Detected by adding another check under
ENABLE_CHECK_FILTER to look for consecutive labels likely
to have been left as copy/paste errors. Change to proto.c probably too messy
to merge.
Also, take a chance to correct the comment: section 6.11.0 does
not exit in 3GPP TS 44.018. In version 15.4.0 Release 15 of
the referenced document it is 10.5.2.31 (table 10.5.2.31.1).
In CSN.1, the message may be safely cropped at specific parts
of its definition called Null breakpoints or rather "message
escape" labels (see 3GPP TS 44.060, section 11.1.3.3).
These labels usually preceed the optional protocol extensions,
added in newer releases of 3GPP specifications. The following
IA Rest Octets (see 3GPP TS 44.018, section 10.5.2.16) sample
illustrates that:
IA Rest Octets
H... .... = First Discriminator Bit: High
.H.. .... = Second Discriminator Bit: High
..0. .... = Discriminator Bit: Packet Assignment
...1 .... = Discriminator Bit: Packet Downlink Assignment
Packet Downlink Assignment
.... 0000 0000 0000 0000 0000 0000 0000 0001 .... = TLLI: 0x00000001
.... 1... = TFI Assignment (etc): Present
.... .000 00.. .... = TFI_Assignment: 0
..0. .... = RLC_Mode: RLC acknowledged mode
...0 .... = Alpha: Not Present
.... 0000 0... .... = Gamma: 0 dB (0)
.0.. .... = Polling: no action is required from MS
..0. .... = TA_Valid: the timing advance value is not valid
...0 .... = Timing Advance Index: Not Present
.... 0... = TBF Starting Time: Not Present
.... .0.. = P0: Not Present
.... ..L. = Additions in R99: Not Present
.... ...L = Additions in Rel-6: Not Present
[Malformed Packet: GSM CCCH]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
In GSM, the maximum length of a MAC block (on xCCH channels) is
limited to 23 bytes, so the message was cut in the middle, and
the Rel-7, Rel-10, and Rel-13 additions did not fit. Although,
the message is still correct according to the specifications,
so we should not consider it as "Malformed".
Change-Id: I6920c87d3a3247f4342fea69a8bb40c28316f422
Reviewed-on: https://code.wireshark.org/review/37912
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Pau Espin Pedrol <pespin@sysmocom.de>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to 3GPP TS 48.058 (version 15.0.0), section 9.3.5,
3GPP TS 44.018 "Mobile Allocation" IE shall for compatibility
reasons be included but empty, i.e. the length shall be zero.
It does not mean that the Mobile Allocation IE should not be
decoded by Wireshark though. Some BSC implementations may still
be sending it with length greather than 0.
Let's expose de_rr_mob_all() and use it in dissect_rsl_ie_ch_id().
If the length is greather than 0, raise a protocol warning.
Change-Id: Idd0f2b3cd1e684f2c812b566fde71a1cc727c2c4
Signed-off-by: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Reviewed-on: https://code.wireshark.org/review/37575
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3GPP TS 04.08 sec 9.1.22 "Paging request type 1" states that "P1 Rest
Octets" is (M)andatory, but then in the same table states its length
ranges from 0 to 17, which means it can actually be missing on some
cases:
"The sum of the length of this IE and the L2 Pseudo Length of the
message equals 22."
So that happens (l2 plen = 22) for instance when 2 IMSIs are provided in
a Paging Request Type 1 message. In that case, we shouldn't be warning
about the packet being malformed having the IE missing, since it's
actually expected.
The l2 Pseudo Length is shifter 2 bits because that's how it's defined
in the spec (sec 10.5.2.19).
Change-Id: I3dcb1d23c7d6fd2f1e370462481086516f24c7bb
Reviewed-on: https://code.wireshark.org/review/37361
Reviewed-by: Vadim Yanitskiy <axilirator@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
According to 3GPP TS 44.018 V15.3.0 APDU ID 1 is ETWS.
Change-Id: I6dceeb45c82f4f5c75fc46fea85d22ec9c4855e6
Note: ETWS is the Earthquake and Tsunami Warning System.
Reviewed-on: https://code.wireshark.org/review/34465
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Use hf_gsm_a_tmsi instead of hf_gsm_a_rr_tmsi_ptmsi. This allows easy
filtering of all messages that contains a given TMSI/PTMSI using a
filter with only one field name instead of two.
Change-Id: I356865ebdac9691abd8d14d44aac7ccf4e22e70c
Reviewed-on: https://code.wireshark.org/review/33990
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is achieved by calling the respective dissector functions
from other dissectors, which requires them to be exported.
Change-Id: Ifd01da8e5ff4ac3f3f3179b842e3a7223629b234
Reviewed-on: https://code.wireshark.org/review/33121
Reviewed-by: fixeria <axilirator@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
According to 3GPP TS 04.08, section 10.5.2.49, the APDU Flags field
is coded together with APDU ID, and occupies bits 1-3 (mask 0x70):
0 1 2 3
S T F L
. . . * Last Segment
. . * . First Segment
. * . . C/R, if L=0 only, otherwise spare and set to 0
* . . . Spare (0)
Instead of parsing all bits together as a set of integer values,
let's parse each flag individually. Moreover, the previous
definition was missing some possible bit combinations, so
this change also fixes that problem.
Change-Id: Id71fae9ef06572c1ad17aafe0be3dfb66e081b7d
Reviewed-on: https://code.wireshark.org/review/28948
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
According to 3GPP TS 04.08, table 9.1.53.1, Application Information
message has two mandatory fields encoded in a single octet:
- APDU ID (section 10.5.2.48) M V 1/2,
- APDU Flags (section 10.5.2.49) M V 1/2.
For some reason, they were dissected incorrectly:
GSM A-I/F DTAP - Application Information
Protocol Discriminator: Radio Resources Management messages (6)
.... 0110 = Protocol discriminator: Radio Resources Management messages (0x6)
0000 .... = Skip Indicator: No indication of selected PLMN (0)
DTAP Radio Resources Management Message Type: Application Information (0x38)
APDU ID
.... 0000 = APDU ID: RRLP (GSM 04.31) LCS (0x0)
Missing Mandatory element APDU ID, rest of dissection is suspect
[Expert Info (Error/Protocol): Missing Mandatory element APDU ID,
rest of dissection is suspect]
[Missing Mandatory element APDU ID, rest of dissection is suspect]
[Severity level: Error]
[Group: Protocol]
APDU Flags
0000 .... = APDU Flags: Unknown (0x0)
APDU Data
[...]
Change-Id: Ibb248104289da8e602ac15da15ae9e8eadb42c42
Reviewed-on: https://code.wireshark.org/review/28947
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
In 3GPP TS 44.018 version 14.4.0 Release 14 both Immediate assigment
extended (9.1.19) and Immediate assignment reject (9.1.20) have Feature
Indicator (10.5.2.76) half octet right after the Page Mode (10.5.2.26)
The Feature Indicator is part of GSM_A_PDU_TYPE_RR and not
GSM_A_PDU_TYPE_COMMON so previously it was not decoded correctly in the
Immediate assigment extended
Change-Id: I117d1ee42d43d01d77da67eea506c28ca0ae3056
Reviewed-on: https://code.wireshark.org/review/28263
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RXLEV and RXQUAL fields in RSL "Uplink Measurements" use same scale
format (0-63, 0-7) as RXLEV and RXQUAL in RR. RXQUAL value-string is
moved to packet-gsm_a_common.c in order to use it in both protocols.
Change-Id: Idadd9505225353fec76b9605e2045a5222669475
Reviewed-on: https://code.wireshark.org/review/24663
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
When a mandatory information element is missing, try to report an expert info,
instead of throwing a fatal malformed exception (or of reporting nothing at all).
According to TS 24.007 11.2.3, a mandatory i.e. may be part of the imperative part
of the message, so that expert info should be at PI_ERROR level
Change-Id: Id399c236f2923db36540bbda0d29d666548f7cbd
Reviewed-on: https://code.wireshark.org/review/22134
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"Additional update parameters" info element is not dissect in Paging Response message. See TS 44.018 9.1.25
Change-Id: Ia3aec7809be9b5e8318bb7e04326bc85f77d34bd
Reviewed-on: https://code.wireshark.org/review/21914
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Iacf9328ddaa51f9459fd19752bcde70d9312e425
Reviewed-on: https://code.wireshark.org/review/21746
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When flags aren't used in flow control decisions, the function is
effectively proto_tree_add_bits_item, so make it so.
Change-Id: Ic82e734ddd24d41fe7c36e435cc941ed872c3b03
Reviewed-on: https://code.wireshark.org/review/14773
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I85535dfdb7b064ba81f44ed08c3b1e84e7204e9e
Reviewed-on: https://code.wireshark.org/review/19954
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Current code is not able to detect missing mandatory information elements
because the macro will return once the end of the payload is reached.
Remove this check from all mandatory IE macros, and put it at the beginning
of optional IE ones. It should allow to detect any missing mandatory IE
while still stopping message dissection in case optional IEs are not
present.
Change-Id: Ie820740e25c1d03ee3462fa4a913c3a7870fcc2d
Reviewed-on: https://code.wireshark.org/review/19816
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
As seen in the capture given in https://www.wireshark.org/lists/wireshark-users/201605/msg00007.html
The extension length is not always equal to ll the options defined for a given release
Change-Id: I68ba57dd384122eed1f1ff36cc8acc7ef029fcd0
Reviewed-on: https://code.wireshark.org/review/15290
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This copied and stripped code has this variable which does
not change. Remove this constant variable and the conditional
statements related.
Change-Id: I0741ef0ef8b8d1cbd52fc521bc6a91ad06c8b597
Reviewed-on: https://code.wireshark.org/review/14594
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The copied function retained features from its parent,
which cannot be reached. Might as well remove them and
replace with proper assert.
Change-Id: I63838d6011420d6c4473b127da52e7f304376172
Reviewed-on: https://code.wireshark.org/review/14531
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic368dd8e83cf39e0c934da0ae2744778e2d54ce6
Reviewed-on: https://code.wireshark.org/review/12050
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I36a3d15a4fa86847a83d1dbea40111d36d7cfd61
Reviewed-on: https://code.wireshark.org/review/10036
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
release of all TCH and SDCCH IE
Change-Id: I552c436fe8bea5971863fd7ba023a86aa08f2f0c
Reviewed-on: https://code.wireshark.org/review/7700
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Vadim Yanitskiy
Martin Mathieson
Pau Espin
Harald Welte