Wireshark-dev: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks
From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Wed, 23 Aug 2006 09:45:52 -0400
Michael Lum wrote:
I think you're right. I had it implemented that way originally. I had a preference for TCAP to be either ITU or ANSI. I believe GSM MAP has to be carried on ITU TCAP and ANSI MAP on ANSI TCAP but maybe there were issues with other protocols on top of TCAP that causedproblems.I don't know the history behind the removal of the preference.
Basically the TCAP dissector was rewritten to be generated from ASN.1 instead of being hand written. In the process the dissector was modified to automatically figure out the TCAP standard (which is pretty easy since the message types are different between the two).
However, the preference shouldn't really matter as much as the idea of TCAP having separate ITU and ANSI SSN dissector tables. Which it appears to still have, however there's a bug in the ANSI MAP dissector SSN preference code:
static void range_delete_callback(guint32 ssn) { if (ssn) { delete_ansi_tcap_subdissector(ssn , ansi_map_handle); add_itu_tcap_subdissector(ssn , ansi_map_handle); } }
Why is it deleting an ANSI SSN and adding an ITU one? Does fixing that fix your problem? HTH, -J
-----Original Message----- From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman Sent: August 22, 2006 1:10 PM To: 'Developer support list for Wireshark' Subject: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks Hi, There is a problem when ssn's overlap. I originally had ANSI MAP and GSM MAP overlapping but still got it decoded as ANSI MAP, changing the GSM MAP preference got it to not decode then changing the ANSI MAP Preference again got proper decoding. Perhaps the whole preference setting should be done in TCAP instead? Brg Anders -----Ursprungligt meddelande----- Fr�n: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] F�r Michael Lum Skickat: den 22 augusti 2006 22:02 Till: 'Developer support list for Wireshark' �mne: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks There may be a couple of problems here. The capture file contains ANSI MAP not GSM MAP.-- Michael Lum Principal Software Engineer 4600 Jacombs Road +1.604.276.0055 Richmond, B.C. Canada V6V 3B1 UTStarcom Canada, Inc. CDMA Division -----Original Message----- From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jeff Morriss Sent: August 22, 2006 6:28 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks Anders Broman wrote:Hi,As far as I know the only change was to use range rather than a single ssn value in the preferences of ANSI MAP, probably you got owerlaping ssn definitions in your preferences ( CAMEL ,GSM MAP, RANAP ... ) what does it say at the ssn entry in the SCCP part of the dissection?Hmm, when I load that capture file the SCCP portion says: SSN: 6 [Linked to TCAP, TCAP ssn linked to GSM_MAP] which looks OK.However, the bottom of the TCAP protocol tree says says "BER Error: Wrong field in sequence [...]".I suppose that's preventing the TCAP dissector from calling the GSM_MAP dissector. [If so should such BER errors fail an assertion or something so the packet shows up as malformed/dissector bug/whatever??]-----Original Message----- From: Michael Lum [mailto:Michael.Lum@xxxxxxxxxx] Sent: August 9, 2006 12:18 PM To: 'wireshark-dev@xxxxxxxxxxxxx' Subject: ANSI MAP / TCAP dissector hooks Hello, why was the way ANSI MAP hooks into TCAP changed? I believe there is a problem with it. I have attached a capture file with the following: SCTP M2UA MTP3 (ITU) SCCP TCAP (ANSI) ANSI MAP My preferences were set to: MTP3 (ANSI) ANSI MAP (SSN RANGE 5-14) Procedure: 1. Start Ethereal 2. Set filters 3. Load file Frames show up as SCCP (ANSI), ERR and DT2 4. Edit preferences, change MTP3 -> ITUWith Ethereal 0.99.0 everything works fine the four frames come out decoded as ANSI MAPwith: UDT QueryWithPermInvoke(Last) Location Request UDT QueryWithPermInvoke(Last) Routing Request UDT ResponseRetRes(Last) UDT ResponseRetRes(Last)Following the same procedure with Wireshark 0.99.2 the decode goes as far as TCAP but not ANSI MAP.To get the decode to work properly I have to:5. Edit preferences, change ANSI MAP SSN Range to something different, apply_______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev
- References:
- Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks
- From: Michael Lum
- Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks
- Prev by Date: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks
- Next by Date: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks
- Previous by thread: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks
- Next by thread: Re: [Wireshark-dev] ANSI MAP / TCAP dissector hooks
- Index(es):