Build Information:
wireshark 1.11.0+svn50184 (SVN Rev Unknown from unknown)
Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 2.20.1, with Cairo 1.8.10, with Pango 1.28.0, with
GLib 2.24.1, with libpcap, with libz 1.2.3.3, with POSIX capabilities (Linux),
without libnl, with SMI 0.4.8, without c-ares, with ADNS, with Lua 5.1, without
Python, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT Kerberos, with GeoIP,
with PortAudio V19-devel (built Feb 18 2010 23:31:11), with AirPcap.
Running on Linux 2.6.32-67-generic, with locale fr_FR.utf8, with libpcap
version
1.0.0, with libz 1.2.3.3, GnuTLS 2.8.5, Gcrypt 1.4.4, without AirPcap.
Intel(R) Xeon(R) CPU E5520 @ 2.27GHz
Built using gcc 4.4.3.
--
Hello,
in GTP dissector /epan/dissectors/packet-gtp.c :
proto_tree_add_item(ext_tree, hf_gtp_target_rnc_id, tvb, offset, 2,
ENC_BIG_ENDIAN);
/* If the optional Extended RNC-ID is not included, then the length
variable 'n' = 8 and the overall length of the IE is 11
* octets. Otherwise, 'n' = 10 and the overall length of the IE is 13
octets
*/
if(length == 10){
proto_tree_add_item(ext_tree, hf_gtp_target_ext_rnc_id, tvb, offset, 2,
ENC_BIG_ENDIAN);
}
offset+=2; is missing and bytes used for extended rnc id value are the same
that for rnc id value.
Following code should fix the issue.
proto_tree_add_item(ext_tree, hf_gtp_target_rnc_id, tvb, offset, 2,
ENC_BIG_ENDIAN);
offset+=2;
/* If the optional Extended RNC-ID is not included, then the length
variable 'n' = 8 and the overall length of the IE is 11
* octets. Otherwise, 'n' = 10 and the overall length of the IE is 13
octets
*/
if(length == 10){
proto_tree_add_item(ext_tree, hf_gtp_target_ext_rnc_id, tvb, offset, 2,
ENC_BIG_ENDIAN);
}
Regards,
Bastien