https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12063
Bug ID: 12063
Summary: Wireshark is decoding wrongly for long header format
of DRTReq version zero message over GTPP
Product: Wireshark
Version: 2.1.x (Experimental)
Hardware: x86
OS: Windows 7
Status: CONFIRMED
Severity: Major
Priority: Low
Component: Capture file support (libwiretap)
Assignee: bugzilla-ad...@wireshark.org
Reporter: anila.agrawa...@gmail.com
Created attachment 14295
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=14295&action=edit
attachement contains both trace and text log file
Build Information:
Version 2.1.0-91-g894c3c0 (v2.1.0rc0-91-g894c3c0 from master)
Copyright 1998-2015 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.3.2, with WinPcap (unknown), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale C, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz (with SSE4.2), with 8097MB of physical
memory.
Built using Microsoft Visual C++ 12.0 build 31101
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Test Scenario:
1. CDF sends Data Record Transfer Request message to CGF server over Ga
interface.
2. Configure CDF server for version 0 and long header format (20 octet length)
message.
As per spec 32295 6.1.1:
Bit 1 of octet 1 is not used in GTP' (except in v0), and it is marked '0' in
the GTP' header. It is in use in GTP' v0 and
distinguishes the used header-length. In the case of GTP' v0, this bit being
marked one (1) indicates the usage of the 6
octets header. If the bit is set to '0' (usually the case) the 20-octet header
is used. For all other versions of GTP', this bit
is not used and is set to '0'. However, this does not suggest the use of the
20-octet header, rather a shorter 6-octet header.
issue:
CDF server is sending it correctly but wireshark is decoding wrongly.
i.e: Till sequence number message is decoded properly (which contain 6 octet)
the rest 14 octet is decoded with some IE which is not part of GTPP DRTR
message.
The wrong IEs are :
Flow Level
SNDCP N-PDU LLC Number
TID
Spec 32295 does not have some IE.
Attached the trace and log file for further analysis.
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
