Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5262] New: G-PDU doesn't include TEID while decoding

Date: Tue, 28 Sep 2010 04:48:52 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5262

           Summary: G-PDU doesn't include TEID while decoding
           Product: Wireshark
           Version: 1.2.2
          Platform: x86
        OS/Version: Ubuntu
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mkulin@xxxxxxx


Created an attachment (id=5225)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5225)
Captured G-PDU packet

Build Information:
wireshark 1.2.2

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.3, with GLib 2.22.2, with libpcap 1.0.0, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with
c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 20 2009 13:28:51),
without AirPcap.

Running on Linux 2.6.31-14-generic, with libpcap version 1.0.0, GnuTLS 2.8.3,
Gcrypt 1.4.4.

Built using gcc 4.4.1.
--
I try to monitor G-PDU (GTPv1) messages (see TS 29.281 and TS 29.060) with help
of wireshark.

Unfortunatelly, G-PDU messages cannot be decoded properly because wireshark
does not know anothing about TEID in the GTPv1 header, it thinks that right
after Length field there should be Sequence Number field. Therefore, the
decoding process is broken and wireshark cannot decode IP message incapsulated
into T-PDU.

The behaviour is wrong according to the TS 29.060 (see chapter 6):
Bits
8    7    6    5    4    3    2    1
Version    PT    (*)    E    S    PN
Message Type
Length (1st Octet)
Length (2nd Octet)
Tunnel Endpoint Identifier (1st Octet)
Tunnel Endpoint Identifier (2nd Octet)
Tunnel Endpoint Identifier (3rd Octet)
Tunnel Endpoint Identifier (4th Octet)
Sequence Number (1st Octet)1) 4) 
Sequence Number (2nd Octet)1) 4)
N-PDU Number2) 4)
Next Extension Header Type3) 4)

See PCAP file attached.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.