As requested [here][1] by @eapache, help with removing calls to
`wmem_packet_scope()` in favour of references to `pinfo->pool`.
* Plugins chosen semi-randomly.
* When a calling function already has a `pinfo` argument, use that.
* Remove `_U_` from its signature if it was there.
* If a function seems narrowly focused on getting and (possibly)
returning memory, change the function signature to take a
`wmem_allocator_t *`.
* If it seems more focused on packet-based operations, pass in a
`packet_info *` instead and use `pinfo->pool` within.
* If there are several functions defined with the same call
signature, add `pinfo _U_` to the argument list of similar
functions in order to maintain clarity/symmetry.
[1]: https://www.wireshark.org/lists/wireshark-dev/202107/msg00052.html
Add the appropriate FT_FRAMENUM string types to the request
and response fields for GTP and GTPv2, so that arrows are
drawn for the related packet symbols.
Both specifications say: "The FQDN field encoding shall be identical
to the encoding of a FQDN within a DNS message of section 3.1 of IETF
RFC 1035 [31] but excluding the trailing zero byte."
Since it's only one name, that probably means that compression is
impossible, and indeed the dissectors already check and assume that
if the first byte is in the letter range, that it's probably incorrectly
directly encoded as a dotted string instead of DNS-style.
Since compression isn't supported, use ENC_APN_STR to avoid generating
bogus UTF-8 in packets with errors.
Fix#18531
The optional Authorized UE-AMBR for Uplink and Downlink
fields in UE-AMBR were never getting dissected.
Also, the trees and tree description for the UE-AMBR and
APN-AMBR with NSAPI IEs were swapped.
Dynamically create the indices for the SRT table so that
all the message types sent from the tap get put in the SRT
table, instead of hardcoding in a list of four that is a
smaller subset of what is matched in gtp_match_response.
For GTP session tracking (off by default), there's a mapping
from <TEID, ADDRESS> to frame numbers. The current implementation
is a tree (converting the address to a string for keys) of linked
lists of the TEIDs. That gets very slow when there's a large number
of TEIDs. Convert it to a map that uses the teid and address,
with the TEID used for the hash.
There's still a reverse lookup (foreach_remove) when TEIDs are reused
or sessions fail, but this still yields over a 10x speedup on a
few moderate sized test files (~50000 GTP-C packets).
The session table maps frames (which are 32 bit uints that
start at 1) to sessions (which are also 32 bit uints that
start at 1), so use GUINT_TO_POINTER and the direct hash
functions instead of creating extra file scope pointers.
Releases 98 and 99 are older than version 8. Also fix the
extra length added for RADIUS so that it properly accounts
for the lack of allocation-retention priority in RADIUS.
Previously it was off by one, which caused errors in Release
98. Fix#10688 again.
The previous output was missing some fields under some conditions, and
some output text was wrong. This ended up in big confusion when looking
at the fields. Let's add the missing fields, fix the existing ones and
provide better formatting of the strings to understand which exact field
provides the info.
Extract Method for multiple message parsing for tpdus to simplify things for future bug fixes and to make the code logic clearer.
Encapsulate the following functions:
dissect_gtp_tpdu_by_handle
dissect_gtp_tpdu_as_pdcp_lte_info
dissect_gtp_tpsu_as_pdcp_nr_info
Note: The original code function is not changed.
Updating the message checking for 3GPP TS 29.060 V16.0.0,
adding 7.5A MBMS Messages and 7.5B MS Info Change Reporting Messages.
This adds all the messages from TS 29.060. Some of them could be
updates to use the GSN specific fields in some cases. Also the
ETSI message checking needs to be updated to handle GTP' correctly.
The GGSN addresses for control plane and user traffic are both
included or both not included in the Update PDP Context Response
message (included if the Cause is Request Accepted), so we know
which one is the control plane and which one is the user plane.
Also fix the coment about the IEs for the alternative address, and
that they are Conditional, not Optional.
The Release Identifer field is only one nibble in GTP'. So in
Release 15 of 3GPP TS 32.295, an extra octet, Release Identifier
Extension, was added to support CDRs encoded with Release 16 and
higher of TS 32.298. Fix#17903.
From 3GPP TS 29.06 V 17.1.0 7.7.51:
The routing area code consists of 2 octets and is found in octet 10
and octet 11. Only the first octet (10) contains the RAC and the
second octet (11) is coded as "11111111".
Don't include the spare octet 11 in the RAC field. The RAC is only
one octet.
Add some undecoded IEs from 3GPP TS 29.060 V17.1.0:
Hop Counter (163), Signaling Priority Indication (203), Signaling
Priority Indication with NSAPI (204), ULI Timestamp (214),
and LHN-ID with NSAPI (215). Related to #17839.
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
These display bases work to replace unprintable characters so the
name is a misnomer. In addition they are the same option and this
display behaviour is not something that is configurable.
This does not affect encodings because all our internal text strings
need to be valid UTF-8 and the source encoding is specified using
ENC_*.
Remove the assertion for valid UTF-8 in proto.c because
tvb_get_*_string() must return a valid UTF-8 string, always, and we
don't need to assert that, it is expensive.
All fields with GSN address were decodes as common hf_gsn_addr. But if
ETSI order is used, it's possible to specify alternative decoder
depending on message type and field position.
Alternative decoder for GSN address was added for mandatary fields and
optional/conditional field in the case there is single GSN address in
message.
Added new function as common dissector for all addr types.
Reuse the DIAMETER dissector for 3GPP-ULI for RADIUS as well.
The DIAMETER dissector for 3GPP-ULI IE is more complete than the RADIUS
version. The format of the IE is the same in RADIUS and DIAMETER.