There are some new information elements and message types in the GSUP
protocol which are used for transport of non-call-SS and USSD between
MSC/VLR and HLR.
Change-Id: Idd3bb7ed8d4ba3f958cffcb29c6042c047646f70
Reviewed-on: https://code.wireshark.org/review/28301
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the reference libosmocore's implementation we have:
OSMO_GSUP_MSGT_PURGE_MS_REQUEST = 0b00001100, // 0x0c
OSMO_GSUP_MSGT_PURGE_MS_ERROR = 0b00001101, // 0x0d
OSMO_GSUP_MSGT_PURGE_MS_RESULT = 0b00001110, // 0x0e
while here we had:
OSMO_GSUP_MSGT_PURGE_MS_REQUEST = 0x0c,
OSMO_GSUP_MSGT_PURGE_MS_ERROR = 0x0e, // != 0x0d
OSMO_GSUP_MSGT_PURGE_MS_RESULT = 0x0f, // != 0x0e
Same problem with the 'OSMO_GSUP_MSGT_LOCATION_CANCEL_RESULT'.
Change-Id: Ie49fd2fca8298d97c21e03649935704309015324
Reviewed-on: https://code.wireshark.org/review/28297
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See https://tools.ietf.org/html/rfc7862#section-12.2.3
As far as I can tell these were zero-based even in the earliest protocol
drafts, so this was just a mistake in the original wireshark submission
that nobody caught because change_attr_type hasn't been widely
implemented.
While we're here, move the defines before the array for better
readability.
Change-Id: Ie721250748fe77098aee4e2cc502ae43fc497a2d
Reviewed-on: https://code.wireshark.org/review/28271
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't assume that the 3-digit code we got was followed by a blank, and
display the code followed by a blank followed by the parameters..
Instead, just put the raw text of the entire line into the Info column.
Bug: 14878
Change-Id: I1e081366bf859723158a36f10e86614fe52f124d
Reviewed-on: https://code.wireshark.org/review/28292
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Acccording to 3GPP TS 29.244
ch5.6.3 Modifying the Rules of an Existing PFCP Session
- updating the Rule including the IEs to be removed with a null length,
e.g. by including the Update URR IE in the PFCP Session Modification Request
with the IE(s) to be removed with a null length.
Change-Id: Ib8928edc24e72c25f6d608bee874c1d8603c8620
Reviewed-on: https://code.wireshark.org/review/28264
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix indentation, and note that the comment "description" (contents) are
RTF (as opposed to plain text).
Change-Id: I668a08c06e39a32318454d2ee73933083c5cb516
Reviewed-on: https://code.wireshark.org/review/28279
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The command tshark -G values gave the error:
** (process:26713): WARNING **: Extended value string 'nas_5gs_mm_message_type_vals' forced to fall back to linear search:
that caused regression tests to fail.
Fixes: v2.9.0rc0-947-g587b5a7.
Change-Id: I6c8b8c7e93838f407a363390ba2385603dc62338
Reviewed-on: https://code.wireshark.org/review/28270
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In 3GPP TS 44.018 version 14.4.0 Release 14 both Immediate assigment
extended (9.1.19) and Immediate assignment reject (9.1.20) have Feature
Indicator (10.5.2.76) half octet right after the Page Mode (10.5.2.26)
The Feature Indicator is part of GSM_A_PDU_TYPE_RR and not
GSM_A_PDU_TYPE_COMMON so previously it was not decoded correctly in the
Immediate assigment extended
Change-Id: I117d1ee42d43d01d77da67eea506c28ca0ae3056
Reviewed-on: https://code.wireshark.org/review/28263
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For the 'Infinite value', tree header is now
"Graceful Release Period: Infinite (<val>)"
instead of
"Graceful Release Period: <val> Infinite"
Change-Id: I130e997ffbb3503078e1364fd64c11ead28111b1
Reviewed-on: https://code.wireshark.org/review/28262
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With HTTP2 heuristics to identify the conversation, a packet can be
skipped on first pass and then decoded as HTTP2 on subsequent ones.
Check that header data is available before attempting header
decompression.
Bug: 14869
Change-Id: I8ef7669ca33835b509acb38d797e33d6167a1bd1
Reviewed-on: https://code.wireshark.org/review/28257
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
dissect_cpf was huge and too hard to read and update.
This change pulls out item parsing into individual functions to make
it easier to read, help troubleshoot a bug related to ENIP TLS
connection filtering (Still investigating), and prep for future features.
There are no functional changes.
Main changes:
1. Pulled out the following code into separate functions:
dissect_item_list_identity
dissect_item_cip_security_information
dissect_item_list_services_response
dissect_item_sockaddr_info
dissect_item_sequenced_address
dissect_item_connected_address
dissect_item_unconnected_message_over_udp
dissect_generic_io
dissect_cip_class01_io
2. More documentation. It was a little hard to follow before.
3. Corrected offset inside the while loop in dissect_cpf(). Previously,
offset pointed to 2 bytes *before* the item actually being processed.
Change-Id: I47894fd5c50b4c3d07f916f81e1b21f8890c8396
Reviewed-on: https://code.wireshark.org/review/28205
Reviewed-by: Dylan Ulis <daulis0@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AT-commands:
+XAPL
+IPHONEACCEV
+APLSIRI
+APLEFM
Add UUID128:
Apple Notification Center Service
Based on: https://developer.apple.com/hardwaredrivers/BluetoothDesignGuidelines.pdf
While adding new UUID remove also tabs from packet-bluetooth.
Change-Id: Ic29b028338a21464fe018f8145ade82297ccd146
Reviewed-on: https://code.wireshark.org/review/28222
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't treat the count+blob as itself a blob of bytes; use FT_NONE.
Create it with an unknown length (-1, meaning "to end of packet, for
now"), and set its length once we've finished dissecting it. Dissect
the raw bytes of a prefixed-bytes item regardless of whether we're
building a protocol tree or not.
This means we do a better job of handling a too-large length; instead of
overflowing the offset, we throw an exception and stop dissecting, so we
don't run the risk of looping infinitely.
Bug: 14841
Change-Id: I593be9b6ba9aa15d8529f96458e53b85ace6402a
Reviewed-on: https://code.wireshark.org/review/28228
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to TS 29.212 v14.7.0
8.108 Presence Reporting Area Action
8.109 Presence Reporting Area Information
Change-Id: I4b73fb4cd47468aa4cf90ef9a7bee3e17f9b9485
Reviewed-on: https://code.wireshark.org/review/28219
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Used tcp_dissect_pdus API to reassemble FE TCP packets.
Change-Id: I82bb270bacbd3f5790c015c5a876981417e271fa
Signed-off-by: Adam Goldman <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/28203
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Having these build tools in machine code poses problems when cross-compiling.
The most significant being that we need to find the host and build GLiB
dependencies at compile-time.
There is no noticeable speed difference between the Python and C implementation.
Ping-Bug: 14622
Change-Id: Id13f823c7f4abf51edfa291e703028873748989f
Reviewed-on: https://code.wireshark.org/review/28130
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
They're collections of binary data divided into subfields, not
null-terminated strings, so give them the right type.
Change-Id: If2685b9b41ca6711e12de6688ae51d5211767770
Reviewed-on: https://code.wireshark.org/review/28175
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The following parameters are all defined as Digits
calledAddressValue
callingAddressValue
assistingSSPIPRoutingAddress
additionalCallingPartyNumber
correlationID
number
dialledNumber
callingLineID
iNServiceControlCode
iNServiceControlCodeLow
iNServiceControlCodeHigh
lineID
prefix
iPAddressValue
digitsResponse
Add sub-tree for each parameter
Change-Id: I4e5a9b75ef357534d4ea669703f9b370c8595c67
Reviewed-on: https://code.wireshark.org/review/28166
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Determine the length of non-text values in the standard fashion for WSP,
and treat the value as having that length, rather than running to the
end of the packet.
Change-Id: If3501cf726df4d8338e86515906f67790a773b02
Reviewed-on: https://code.wireshark.org/review/28167
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The following parameters are all defined as Digits
calledAddressValue
callingAddressValue
assistingSSPIPRoutingAddress
additionalCallingPartyNumber
correlationID
dTMFDigitsCompleted
dTMFDigitsTimeOut
number
digitsResponse
Add sub-tree for each parameter
Reuse the AdditionalCallingPartyNumber implementation
Export dissect_isup_generic_digits_parameter from the isup dissector
Change-Id: Icdcbbab6969cf75c7c2cc0f98549fed41ff6891f
Reviewed-on: https://code.wireshark.org/review/28158
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make it begin where the frame bitmap begins, and end where the frame
bitmap ends, rather than pretending it begins where the frame bitmap
*ends* and is as many bytes long as the generated string is.
Change-Id: Id62ba067116e3191646af764d3ae846474ac29c8
Reviewed-on: https://code.wireshark.org/review/28160
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There aren't 4 bytes of 'N', 'U', 'L', and 'L' in the packet, so the
length is *not* 4 bytes.
Change-Id: I81331ef3f307dc65458da37e7d46e299eb7e727a
Reviewed-on: https://code.wireshark.org/review/28149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Clean some unused variables while we are at it.
Change-Id: I3b88a99610637a269d059962574cf4cfe2c2ae6f
Reviewed-on: https://code.wireshark.org/review/28123
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
They are in little endian, not big endian.
Bug: 14843
Change-Id: I1680e84bfce9a03eaeeda9e38c84b471fda2bd8e
Reviewed-on: https://code.wireshark.org/review/28116
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: If75d2457e07afd245a92b05b7884fc622def0213
Reviewed-on: https://code.wireshark.org/review/28114
Reviewed-by: Juan Jose Martin Carrascosa <juanjo@rti.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some LISP implementations use the AFI value 6 (RFC 1700) for MAC
addresses instead of AFI value 16389 (RFC 7042). This patch allows
correct decoding of both.
Change-Id: I12c3d6b90fd8a85911f76dec5448e6a2e237e797
Signed-off-by: Lorand Jakab <ljakab@ac.upc.edu>
Reviewed-on: https://code.wireshark.org/review/28115
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>