Wireshark-dev: Re: [Wireshark-dev] Problems in calling a message fromRANAPdissector

From: "Anders Broman" <anders.broman@xxxxxxxxxxxx>
Date: Thu, 24 Jan 2008 11:54:41 +0100
Hi,
Have you tried with Edit->preferences-protocols->per "Display internal per fields" "tick the box"
If you then have the same data in a "proper" RANAP trace compare the bits...
You can also check that the Higligted data in the HEX pane makes sense.
Regards
Anders


From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of taraniteja.vishwanatha@xxxxxxxxx
Sent: den 24 januari 2008 11:16
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] Problems in calling a message fromRANAPdissector

Hi Anders,

 

I ve tried to include the function “dissect_resetResource” and also gave it a new tvb, but not much improvement. I have exported some messages in the ranap.cnf file

like reset, initial ue etc.

 

The improved code :

 

ranap_tvb = tvb_new_real_data(buf,offset,offset);

 

tvb_set_child_real_data_tvbuff(tvb,ranap_tvb);

 

add_new_data_source(pinfo, ranap_tvb, "RANAP over XXX");

 

offset = dissect_initialUE_Message(ranap_tvb, offset, &actx, xxx_tree);

 

please see the difference b/w my test data and general ranap data. The protocol ie s are too high a number in the test packet.

 

Ranap data in my test packet :

 

    XXX

    Protocol indicator: RANAP protocol (2)

    RANAP Message type: initial UE  (4)

    Message length: 81

    Information element identifier: RANAP initial UE message (32)

    Information element length: 68

    initialUE-Message

        protocolIEs: 63385 items

            Item 0

                Item

                    Id: unknown ( 12856)

                    Criticality : reject (0)

 

[Malformed Packet: XXX]

 

General RANAP packet :

 

Radio Access Network Application Part

    RANAP_PDU: initiatingMessage (0)

        initiatingMessage

            procedureCode: id-InitialUE-Message (19)

            criticality: ignore (1)

            initialUE-Message

                protocolIEs: 6 items

                    Item 0

                        Item

                            id: id-CN-DomainIndicator (3)

                            criticality: ignore (1)

                            id-CN-DomainIndicator: cs-domain (0)

                    Item 1

                        Item

                            id: id-LAI (15)

                            criticality: ignore (1)

                            id-LAI

                                pLMNidentity: 42F099

                                Mobile Country Code (MCC): Sweden (240)

                                Mobile network code (MNC): 99

                                lAC: 012F

                   Item 2

…….. so on

 

There is some mistake in either calling the function or allocation of the buffer. Can you please help.

 

BR,

Tarani



 

 

 


From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Tuesday, January 22, 2008 10:59 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Problems in calling a message from RANAPdissector

 

Hi,

The principle is ok but you should probably use "dissect_ResetResource_PDU" and give it a new tvb with the RANAP data.

 

Possibly causes of the decoding problem dissect_ranap_ResetResource() may expect offset in bits and return bit_offset. The data given to dissect_ranap_ResetResource()

is not correct(including opcode etc perhaps?).

 

The .cnf file should be used to export functions.

Regards

Anders

 


From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of taraniteja.vishwanatha@xxxxxxxxx
Sent: den 22 januari 2008 11:54
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Problems in calling a message from RANAP dissector

Hi ,

 

I have my test dissector , running over SUA , in TLV ( tag length value) format. In one of the messages, I want to add an existing RANAP ( asn.1 format) message along with the other parameters of my protocol. The coding of one of the messages in which I have called RANAP message goes like this:

 

dissect_message(tvbuff_t *tvb,int offset ,proto_tree *xxx_tree,packet_info *pinfo)

 

{

 

asn1_ctx_t actx;

 

asn1_ctx_init(&actx, ASN1_ENC_PER, TRUE, pinfo);

offset = dissect_ranap_ResetResource(tvb, offset, &actx, macic_tree, hf_macic_ranap_resetResource);

 

proto_tree_add_item(xxx_tree, hf_xxx_clust,tvb, offset, en, FALSE);

offset = offset + len;

 

}

 

I have seen this way of implementation in MEGACO , trying to call a h245 message. But the RANAP message is not dissected properly and also I am not able to get the remaining parameters in the message. Could somebody confirm whether it is the right way to call a message from a different dissector.

 

BR,

Tarani

 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com

P Please do not print this email unless it is absolutely necessary. Spread environmental awareness.

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com