Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: RE: [Ethereal-dev] New asn.1 based TCAP dissector.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Anders Broman (AL/EAB)" <anders.broman@xxxxxxxxxxxx>
Date: Tue, 7 Jun 2005 13:26:04 +0200
Title: Message
Hi,
Point 3 is probably fixed by using tcap_top_tree in the .cnf file, see below.
If I could get a trace of ANSI TCAp as well I'd be grateful.
Best regards
Anders

#.FN_BODY ExternUserInfo

tvbuff_t *next_tvb;

guint8 class;

gboolean pc;

guint32 tag;

guint32 len, start_offset;

guint32 ind_field;

/*

* ok lets look at the oid and ssn and try and find a dissector, otherwise lets decode it.

*/

ber_oid_dissector_table = find_dissector_table("ber.oid");

start_offset = offset;

offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);

offset = get_ber_length(tree, tvb, offset, &len, &ind_field);

/* Use the recived length, XXX What if it was indefenet? */

next_tvb = tvb_new_subset(tvb, start_offset, len +(offset - start_offset), len+(offset - start_offset));

if (ber_oid_dissector_table && tcapext_oid){

if(!dissector_try_string(ber_oid_dissector_table, tcapext_oid, next_tvb, pinfo, tcap_top_tree))

{

}

}

offset+=len;

 

#.FN_BODY ANSIParameters

/* we are doing the ParamSet here so need to look at the tags*/

guint32 len;

len = tvb_length_remaining(tvb, offset);

if (len > 2) /* arghhh I dont know whether this is constructed or not! */

offset = dissect_tcap_param(pinfo,tree,tvb,offset);

else

offset = dissect_ber_octet_string(TRUE, pinfo, tree, tvb, 0, hf_index,

NULL);

 

#.FN_BODY ComponentPDU

tvbuff_t *next_tvb;

next_tvb = tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_length_remaining(tvb, offset));

if (!dissector_try_port(tcap_ansi_ssn_dissector_table, pinfo->match_port, next_tvb, pinfo, tcap_top_tree))

{

offset = dissect_ber_choice(pinfo, tree, tvb, offset,

ComponentPDU_choice, hf_index, ett_tcap_ComponentPDU);

}

-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx [mailto:ethereal-dev-bounces@xxxxxxxxxxxx]On Behalf Of Tim
Sent: den 7 juni 2005 10:20
To: 'Ethereal development'
Subject: RE: [Ethereal-dev] New asn.1 based TCAP dissector.

Olivier,
 
See comments.
-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Jacques, Olivier (OCBU-Test Infra)
Sent: 07 June 2005 08:54
To: Ethereal development
Subject: RE: [Ethereal-dev] New asn.1 based TCAP dissector.

Hi,
 
I just tried it with several traces I have. First, great job, the decoding looks really nice already!
 
Here are my results:
1- All tests
    1.1- In colinfo, the message type is not indicated (begin, continue, end, ...). This would be nice.
[Endean, Timothy [MOP:2839:EXCH]] No  problem I will add this.
    1.2- ITU/ANSI auto-detection works nicely. Still have to set the standard in MTP3 preferences.
[Endean, Timothy [MOP:2839:EXCH]] Yep no changes to mtp3 
2- TCAP ITU - Camel
    Works nicely.
3- TCAP ANSI
    3.1 An ANSI MAP trace doesn't display a MAP tree on the GUI. MAP protocol goes directly in the component portion. I don't know if this is intended, but it's a little bit disturbing given that Ethereal always create a tree for a protocol layer. An ITU MAP works OK.
        -> see tcap_1.jpg
[Endean, Timothy [MOP:2839:EXCH]] Please send trace, I was working in the dark with ANSI with only one good ANSI trace. 
4- TCAP ITU - unknown upper protocol
    This time, no upper protocol is triggered. So TCAP dissector is on its own.
    4.1- For a Camel trace (Camel dissector de-activated), I get BER errors and nothing is decoded. The expected behavior would be to have parameter types, length and value displayed (previous TCAP dissector was doing that)
        components:
            Item: invoke (1)
                invoke
                    invokeID: 1
                    BER Error: This field lies beyond the end of the known sequence definition.
                    BER Error: This field lies beyond the end of the known sequence definition.
            Item: invoke (1)
                invoke
                    invokeID: 2
                    BER Error: This field lies beyond the end of the known sequence definition.
 
I can provide the captures with a direct email.
[Endean, Timothy [MOP:2839:EXCH]] Yep please send the traces over with a short description of the configuration needed for each trace. 
 
Regards,
Olivier.
 
 

From: ethereal-dev-bounces@xxxxxxxxxxxx [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: mardi 7 juin 2005 07:55
To: ethereal-dev@xxxxxxxxxxxx
Subject: [Ethereal-dev] New asn.1 based TCAP dissector.

Hi,

I have checked in the new asn2eth generated TCAP dissector please try it out.

Best regards

Anders

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube