Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2665] New: MEGACO packet containing Topology Descriptor wi

Date: Mon, 30 Jun 2008 09:08:49 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2665

           Summary: MEGACO packet containing Topology Descriptor without
                    command is not dissected properly
           Product: Wireshark
           Version: 1.0.0
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: balint.reczey@xxxxxxxxxxxx


Created an attachment (id=1939)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=1939)
erroneously dissected frame

Build Information:
TShark 1.0.0

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.16.3, with libpcap 0.9.8, with libz 1.2.3.3, with POSIX
capabilities (Linux), with libpcre 7.4, without SMI, with ADNS, with Lua 5.1,
with GnuTLS 2.2.5, with Gcrypt 1.4.1, with MIT Kerberos.

Running on Linux 2.6.24-1-686, with libpcap version 0.9.8.

Built using gcc 4.2.3 (Debian 4.2.3-5).

--
Wireshark shows an error on dissecting the attached frame:

...

MEGACO
    !/2 <hy4_ml1> 
        Version: 2
        MediagatewayID: <hy4_ml1>
    T=0077872511{
        Transaction: Request
        Transaction ID: 0077872511
    C=603983789{
        Context: 603983789
    TP{
    ERROR frame: No Command detectable !

Megaco text: 
 !/2 <hy4_ml1>
 T=0077872511
  {C=603983789
   {TP
    {r01/04/02/45/13,hy4tg1/0xc905ad1b,OW}
   };9:19?A2#05
  };971111#3

 ;1I&3>1

The RFC says (http://www.rfc-archive.org/getrfc.php?rfc=3015 section 7.1.18):
   "It is possible to have an action containing only a Topology Descriptor,
   provided that the context to which the action applies already exists."

I think that wireshark should not handle the missing command as an error.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.