Wireshark-bugs: [Wireshark-bugs] [Bug 5253] New: [NAS EPS] Wrong dissection of Non-current nativ
Date: Thu, 23 Sep 2010 05:49:46 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5253

           Summary: [NAS EPS] Wrong dissection of Non-current native NAS
                    key set identifier
           Product: Wireshark
           Version: 1.5.x (Experimental)
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: pascal.quantin@xxxxxxxxx


Pascal Quantin <pascal.quantin@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #5205|                            |review_for_checkin?
               Flag|                            |

Created an attachment (id=5205)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5205)
Fix dissection of Non-current native NAS key set identifier IE

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
When decoding the following Tracking Area Update Request message, Wireshark
stops right after the non-current native NAS key set identifier IE (even if
there are still IEs following):

07 48 03 0b f6 64 f0 53 00 01 05 01 21 a9 c9 b7 52 64 f0 53 05 01 57 02 60 00

Non-Access-Stratum (NAS)PDU
    0000 .... = Security header type: Plain NAS message, not security protected
(0)
    .... 0111 = Protocol discriminator: EPS mobility management messages (7)
    NAS EPS Mobility Management Message Type: Tracking area update request
(0x48)
    0... .... = Type of security context flag (TSC): Native security context
(0)
    .000 .... = NAS key set identifier:  (0) ASME
    .... 0... = Active flag: No bearer establishment requested
    .... .011 = EPS update type value: Periodic updating (3)
    EPS mobile identity - Old GUTI
        Length: 11
        .... 0... = odd/even indic: 0
        .... .110 = Type of identity: GUTI (6)
        Mobile Country Code (MCC): China (People's Republic of) (460)
        Mobile Network Code (MNC): Unknown (35)
        MME Group ID: 1
        MME Code: 5
        M-TMSI: 0x0121a9c9
    NAS key set identifier - SGSN
        1011 .... = Element ID
        .... 0... = Type of security context flag (TSC): Native security
context (0)
        .... .111 = NAS key set identifier: No key is available (7)

With the attached patch, the decoding succeeds:
Non-Access-Stratum (NAS)PDU
    0000 .... = Security header type: Plain NAS message, not security protected
(0)
    .... 0111 = Protocol discriminator: EPS mobility management messages (7)
    NAS EPS Mobility Management Message Type: Tracking area update request
(0x48)
    0... .... = Type of security context flag (TSC): Native security context
(0)
    .000 .... = NAS key set identifier:  (0) ASME
    .... 0... = Active flag: No bearer establishment requested
    .... .011 = EPS update type value: Periodic updating (3)
    EPS mobile identity - Old GUTI
        Length: 11
        .... 0... = odd/even indic: 0
        .... .110 = Type of identity: GUTI (6)
        Mobile Country Code (MCC): China (People's Republic of) (460)
        Mobile Network Code (MNC): Unknown (35)
        MME Group ID: 1
        MME Code: 5
        M-TMSI: 0x0121a9c9
    NAS key set identifier - Non-current native NAS key set identifier
        1011 .... = Element ID
        .... 0... = Type of security context flag (TSC): Native security
context (0)
        .... .111 = NAS key set identifier: No key is available (7)
    Tracking area identity - Last visited registered TAI
        Element ID: 82
        Mobile Country Code (MCC): China (People's Republic of) (460)
        Mobile Network Code (MNC): Unknown (35)
        Tracking area code(TAC): 0x0501
    EPS bearer context status
        Element ID: 87
        Length: 2
        0... .... = EBI(7): BEARER CONTEXT-INACTIVE
        .1.. .... = EBI(6): BEARER CONTEXT-ACTIVE
        ..1. .... = EBI(5): BEARER CONTEXT-ACTIVE
        ...0 .... = EBI(4) spare: False
        .... 0... = EBI(3) spare: False
        .... .0.. = EBI(2) spare: False
        .... ..0. = EBI(1) spare: False
        .... ...0 = EBI(0) spare: False
        0... .... = EBI(15): BEARER CONTEXT-INACTIVE
        .0.. .... = EBI(14): BEARER CONTEXT-INACTIVE
        ..0. .... = EBI(13): BEARER CONTEXT-INACTIVE
        ...0 .... = EBI(12): BEARER CONTEXT-INACTIVE
        .... 0... = EBI(11): BEARER CONTEXT-INACTIVE
        .... .0.. = EBI(10): BEARER CONTEXT-INACTIVE
        .... ..0. = EBI(9): BEARER CONTEXT-INACTIVE
        .... ...0 = EBI(8): BEARER CONTEXT-INACTIVE

PS: as a bonus, the patch also adds the dissection of Additional update result
 and Additional update type IEs.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.