Hi,
I tried the GTP dissector included in the latest ethereal version and I
noticed
several critical problems:
1) that this dissector does not conform to the ETSI 9.60 specs as
regards the mandatory
fields. This dissector has no notion of "mandatory field" since it
compares each type
field with a predefined list of all the possible tags (Information
elements).
However, every messages defined in the specs has it's own mandatory
field that must be
respected. If not, it is impossible to put forward any implementation
problem on the vendors
equipments.
2) the "filtering function" doesn't work: when we start filtering a 3000
frames file containing gtp messages,
we get a "segmentation fault, core dump" message and we get dropped.I
did not find what's wrong with the code.
The memory allocations seem good.
3) Moreover the MAP causes, are not those that are given in the ETSI
9.02 specs
for the two GTP messages that use MAP causes.
As a consequence, in response to the mail that Guy Harris sent me,
I submit you my own gtp-gtp' dissector.
My dissector respects the "mandatory fields", has a working filtering
function and encloses
GTP' decoding (latest ETSI 12.15 spec).
My dissector has been validated on both Nortel Networks and Nokia
equipments for GTP and GTP'.
I hope it will help.
David NGO
Nortel Networks
GPRS Core Network Europe TAS
I tried the GTP dissector included in the latest ethereal version and I
noticed
several critical problems:
1) that this dissector does not conform to the ETSI 9.60 specs as
regards the mandatory
fields. This dissector has no notion of "mandatory field" since it
compares each type
field with a predefined list of all the possible tags (Information
elements).
However, every messages defined in the specs has it's own mandatory
field that must be
respected. If not, it is impossible to put forward any implementation
problem on the vendors
equipments.
2) the "filtering function" doesn't work: when we start filtering a 3000
frames file containing gtp messages,
we get a "segmentation fault, core dump" message and we get dropped.I
did not find what's wrong with the code.
The memory allocations seem good.
3) Moreover the MAP causes, are not those that are given in the ETSI
9.02 specs
for the two GTP messages that use MAP causes.
As a consequence, in response to the mail that Guy Harris sent me,
I submit you my own gtp-gtp' dissector.
My dissector respects the "mandatory fields", has a working filtering
function and encloses
GTP' decoding (latest ETSI 12.15 spec).
My dissector has been validated on both Nortel Networks and Nokia
equipments for GTP and GTP'.
I hope it will help.
David NGO
Nortel Networks
GPRS Core Network Europe TAS
Attached Files:
-
packet-gtp.c (312 KB)
-
packet-gtp.h (21.3 KB)