE Monitor
    LGE Monitor PDU
    Direction: RX(Receive Message Signaling Unit) (1)
    Protocol Identifier: MTP-3(Message Transfer Part 3) (0)
    Payload Length: 211
Message Transfer Part Level 3
    Service information octet
        10.. .... = Network indicator: National network (0x02)
        ..00 .... = Spare: 0x00
        .... 0011 = Service indicator: SCCP (0x03)
    Routing label
        .... .... .... .... ..10 0100 0001 0011 = DPC: 9235
        .... 1010 1011 1000 11.. .... .... .... = OPC: 10979
        1000 .... .... .... .... .... .... .... = Signalling Link Selector: 8
Signalling Connection Control Part
    Message Type: Unitdata (0x09)
    .... 0001 = Class: 0x01
    0000 .... = Message handling: No special options (0x00)
    Pointer to first Mandatory Variable parameter: 3
    Pointer to second Mandatory Variable parameter: 14
    Pointer to third Mandatory Variable parameter: 18
    Called Party address (11 bytes)
        Address Indicator
            .0.. .... = Routing Indicator: Route on GT (0x00)
            ..01 00.. = Global Title Indicator: Translation Type, Numbering
Plan, Encoding Scheme, and Nature of Address Indicator included (0x04)
            .... ..1. = SubSystem Number Indicator: SSN present (0x01)
            .... ...0 = Point Code Indicator: Point Code not present (0x00)
        SubSystem Number: CAP (146)
        [Linked to TCAP, TCAP SSN linked to CAMEL]
        Global Title 0x4 (9 bytes)
            Translation Type: 0x00
            0001 .... = Numbering Plan: ISDN/telephony (0x01)
            .... 0010 = Encoding Scheme: BCD, even number of digits (0x02)
            .000 0100 = Nature of Address Indicator: International number
(0x04)
            Address information (digits): 821029190305
    Calling Party address (4 bytes)
        Address Indicator
            .1.. .... = Routing Indicator: Route on SSN (0x01)
            ..00 00.. = Global Title Indicator: No Global Title (0x00)
            .... ..1. = SubSystem Number Indicator: SSN present (0x01)
            .... ...1 = Point Code Indicator: Point Code present (0x01)
        ..10 1001 1100 0010 = PC: 10690
        SubSystem Number: CAP (146)
        [Linked to TCAP, TCAP SSN linked to CAMEL]
Transaction Capabilities Application Part
    continue
        Source Transaction ID
            Transaction Id: 4A951900
        Destination Transaction ID
            Transaction Id: 0FC30010
        components: 3 items
            Item: invoke (1)
                invoke
                    invokeID: 3
                    opCode: localValue (0)
                        localValue: 23
                    CONSTRUCTOR
                        CONSTRUCTOR Tag
                        Tag: 0x00
                        Length: 0x5d
                        CONSTRUCTOR
                            CONSTRUCTOR Tag
                            Tag: 0x02
                            Length: 0x5b
                            CONSTRUCTOR
                                CONSTRUCTOR Tag
                                Tag: 0x00
                                Length: 0x0b
                                Parameter (0x00)
                                    Tag: 0x00
                                    Length: 0x01
                                Data: 09
                                Parameter (0x01)
                                    Tag: 0x01
                                    Length: 0x01
                                Data: 00
                                CONSTRUCTOR
                                    CONSTRUCTOR Tag
                                    Tag: 0x02
                                    Length: 0x03
                                    Parameter (0x00)
                                        Tag: 0x00
                                        Length: 0x01
                                    Data: 01
                            CONSTRUCTOR
                                CONSTRUCTOR Tag
                                Tag: 0x00
                                Length: 0x0b
                                Parameter (0x00)
                                    Tag: 0x00
                                    Length: 0x01
                                Data: 0A
                                Parameter (0x01)
                                    Tag: 0x01
                                    Length: 0x01
                                Data: 00
                                CONSTRUCTOR
                                    CONSTRUCTOR Tag
                                    Tag: 0x02
                                    Length: 0x03
                                    Parameter (0x00)
                                        Tag: 0x00
                                        Length: 0x01
                                    Data: 01
                            CONSTRUCTOR
                                CONSTRUCTOR Tag
                                Tag: 0x00
                                Length: 0x0b
                                Parameter (0x00)
                                    Tag: 0x00
                                    Length: 0x01
                                Data: 04
                                Parameter (0x01)
                                    Tag: 0x01
                                    Length: 0x01
                                Data: 00
                                CONSTRUCTOR
                                    CONSTRUCTOR Tag
                                    Tag: 0x02
                                    Length: 0x03
                                    Parameter (0x00)
                                        Tag: 0x00
                                        Length: 0x01
                                    Data: 02
                            CONSTRUCTOR
                                CONSTRUCTOR Tag
                                Tag: 0x00
                                Length: 0x0b
                                Parameter (0x00)
                                    Tag: 0x00
                                    Length: 0x01
                                Data: 05
                                Parameter (0x01)
                                    Tag: 0x01
                                    Length: 0x01
                                Data: 00
                                CONSTRUCTOR
                                    CONSTRUCTOR Tag
                                    Tag: 0x02
                                    Length: 0x03
                                    Parameter (0x00)
                                        Tag: 0x00
                                        Length: 0x01
                                    Data: 02
                            CONSTRUCTOR
                                CONSTRUCTOR Tag
                                Tag: 0x00
                                Length: 0x0b
                                Parameter (0x00)
                                    Tag: 0x00
                                    Length: 0x01
                                Data: 06
                                Parameter (0x01)
                                    Tag: 0x01
                                    Length: 0x01
                                Data: 00
                                CONSTRUCTOR
                                    CONSTRUCTOR Tag
                                    Tag: 0x02
                                    Length: 0x03
                                    Parameter (0x00)
                                        Tag: 0x00
                                        Length: 0x01
                                    Data: 02
                            CONSTRUCTOR
                                CONSTRUCTOR Tag
                                Tag: 0x00
                                Length: 0x0b
                                Parameter (0x00)
                                    Tag: 0x00
                                    Length: 0x01
                                Data: 07
                                Parameter (0x01)
                                    Tag: 0x01
                                    Length: 0x01
                                Data: 01
                                CONSTRUCTOR
                                    CONSTRUCTOR Tag
                                    Tag: 0x02
                                    Length: 0x03
                                    Parameter (0x00)
                                        Tag: 0x00
                                        Length: 0x01
                                    Data: 02
                            CONSTRUCTOR
                                CONSTRUCTOR Tag
                                Tag: 0x00
                                Length: 0x0b
                                Parameter (0x00)
                                    Tag: 0x00
                                    Length: 0x01
                                Data: 09
                                Parameter (0x01)
                                    Tag: 0x01
                                    Length: 0x01
                                Data: 00
                                CONSTRUCTOR
                                    CONSTRUCTOR Tag
                                    Tag: 0x02
                                    Length: 0x03
                                    Parameter (0x00)
                                        Tag: 0x00
                                        Length: 0x01
                                    Data: 02
            Item: invoke (1)
                invoke
                    invokeID: 4
                    opCode: localValue (0)
                        localValue: 35
                    CONSTRUCTOR
                        CONSTRUCTOR Tag
                        Tag: 0x00
                        Length: 0x10
                        Parameter (0x00)
                            Tag: 0x00
                            Length: 0x09
                        Data: A007800203848301FF
                        CONSTRUCTOR
                            CONSTRUCTOR Tag
                            Tag: 0x02
                            Length: 0x03
                            Parameter (0x00)
                                Tag: 0x00
                                Length: 0x01
                            Data: 01
Camel
    invoke
        invokeId: present (0)
            present: 3
        opcode: local (0)
            local: requestReportBCSMEvent (23)
        RequestReportBCSMEventArg
            bcsmEvents: 7 items
                Item
                    eventTypeBCSM: oDisconnect (9)
                    monitorMode: interrupted (0)
                    legID: sendingSideID (0)
                        sendingSideID: 01
                Item
                    eventTypeBCSM: oAbandon (10)
                    monitorMode: interrupted (0)
                    legID: sendingSideID (0)
                        sendingSideID: 01
                Item
                    eventTypeBCSM: routeSelectFailure (4)
                    monitorMode: interrupted (0)
                    legID: sendingSideID (0)
                        sendingSideID: 02
                Item
                    eventTypeBCSM: oCalledPartyBusy (5)
                    monitorMode: interrupted (0)
                    legID: sendingSideID (0)
                        sendingSideID: 02
                Item
                    eventTypeBCSM: oNoAnswer (6)
                    monitorMode: interrupted (0)
                    legID: sendingSideID (0)
                        sendingSideID: 02
                Item
                    eventTypeBCSM: oAnswer (7)
                    monitorMode: notifyAndContinue (1)
                    legID: sendingSideID (0)
                        sendingSideID: 02
                Item
                    eventTypeBCSM: oDisconnect (9)
                    monitorMode: interrupted (0)
                    legID: sendingSideID (0)
                        sendingSideID: 02
Camel
    invoke
        invokeId: present (0)
            present: 4
        opcode: local (0)
            local: applyCharging (35)
        ApplyChargingArg
            aChBillingChargingCharacteristics: A007800203848301FF
                CAMEL-AChBillingChargingCharacteristics: timeDurationCharging
(0)
                    timeDurationCharging
                        maxCallPeriodDuration: 900
[Malformed Packet: CAMEL]

0000  00 15 60 10 75 29 00 40 5a 73 3f 49 08 00 45 00   ..`.u).@Zs?I..E.
0010  00 fb 65 9a 00 00 40 11 7c bd 0a 40 41 8d 0a 40   ..e...@.|..@A..@
0020  41 8e 27 10 27 10 00 e7 56 bd 00 00 00 01 00 00   A.'.'...V.......
0030  00 00 00 00 00 d3 83 13 e4 b8 8a 09 01 03 0e 12   ................
0040  0b 12 92 00 12 04 28 01 92 91 30 50 04 43 c2 29   ......(...0P.C.)
0050  92 b7 65 81 b4 48 04 4a 95 19 00 49 04 0f c3 00   ..e..H.J...I....
0060  10 6c 81 a5 a1 65 02 01 03 02 01 17 30 5d a0 5b   .l...e......0].[
0070  30 0b 80 01 09 81 01 00 a2 03 80 01 01 30 0b 80   0............0..
0080  01 0a 81 01 00 a2 03 80 01 01 30 0b 80 01 04 81   ..........0.....
0090  01 00 a2 03 80 01 02 30 0b 80 01 05 81 01 00 a2   .......0........
00a0  03 80 01 02 30 0b 80 01 06 81 01 00 a2 03 80 01   ....0...........
00b0  02 30 0b 80 01 07 81 01 01 a2 03 80 01 02 30 0b   .0............0.
00c0  80 01 09 81 01 00 a2 03 80 01 02 a1 18 02 01 04   ................
00d0  02 01 23 30 10 80 09 a0 07 80 02 03 84 83 01 ff   ..#0............
00e0  a2 03 80 01 01 a1 22 02 01 05 02 01 14 30 1a a0   ......"......0..
00f0  0a 04 08 82 10 10 70 02 77 74 05 af 0c 9f 32 01   ......p.wt....2.
0100  02 9f 33 01 02 9f 34 01 02                        ..3...4..


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.