Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3911] New: Wireshark doesn't decode CAP v2 aChBillingCharg

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 17 Aug 2009 18:34:17 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3911

           Summary: Wireshark doesn't decode CAP v2
                    aChBillingChargingCharacteristics correctly
           Product: Wireshark
           Version: 1.2.1
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Minor
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: ved.vedant@xxxxxxxxx


Build Information:
Version 1.2.1 (SVN Rev 29141)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.

Running on Windows XP Service Pack 3, build 2600, without WinPcap, GnuTLS
2.8.1,
Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Wireshark is not decoding CAP v2 ApplyCharging messages correctly, I feel that
it uses CAP v3 specifications to decode all CAP messages, this seems to be
causing trouble. 
I can't find any option to tell Wireshark to decode messages based on CAP v2
specifications and hence raising this ticket


Below is the aChBillingChargingCharacteristics part of ApplyCharging which is
not being decoded correctly. "Tone" parameter is missing here

--------------
aChBillingChargingCharacteristics: A00980020258A1030101FF
               CAMEL-AChBillingChargingCharacteristics: timeDurationCharging
(0)
                    timeDurationCharging
                        maxCallPeriodDuration: 600
                        releaseIfdurationExceeded: True
--------------

Application Context in TC_BEGIN was 
application-context-name: 0.4.0.0.1.0.50.1 (CAP-v2-gsmSSF-to-gsmSCF-AC) 

>From GSM 09.78:

CAMEL-AChBillingChargingCharacteristics ::= CHOICE {
timeDurationCharging [0] SEQUENCE {
maxCallPeriodDuration [0] INTEGER (1..864000),
releaseIfdurationExceeded [1] ReleaseIfDurationExceeded OPTIONAL,
 ReleaseIfDurationExceeded ::= SEQUENCE {
   tone BOOLEAN DEFAULT FALSE,
   ...,
   extensions [10] SEQUENCE SIZE(1..numOfExtensions) OF
   ExtensionField OPTIONAL
 }

This is what I have got:

aChBillingChargingCharacteristics: A0 09 80 02 02 58 A1 03 01 01 FF

80 => 1000 0000
Context specific, primitive, tag 0 (maxCallPeriodDuration)
    02 02 58
    2 octets, value 02 58 => 600
A1
1010 0001
Context specific, constructed, tag 1 (releaseIfdurationExceeded)
   03 01 01 FF
   3 octets, boolean, length 1, contents FF (TRUE)

Because ReleaseIfDurationExceeded IS a sequence which may contain tone, above
message implies that release and tone are both set.

I feel that wireshark should display both releaseIfdurationExceeded and tone
parameter.

Thanks in advance for your help :)

Regards,
Ved


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube