Wireshark-bugs: [Wireshark-bugs] [Bug 5274] New: [NAS EPS] Fix TFT decoding when having several
Date: Tue, 5 Oct 2010 02:34:21 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5274

           Summary: [NAS EPS] Fix TFT decoding when having several Packet
                    Filters defined
           Product: Wireshark
           Version: 1.5.x (Experimental)
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: pascal.quantin@xxxxxxxxx


Pascal Quantin <pascal.quantin@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #5260|                            |review_for_checkin?
               Flag|                            |

Created an attachment (id=5260)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5260)
Patch fixing decoding of TFT IE containing several Packet Filters

Build Information:
Version 1.5.0 (SVN Rev 34379 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.12, (32-bit) with GLib 2.16.6, with libpcap 1.0.0, with
libz 1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.4.2, with
Gcrypt 1.4.1, with MIT Kerberos, without GeoIP, without PortAudio, without
AirPcap.

Running on Linux 2.6.26-2-686-bigmem, with libpcap version 1.0.0, with libz
1.2.3.3, GnuTLS 2.4.2, Gcrypt 1.4.1.

Built using gcc 4.3.2.

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
In the de_sm_tflow_temp() function (file packet-gsm_a_gm.c), the count variable
used to count the number of packet filters already decoded is not incremented
in the correct bracket.

Currently the following message decodes as:
27 00 00 00 00 02 02 02 d4 05 31 22 01 00 15 51 ff ff 04 00 41 27 12 27 10 30
01 10 0b 09 00 3c ff ff ff ff 01 00 15 51 ff ff 04 00 41 27 12 27 10 30 01 10
0b 09 00 3c ff ff ff ff 05 09 86 86 86 86

Non-Access-Stratum (NAS)PDU
    0010 .... = Security header type: Integrity protected and ciphered (2)
    .... 0111 = Protocol discriminator: EPS mobility management messages (7)
    Message authentication code: 0x00000000
    Sequence number: 2
    0000 .... = EPS bearer identity: 0x00
    .... 0010 = Protocol discriminator: EPS session management messages (2)
    Procedure transaction identity: 2
    NAS EPS session management messages: Bearer resource allocation request
(0xd4)
    0000 .... = Spare half octet: 0
    .... 0101 = Linked EPS bearer identity: EPS bearer identity value 5 (5)
    Traffic Flow Template - Traffic flow aggregate
        Length: 49
        001. .... = TFT operation code: Create new TFT (1)
        ...0 .... = E bit: Parameters list is not included
        .... 0010 = Number of packet filters: 2
        Packet filter 0
            0000 .... = Packet filter direction: Pre Rel-7 TFT filter (0)
            .... 0001 = Packet filter identifier: 1
            Packet evaluation precedence: 0x00 (0)
            Packet filter length: 0x15 (21)
            Packet filter component type identifier: Remote port range type
(81)
                Low limit port: 65535
                High limit port: 1024
            Packet filter component type identifier: Local port range type (65)
                Low limit port: 10002
                High limit port: 10000
            Packet filter component type identifier: Protocol identifier/Next
header type (48)
                Protocol/header: 0x01
            Packet filter component type identifier: IPv4 remote address type
(16)
                IPv4 adress: 11.9.0.60 (11.9.0.60)
                IPv4 address mask: 255.255.255.255 (255.255.255.255)
        Extraneous Data
    EPS quality of service - Required traffic flow QoS
        Length: 5
        Quality of Service Class Identifier (QCI): QCI 9 (9)
        Maximum bit rate for uplink : 960 kbps
        Maximum bit rate for downlink : 960 kbps
        Guaranteed bit rate for uplink : 960 kbps
        Guaranteed bit rate for downlink : 960 kbps

We just decode one Packet Filter, and then indicate that some data was not
decoded with the "Extraneous Data"line.
With the attached patch, it decodes as:

Non-Access-Stratum (NAS)PDU
    0010 .... = Security header type: Integrity protected and ciphered (2)
    .... 0111 = Protocol discriminator: EPS mobility management messages (7)
    Message authentication code: 0x00000000
    Sequence number: 2
    0000 .... = EPS bearer identity: 0x00
    .... 0010 = Protocol discriminator: EPS session management messages (2)
    Procedure transaction identity: 2
    NAS EPS session management messages: Bearer resource allocation request
(0xd4)
    0000 .... = Spare half octet: 0
    .... 0101 = Linked EPS bearer identity: EPS bearer identity value 5 (5)
    Traffic Flow Template - Traffic flow aggregate
        Length: 49
        001. .... = TFT operation code: Create new TFT (1)
        ...0 .... = E bit: Parameters list is not included
        .... 0010 = Number of packet filters: 2
        Packet filter 0
            0000 .... = Packet filter direction: Pre Rel-7 TFT filter (0)
            .... 0001 = Packet filter identifier: 1
            Packet evaluation precedence: 0x00 (0)
            Packet filter length: 0x15 (21)
            Packet filter component type identifier: Remote port range type
(81)
                Low limit port: 65535
                High limit port: 1024
            Packet filter component type identifier: Local port range type (65)
                Low limit port: 10002
                High limit port: 10000
            Packet filter component type identifier: Protocol identifier/Next
header type (48)
                Protocol/header: 0x01
            Packet filter component type identifier: IPv4 remote address type
(16)
                IPv4 adress: 11.9.0.60 (11.9.0.60)
                IPv4 address mask: 255.255.255.255 (255.255.255.255)
        Packet filter 1
            0000 .... = Packet filter direction: Pre Rel-7 TFT filter (0)
            .... 0001 = Packet filter identifier: 1
            Packet evaluation precedence: 0x00 (0)
            Packet filter length: 0x15 (21)
            Packet filter component type identifier: Remote port range type
(81)
                Low limit port: 65535
                High limit port: 1024
            Packet filter component type identifier: Local port range type (65)
                Low limit port: 10002
                High limit port: 10000
            Packet filter component type identifier: Protocol identifier/Next
header type (48)
                Protocol/header: 0x01
            Packet filter component type identifier: IPv4 remote address type
(16)
                IPv4 adress: 11.9.0.60 (11.9.0.60)
                IPv4 address mask: 255.255.255.255 (255.255.255.255)
    EPS quality of service - Required traffic flow QoS
        Length: 5
        Quality of Service Class Identifier (QCI): QCI 9 (9)
        Maximum bit rate for uplink : 960 kbps
        Maximum bit rate for downlink : 960 kbps
        Guaranteed bit rate for uplink : 960 kbps
        Guaranteed bit rate for downlink : 960 kbps

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.