| Bug ID |
10699
|
| Summary |
LTE APN-AMBR is decoded incorrectly
|
| Product |
Wireshark
|
| Version |
1.12.2
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Minor
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 13259 [details]
AttachAccept showing AMBR decode issue
Build Information:
Version 1.12.2 (v1.12.2-0-g898fa22 from master-1.12)
Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Nov 12 2014),
with
AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i7-4910MQ CPU @ 2.90GHz, with 32707MB of physical memory.
Built using Microsoft Visual C++ 10.0 build 40219
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
The APN-AMBR (APN Aggregate Maximum Bit Rate) Information Element in LTE
NAS-EPS is decoded incorrectly for all values that use the extended-2 bytes.
The values for the uplink/downlink, extended, and extended2 bytes are all
correctly calculated, but the overall value displayed at the end is wrong.
Per 3GPP TS 24.301 Section 9.9.4.2, Figure 9.9.4.2.1: APN aggregate maximum bit
rate information element - for non-zero values of the extended2 bytes:
"The APN-AMBR is (the binary coded value in 8 bits) * 256 Mbps + (the value
indicated by the APN-AMBR for downlink and APN-AMBR for downlink (extended) in
octets 3 and 5), giving a range of 256 Mbps to 65280 Mbps."
The way this is implemented is Wireshark adds Octet 3 and Octet 5 when the
extended-2 byte is used. However, that's not how Octet 3 & 5 are defined - if
Octet 3 is 1111 1110 (8640kbps), then ONLY the value in Octet 5 is used; it is
not added to Octet 3.
So in the attached example, Wireshark added Octet 3, 5 and 7 to get downlink
AMBR of 8640 + 44000 + 256000 = 308640. This should just be 44000 + 256000 =
300000. Same rational for Uplink.
You are receiving this mail because:
- You are watching all bug changes.