Wireshark mailing list archives
Re: [Wireshark-commits] rev 33048: /trunk/ /trunk/epan/dissectors/: packet-ber.c packet-pres.c /trunk/asn1/pres/: pres.cnf
From: Graeme Lunt <graeme () lunt uk com>
Date: Tue, 29 Jun 2010 16:40:24 +0100
Jeff,. Like the issue that the patch highlighted with Stig's presentation example, an IMPLICITly OCTET STRING looks similar to a EXPLICITly tagged ANY - until you start looking at the constructed bit. The ansi_tcap dissector is decoding an OCTET STRING - when I don't think it needs to. Attached is the fix I think you require to ansi_tcap - but it might break other things - I don't know much about the protocol. Certainly it makes your example capture file work and simplifies the conformance file. If it breaks other things, let me know and I'll go back to the drawing board. Graeme On 8 June 2010 15:20, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:
gal () wireshark org wrote:http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=33048 User: gal Date: 2010/06/02 07:43 AM Log: Bug 3597 - implicit octet string that is constructed causes PRES/FTAMdissect failureIntroduced some state to remember last dissected Tag/Length so that theycan be recalled if an IMPLICIT tag is encountered and stripped. This allows its to be determined if the value has a constructed value - and so can be reassembled.In this case, it is a IMPLICIT constructed OCTET STRING at thepresentation layer.Many thanks to Fred Gruman for identifying - and apologies for the delayin commiting. This breaks the ANSI TCAP dissector. It now complains "BER Error: OctetString expected but class:CONTEXT(2) primitive tag:21 was unexpected" and then the packet is marked as unreassembled. I'm afraid I don't understand this stuff well enough to attempt a fix. Can someone take a look? A sample capture that shows the problem can be found on the SampleCaptures page: http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=ansi_tcap_over_itu_sccp_over_mtp3_over_mtp2.pcap ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Attachment:
ansi_tcap.patch
Description:
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: [Wireshark-commits] rev 33048: /trunk/ /trunk/epan/dissectors/: packet-ber.c packet-pres.c /trunk/asn1/pres/: pres.cnf Jeff Morriss (Jun 08)
- Re: [Wireshark-commits] rev 33048: /trunk/ /trunk/epan/dissectors/: packet-ber.c packet-pres.c /trunk/asn1/pres/: pres.cnf Stig Bjørlykke (Jun 29)
- Re: [Wireshark-commits] rev 33048: /trunk/ /trunk/epan/dissectors/: packet-ber.c packet-pres.c /trunk/asn1/pres/: pres.cnf Stig Bjørlykke (Jun 29)
- Re: [Wireshark-commits] rev 33048: /trunk/ /trunk/epan/dissectors/: packet-ber.c packet-pres.c /trunk/asn1/pres/: pres.cnf Graeme Lunt (Jun 29)
- Re: [Wireshark-commits] rev 33048: /trunk/ /trunk/epan/dissectors/: packet-ber.c packet-pres.c /trunk/asn1/pres/: pres.cnf Graeme Lunt (Jun 29)
- Re: [Wireshark-commits] rev 33048: /trunk/ /trunk/epan/dissectors/: packet-ber.c packet-pres.c /trunk/asn1/pres/: pres.cnf Stig Bjørlykke (Jun 29)
- Re: [Wireshark-commits] rev 33048: /trunk/ /trunk/epan/dissectors/: packet-ber.c packet-pres.c /trunk/asn1/pres/: pres.cnf Stig Bjørlykke (Jun 29)
- Re: [Wireshark-commits] rev 33048: /trunk/ /trunk/epan/dissectors/: packet-ber.c packet-pres.c /trunk/asn1/pres/: pres.cnf Stig Bjørlykke (Jun 29)
- Re: [Wireshark-commits] rev 33048: /trunk/ /trunk/epan/dissectors/: packet-ber.c packet-pres.c /trunk/asn1/pres/: pres.cnf Graeme Lunt (Jun 29)