Wireshark-dev: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Wed, 23 Aug 2006 09:45:52 -0400


Michael Lum wrote:
I think you're right.

I had it implemented that way originally.

I had a preference for TCAP to be either ITU or ANSI.

I believe GSM MAP has to be carried on ITU TCAP and ANSI MAP on ANSI TCAP
but maybe there were issues with other protocols on top of TCAP that caused
problems.
I don't know the history behind the removal of the preference.

Basically the TCAP dissector was rewritten to be generated from ASN.1 instead of being hand written. In the process the dissector was modified to automatically figure out the TCAP standard (which is pretty easy since the message types are different between the two).

However, the preference shouldn't really matter as much as the idea of TCAP having separate ITU and ANSI SSN dissector tables. Which it appears to still have, however there's a bug in the ANSI MAP dissector SSN preference code:

 static void range_delete_callback(guint32 ssn)
 {
     if (ssn) {
        delete_ansi_tcap_subdissector(ssn , ansi_map_handle);
        add_itu_tcap_subdissector(ssn , ansi_map_handle);
     }
 }

Why is it deleting an ANSI SSN and adding an ITU one?

Does fixing that fix your problem?

HTH,
-J

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: August 22, 2006 1:10 PM
To: 'Developer support list for Wireshark'
Subject: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks

Hi,
There is a problem when ssn's overlap. I originally had ANSI MAP and GSM MAP
overlapping but still got it decoded as ANSI MAP, changing the GSM MAP
preference got it to not decode then changing the ANSI MAP Preference again
got proper decoding.

Perhaps the whole preference setting should be done in TCAP instead?

Brg
Anders

-----Ursprungligt meddelande-----
Fr�n: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] F�r Michael Lum
Skickat: den 22 augusti 2006 22:02
Till: 'Developer support list for Wireshark'
�mne: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks

There may be a couple of problems here.

The capture file contains ANSI MAP not GSM MAP.


--
Michael Lum                  Principal Software Engineer
4600 Jacombs Road            +1.604.276.0055
Richmond, B.C.
Canada V6V 3B1
UTStarcom Canada, Inc.
CDMA Division



-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jeff Morriss
Sent: August 22, 2006 6:28 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks


Anders Broman wrote:
Hi,
As far as I know the only change was to use range rather than a single ssn value in the preferences of ANSI MAP, probably you got owerlaping ssn definitions in your preferences ( CAMEL ,GSM MAP, RANAP ... ) what does it say at the ssn entry in the SCCP part of the dissection?

Hmm, when I load that capture file the SCCP portion says:

SSN: 6
[Linked to TCAP, TCAP ssn linked to GSM_MAP]

which looks OK.

However, the bottom of the TCAP protocol tree says says "BER Error: Wrong field in sequence [...]".

I suppose that's preventing the TCAP dissector from calling the GSM_MAP
dissector.

[If so should such BER errors fail an assertion or something so the packet
shows up as malformed/dissector bug/whatever??]

-----Original Message-----
From: Michael Lum [mailto:Michael.Lum@xxxxxxxxxx]
Sent: August 9, 2006 12:18 PM
To: 'wireshark-dev@xxxxxxxxxxxxx'
Subject: ANSI MAP / TCAP dissector hooks

Hello,

why was the way ANSI MAP hooks into TCAP changed?

I believe there is a problem with it.

I have attached a capture file with the following:

SCTP
M2UA
MTP3 (ITU)
SCCP
TCAP (ANSI)
ANSI MAP

My preferences were set to:

MTP3 (ANSI)
ANSI MAP (SSN RANGE 5-14)

Procedure:

1.  Start Ethereal
2.  Set filters
3.  Load file

Frames show up as SCCP (ANSI), ERR and DT2

4.  Edit preferences, change MTP3 -> ITU

With Ethereal 0.99.0 everything works fine the four frames come out decoded as ANSI MAP
with:

UDT QueryWithPermInvoke(Last) Location Request UDT
QueryWithPermInvoke(Last) Routing Request UDT ResponseRetRes(Last) UDT
ResponseRetRes(Last)

Following the same procedure with Wireshark 0.99.2 the decode goes as far as TCAP but not ANSI MAP.

To get the decode to work properly I have to:

5. Edit preferences, change ANSI MAP SSN Range to something different, apply

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev