Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10364] New: Warning for SIP 200 OK response with Contact header containing "ex

Wireshark-bugs: [Wireshark-bugs] [Bug 10364] New: Warning for SIP 200 OK response with Contact h

Date: Tue, 12 Aug 2014 12:38:05 +0000

Bug ID	10364
Summary	Warning for SIP 200 OK response with Contact header containing "expires=0".
Product	Wireshark
Version	1.12.0
Hardware	x86
OS	Windows 7
Status	UNCONFIRMED
Severity	Minor
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 12979 [details]
Trace showing SIP 200 OK with Contact containing expires=0.

Build Information:
Version 1.12.0rc3 (v1.12.0rc3-0-ge14d5b6 from master-1.12)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 22 2014),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
       Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz, with 8142MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When looking at SIP packages, I can see that Wireshark consider a 200 OK
response to a REGISTER request to be invalid, in case the Contact header
contains "expires=0".

Looking into packet-sip.c, I can see the following comment:

/* it is actually unusual - arguably invalid - for a SIP REGISTER
* 200 OK _response_ to contain Contacts with expires=0.

However, this is not true; this is actually mandatory in 3GPP networks.
Checking 3GPP TS24.229 (I've checked V11.4.0), the following is stated when it
comes to how an S-CSCF should construct a 200 OK to a (de-)register request:

"
send a 200 (OK) response to a REGISTER request that contains a list of Contact
header fields enumerating all contacts and flows that are currently registered,
and all contacts that have been deregistered. For each contact address and the
flow that has been deregistered, the Contact header field shall contain the
contact address and the "reg-id" header field parameter that identifies the
flow, if a flow was deregistered, and the associated information, and the
registration expiration interval value shall be set to zero.
"

This leads to that a lot of the 200 OK responses show up with warnings,
although they are correct according to 3GPP. As an example, see frame 11 in the
attached trace.

Many thanks in advance,
/Johan

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 10363] New: HTTP responses
Next by Date: [Wireshark-bugs] [Bug 10362] Diameter TCP reassemble
Previous by thread: [Wireshark-bugs] [Bug 10363] HTTP responses don't show up with reassembly enabled
Next by thread: [Wireshark-bugs] [Bug 10366] New: v 1.12.0 doesn't capture ANYTHING except localhost
Index(es):
- Date
- Thread