Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] map decoding problems

From: "Anders Broman" <anders.broman@xxxxxxxxxxxx>
Date: Wed, 28 Jan 2009 14:42:57 +0100
Hi,
"Expert" items could probably be designed to show this type of
problem/error.

This is the comment in the code: ( asn1/gsmmap/packet-gsmmap-template.c)
/*
 * Dissect Multiple Choice Message
 * This function is used to decode a message, when several encoding may
be used.
 * For exemple, in the last MAP version, the Cancel Location is defined
like this:
 * CancelLocationArg ::= [3] IMPLICIT SEQUENCE
 * But in the previous MAP version, it was a CHOICE between a SEQUENCE
and an IMSI
 * As ASN1 encoders (or software) still uses the old encoding, this
function allows
 * the decoding of both versions.
 * Moreover, some optimizations (or bad practice ?) in ASN1 encoder,
removes the 
 * SEQUENCE tag, when only one parameter is present in the SEQUENCE.
 * This explain why the function expects 3 parameters:
 * - a [3] SEQUENCE corresponding the recent ASN1 MAP encoding
 * - a SEQUENCE for old style
 * - and a single parameter, for old version or optimizations
 *
 * The analyze of the first ASN1 tag, indicate what kind of decoding
should be used, 
 * if the decoding function is provided (so not a NULL function)
 */
:
This is used for some messages not all.
Regards
Anders

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Cristian
Constantin
Sent: den 28 januari 2009 13:20
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] map decoding problems

On Wed, Jan 28, 2009 at 12:09:37PM +0100, Anders Broman wrote:
> On Tue, Jan 27, 2009 at 09:33:26PM +0100, Anders Broman wrote:
> >> Hi,
> >> I have checked in a fix in revision 2731, formally I think the 
> >> frame is wrongly Encoded as the tag [3] is missing but from 
> >> comments in the code It looks like this is common

[...]

cristian: is there a way that ws shows some warning that:

- the actual encoding is broken (i.e. not standard, in our case
UNIVERSAL
  tag is used instead of the CONTEXT one which is forced by the
  definition)

- it is (heuristically) trying to decode the message anyway?

thanks a lot!
bye now!
cristian
________________________________________________________________________
___
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe