Wireshark · Wireshark-dev: Re: [Wireshark-dev] Decoding error SS7 SMS-MO (ok) vs SMPP Deliver SM (malformed)

[Pascal Quantin <pascal@xxxxxxxxxxxxx>]

Hi Andreas,

Le mer. 7 juil. 2021 à 16:20, Andreas Fink <afink@xxxxxxxxxxxxx> a écrit :

Hello,

I run into a decoding error in SMPP

I have a GSM SMS payload which comes in as SMS-MO into a SMSC.

the GSM-SMS TPDU SMS-submit -> TP-UserData section contains the bytes:
    027100001412000001897d3623d52eaea27bb6dad9e9c37cfa

Wireshark decodes this correctly as having a UDH header of 0x71 which is a (U)SIM Tooling Security Header and some raw binary data.



This same Payload is now packed by the SMSC into a SMPP Deliver SM.
The bytes are exactly the same. but now Wireshark can't decode it anymore



So I presume the SMPP branch doesn't know the same User Data Headers as the SS7 branch of Wireshark.

It's even worse: your first screenshot is decoded by the gsm_sms dissector (that decodes a TPDU, including the TP-UD)), while the SMPP dissector is calling another gsm_sms_ud dissector (taht decodes the TP-UD only).

It seems like the latter is not really maintained while the former is more actively maintained and has better decoding capabilities.

Even worse, it does not skip over a unknown UDH header but assumes everything is wrong.

As said, it seems to be abandoned code so that's not surprising.

I think this needs fixing.
I can probably find it in the right spot in the source but I don't have a wireshark build environment set up as I used it mainly on a Mac (which has quite some complex dependencies). So if someone has an easy way to fix this, it would be greatly apprechiated.

I do not see an "easy fix" and no one will ever try to fix that with a screenshot only. Better fill a bug on https://gitlab.com/wireshark/wireshark/-/issues with a pcap attached.

Best regards.