Hello,
it seems to me that SCCP doesn't decode correctly PDUs with 2 byte long variable and optional pointers. This is the case in LUDT pdus.
The start of the variable ie is now set by adding current offset to read pointer. This position is one byte too early. The macros VARIABLE_POINTER and OPTIONAL_POINTER in packet-sccp.c should be modified as follows:
#define VARIABLE_POINTER(var, hf_var, ptr_size) \
if (ptr_size == POINTER_LENGTH) \
var = tvb_get_guint8(tvb, offset); \
else \
var = tvb_get_letohs(tvb, offset); \
proto_tree_add_uint(sccp_tree, hf_var, tvb, \
offset, ptr_size, var); \
var += offset; \
if (ptr_size == POINTER_LENGTH_LONG) \ /* ADD THIS AND NEXT LINE */
var += 1 ; \
offset += ptr_size;
/* Macro for getting pointer to optional parameters */
#define OPTIONAL_POINTER(ptr_size) \
if (ptr_size == POINTER_LENGTH) \
optional_pointer = tvb_get_guint8(tvb, offset); \
else \
optional_pointer = tvb_get_letohs(tvb, offset); \
proto_tree_add_uint(sccp_tree, hf_sccp_optional_pointer, tvb, \
offset, ptr_size, optional_pointer); \
optional_pointer += offset; \
if (ptr_size == POINTER_LENGTH_LONG) \ /* ADD THIS AND NEXT LINE */
optional_pointer += 1 ; \
offset += ptr_size;
Sample input file is in attachement.
<<sccp_ludt.pcap>>
# ethereal -v
ethereal 0.10.0a
Compiled with GTK+ 1.2.10, with GLib 1.2.10, with libpcap 0.7.2,
with libz 1.1.4, without libpcre, with Net-SNMP 5.0.9, without ADNS.
NOTE: this build does not support the "matches" operator
for Ethereal filter syntax.
Running with libpcap (version unknown) on Linux 2.4.20-18.9
Regards,
Jari Mustajärvi
Attachment:
sccp_ludt.pcap
Description: sccp_ludt.pcap
