Wireshark · Ethereal-dev: RE: [Ethereal-dev] BER errors in H248 dissector (binary MEGACO)

Ethereal-dev: RE: [Ethereal-dev] BER errors in H248 dissector (binary MEGACO)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "tim endean" <endeant@xxxxxxxxxxx>

Date: Mon, 22 May 2006 16:47:03 +0100

Incredible, zero length indefinite length, what will we see next!

I need to check but zero length definite length is illegal, I would guess
that zero length indefinite length is also probably illegal.

Heres a patch that shouldn't break every other asn.1 dissector...

I don't want this patch added to svn unless someone can prove to me that it
is permitted, maybe one day someone might use this to prove that it is
permitted, its just horrible.

The h248 also needs some attention, I ended up adding the line 

dissector_add("udp.port",2945, h248_handle);

to get it to decode the trace, probably another dissectory somewhere also
registering on the port...

Tim 

-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx
[mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Tarlovskij Eugene
Sent: 19 May 2006 17:11
To: ethereal-dev@xxxxxxxxxxxx
Subject: [Ethereal-dev] BER errors in H248 dissector (binary MEGACO)


I am developing a simple application which uses EPAN library and I have a
problem with H248 protocol (binary MEGACO). H248 dissector does not decode
packets.

I have attached the file with sample binary MEGACO data (signaling only). I
am sure it is really binary MEGACO data.
In Ethereal GUI (version 0.99, Windows binary downloaded from site) I cannot
decode those packets as H248. But my application decodes it with errors. 


It is an example of decoded frame 5 from attached file:

H.248 MEGACO
  mess
    version: 1
    mId: domainName (2)
      domainName
        name: company1.com
        portNumber: 2945
    messageBody: transactions (1)
      transactions: 1 item
        Item: transactionRequest (0)
          transactionRequest
            transactionId: 1
            actions: 1 item
              Item
                contextId: Null Context(0)
                contextRequest
                BER Error: Wrong field in SEQUENCE  expected class:2
(CONTEXT) tag:3 but found class:2 tag:1
                BER Error: This field lies beyond the end of the known
sequence definition.

Looks like BER decoder does not decode sequences correctly. Unfortunately, I
do not understand code well enough to make a patch but I think that the
problem is around line packet-ber:1193 . 

I made a quick experiment: changed (len==0) to (len!=0) and dissector
stopped reporting BER errors. It seems to work but I'm afraid of putting new
serious bug with this change. 

Would you explain how to get it work in Ethereal GUI and how to correct
dissector code (in case it is dissector problem)?

Eugene Tarlovskij

Attachment: ber.diff
Description: Binary data

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Prev by Date: RE: [Ethereal-dev] Ethereal Plugin for decrypting Code.
Next by Date: [Ethereal-dev] 0.99.1 release soon?
Previous by thread: Re: [Ethereal-dev] About text2pcap
Next by thread: [Ethereal-dev] 0.99.1 release soon?
Index(es):
- Date
- Thread