Wireshark-bugs: [Wireshark-bugs] [Bug 5274] New: [NAS EPS] Fix TFT decoding when having several
Date: Tue, 5 Oct 2010 02:34:21 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5274 Summary: [NAS EPS] Fix TFT decoding when having several Packet Filters defined Product: Wireshark Version: 1.5.x (Experimental) Platform: Other OS/Version: All Status: NEW Severity: Major Priority: Low Component: Wireshark AssignedTo: wireshark-bugs@xxxxxxxxxxxxx ReportedBy: pascal.quantin@xxxxxxxxx Pascal Quantin <pascal.quantin@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #5260| |review_for_checkin? Flag| | Created an attachment (id=5260) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5260) Patch fixing decoding of TFT IE containing several Packet Filters Build Information: Version 1.5.0 (SVN Rev 34379 from /trunk) Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.12, (32-bit) with GLib 2.16.6, with libpcap 1.0.0, with libz 1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.4.2, with Gcrypt 1.4.1, with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap. Running on Linux 2.6.26-2-686-bigmem, with libpcap version 1.0.0, with libz 1.2.3.3, GnuTLS 2.4.2, Gcrypt 1.4.1. Built using gcc 4.3.2. Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- In the de_sm_tflow_temp() function (file packet-gsm_a_gm.c), the count variable used to count the number of packet filters already decoded is not incremented in the correct bracket. Currently the following message decodes as: 27 00 00 00 00 02 02 02 d4 05 31 22 01 00 15 51 ff ff 04 00 41 27 12 27 10 30 01 10 0b 09 00 3c ff ff ff ff 01 00 15 51 ff ff 04 00 41 27 12 27 10 30 01 10 0b 09 00 3c ff ff ff ff 05 09 86 86 86 86 Non-Access-Stratum (NAS)PDU 0010 .... = Security header type: Integrity protected and ciphered (2) .... 0111 = Protocol discriminator: EPS mobility management messages (7) Message authentication code: 0x00000000 Sequence number: 2 0000 .... = EPS bearer identity: 0x00 .... 0010 = Protocol discriminator: EPS session management messages (2) Procedure transaction identity: 2 NAS EPS session management messages: Bearer resource allocation request (0xd4) 0000 .... = Spare half octet: 0 .... 0101 = Linked EPS bearer identity: EPS bearer identity value 5 (5) Traffic Flow Template - Traffic flow aggregate Length: 49 001. .... = TFT operation code: Create new TFT (1) ...0 .... = E bit: Parameters list is not included .... 0010 = Number of packet filters: 2 Packet filter 0 0000 .... = Packet filter direction: Pre Rel-7 TFT filter (0) .... 0001 = Packet filter identifier: 1 Packet evaluation precedence: 0x00 (0) Packet filter length: 0x15 (21) Packet filter component type identifier: Remote port range type (81) Low limit port: 65535 High limit port: 1024 Packet filter component type identifier: Local port range type (65) Low limit port: 10002 High limit port: 10000 Packet filter component type identifier: Protocol identifier/Next header type (48) Protocol/header: 0x01 Packet filter component type identifier: IPv4 remote address type (16) IPv4 adress: 11.9.0.60 (11.9.0.60) IPv4 address mask: 255.255.255.255 (255.255.255.255) Extraneous Data EPS quality of service - Required traffic flow QoS Length: 5 Quality of Service Class Identifier (QCI): QCI 9 (9) Maximum bit rate for uplink : 960 kbps Maximum bit rate for downlink : 960 kbps Guaranteed bit rate for uplink : 960 kbps Guaranteed bit rate for downlink : 960 kbps We just decode one Packet Filter, and then indicate that some data was not decoded with the "Extraneous Data"line. With the attached patch, it decodes as: Non-Access-Stratum (NAS)PDU 0010 .... = Security header type: Integrity protected and ciphered (2) .... 0111 = Protocol discriminator: EPS mobility management messages (7) Message authentication code: 0x00000000 Sequence number: 2 0000 .... = EPS bearer identity: 0x00 .... 0010 = Protocol discriminator: EPS session management messages (2) Procedure transaction identity: 2 NAS EPS session management messages: Bearer resource allocation request (0xd4) 0000 .... = Spare half octet: 0 .... 0101 = Linked EPS bearer identity: EPS bearer identity value 5 (5) Traffic Flow Template - Traffic flow aggregate Length: 49 001. .... = TFT operation code: Create new TFT (1) ...0 .... = E bit: Parameters list is not included .... 0010 = Number of packet filters: 2 Packet filter 0 0000 .... = Packet filter direction: Pre Rel-7 TFT filter (0) .... 0001 = Packet filter identifier: 1 Packet evaluation precedence: 0x00 (0) Packet filter length: 0x15 (21) Packet filter component type identifier: Remote port range type (81) Low limit port: 65535 High limit port: 1024 Packet filter component type identifier: Local port range type (65) Low limit port: 10002 High limit port: 10000 Packet filter component type identifier: Protocol identifier/Next header type (48) Protocol/header: 0x01 Packet filter component type identifier: IPv4 remote address type (16) IPv4 adress: 11.9.0.60 (11.9.0.60) IPv4 address mask: 255.255.255.255 (255.255.255.255) Packet filter 1 0000 .... = Packet filter direction: Pre Rel-7 TFT filter (0) .... 0001 = Packet filter identifier: 1 Packet evaluation precedence: 0x00 (0) Packet filter length: 0x15 (21) Packet filter component type identifier: Remote port range type (81) Low limit port: 65535 High limit port: 1024 Packet filter component type identifier: Local port range type (65) Low limit port: 10002 High limit port: 10000 Packet filter component type identifier: Protocol identifier/Next header type (48) Protocol/header: 0x01 Packet filter component type identifier: IPv4 remote address type (16) IPv4 adress: 11.9.0.60 (11.9.0.60) IPv4 address mask: 255.255.255.255 (255.255.255.255) EPS quality of service - Required traffic flow QoS Length: 5 Quality of Service Class Identifier (QCI): QCI 9 (9) Maximum bit rate for uplink : 960 kbps Maximum bit rate for downlink : 960 kbps Guaranteed bit rate for uplink : 960 kbps Guaranteed bit rate for downlink : 960 kbps -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- Follow-Ups:
- Prev by Date: [Wireshark-bugs] [Bug 5270] diff for a new dissector for COAP (draft-ietf-core-coap)
- Next by Date: [Wireshark-bugs] [Bug 5196] Support for dissecting WSC 2.0 and Wi-Fi P2P
- Previous by thread: [Wireshark-bugs] [Bug 5196] Support for dissecting WSC 2.0 and Wi-Fi P2P
- Next by thread: [Wireshark-bugs] [Bug 5274] [NAS EPS] Fix TFT decoding when having several Packet Filters defined
- Index(es):