Add the appropriate FT_FRAMENUM string types to the request
and response fields for GTP and GTPv2, so that arrows are
drawn for the related packet symbols.
Both specifications say: "The FQDN field encoding shall be identical
to the encoding of a FQDN within a DNS message of section 3.1 of IETF
RFC 1035 [31] but excluding the trailing zero byte."
Since it's only one name, that probably means that compression is
impossible, and indeed the dissectors already check and assume that
if the first byte is in the letter range, that it's probably incorrectly
directly encoded as a dotted string instead of DNS-style.
Since compression isn't supported, use ENC_APN_STR to avoid generating
bogus UTF-8 in packets with errors.
Fix#18531
For GTP session tracking (off by default), there's a mapping
from <TEID, ADDRESS> to frame numbers. The current implementation
is a tree (converting the address to a string for keys) of linked
lists of the TEIDs. That gets very slow when there's a large number
of TEIDs. Convert it to a map that uses the teid and address,
with the TEID used for the hash.
There's still a reverse lookup (foreach_remove) when TEIDs are reused
or sessions fail, but this still yields over a 10x speedup on a
few moderate sized test files (~50000 GTP-C packets).
The session table maps frames (which are 32 bit uints that
start at 1) to sessions (which are also 32 bit uints that
start at 1), so use GUINT_TO_POINTER and the direct hash
functions instead of creating extra file scope pointers.
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
This is a new check added to check_typed_item_calls.py --label
Ignoring cases where item type is FT_NONE, as fpr tjpse
text was appended that otherwise would lack a colon.
Reuse the DIAMETER dissector for 3GPP-ULI for RADIUS as well.
The DIAMETER dissector for 3GPP-ULI IE is more complete than the RADIUS
version. The format of the IE is the same in RADIUS and DIAMETER.
Fix issues found by running ./tools/check_typed_item_calls.py
epan/dissectors/packet-gtp.c:4414 proto_tree_add_item called for hf_gtp_sel_mode - item type is FT_UINT8 but call has len 2
epan/dissectors/packet-gtp.c:6807 proto_tree_add_item called for hf_gtp_rai_rac - item type is FT_UINT8 but call has len 2
epan/dissectors/packet-gtp.c:7600 proto_tree_add_item called for hf_gtp_bssgp_cause - item type is FT_UINT8 but call has len 2
epan/dissectors/packet-gtpv2.c:3607 proto_tree_add_item called for hf_gtpv2_trace_id - item type is FT_UINT16 but call has len 3
epan/dissectors/packet-gtpv2.c:5049 proto_tree_add_item called for hf_gtpv2_trace_id - item type is FT_UINT16 but call has len 3
These appear to be copy/paste errors detected by running
./tools/check_typed_item_calls.py --consecutive
Quite a few issues still remain after this batch.
The IPv4 or IPv6 address was not added properly to the tree
Bug: 16777
Change-Id: Ic28138cc1d4c2dc350fb5ff95aa3a5496a293c91
Reviewed-on: https://code.wireshark.org/review/38153
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
PAA is a variable length IE, but it is not extendable (see Table 8.1-1 in
3GPP TS 29.274). For a give type the length therefore has to match and
can not exceed the defined length.
Change-Id: Id65842a7f25018fd3864efd73f74ae583102a681
Reviewed-on: https://code.wireshark.org/review/37984
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Joakim Karlsson