ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 9206] New: Improve "eHRPD Indicator" NVSE dissection in 3G

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 30 Sep 2013 09:47:23 +0000
Bug ID 9206
Summary Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11 Registration Request
Classification Unclassified
Product Wireshark
Version SVN
Hardware All
OS All
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]
Attachment #11676 Flags review_for_checkin? 

Created attachment 11676 [details]
Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11 Registration Request

Build Information:
$ ./wireshark -v
wireshark 1.11.0 (SVN Rev 52283 from /trunk)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.6, with Cairo 1.10.2, with Pango 1.34.1, with
GLib 2.36.3, with libpcap, with libz 1.2.7, without POSIX capabilities, without
libnl, with SMI 0.4.8, without c-ares, with ADNS, without Lua, without Python,
with GnuTLS 2.12.23, with Gcrypt 1.5.2, without Kerberos, with GeoIP, without
PortAudio, with AirPcap.

Running on FreeBSD 9.1-RELEASE, without locale, with libpcap version 1.2.1,
with
libz 1.2.7, GnuTLS 2.12.23, Gcrypt 1.5.2, without AirPcap.
Quad-Core AMD Opteron(tm) Processor 2384

Built using gcc 4.2.1 20070831 patched [FreeBSD].
--
This patch proposes correct dissection for bit fields in "eHRPD Indicator" NVSE
in 3GPP2 A11 Registration Request message and adds descriptive messages for the
bit fields.

According to 3GPP2 spec, the NVSE has 1 octet which includes 3 bit fields:

* PMK
* E-UTRAN Handoff Info
* Tunnel Mode

However, current implementation interpret the whole octet as PMK, which is
incorrect for non-zero octet; for example, if the octet is 0x01, the current
implementation displays "PMK: True", but actually PMK is false and Tunnel Mode
is set.

For the variable names and description messages, I tried to be consistent with
the other parts. But I don't mind if you change any of them to better one.

The patch passes 128 rounds of fuzz testing against 1.6M A11 pcap file.

Reference:
* 3GPP2 A.S0022-0 v2.0, Section 4.2.14 Normal Vendor/Organization Specific
Extension (NVSE)

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube