This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Problem in displaying some info in the tree of S1AP (using modified packet-s1ap.c)

1

Hello,

I have edited the S1AP dissector to fit my own needs to display few info in the tree. The problem which I am facing is that I am getting the info of the previous packet. Hence, please do tell me how to correct this so that the correct info is displayed at correct place.

I am attaching the screen shot alongwith and also the following snippet contains the edited dissect_s1ap():

static void dissect_s1ap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){  
    proto_item *s1ap_item = NULL;
    proto_tree *s1ap_tree = NULL;

/* make entry in the Protocol column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "S1AP");


/* create the s1ap protocol tree */
s1ap_item = proto_tree_add_protocol_format(tree, proto_s1ap, tvb, 0, -1,"S1 Application Protocol-Dev, Event-Message:%s ,Result:%s, Cause:%s ",val_to_str_ext(ProcedureCode, &s1ap_ProcedureCode_vals_ext,
"unknown message"),val_to_str(S1AP_PDU,s1ap_S1AP_PDU_vals, "unknown"),val_to_str(Cause,s1ap_Cause_vals, "unknown"));
//s1ap_item = proto_tree_add_item(tree, proto_s1ap, tvb, 0, -1, ENC_NA);
s1ap_tree = proto_item_add_subtree(s1ap_item, ett_s1ap);


dissect_S1AP_PDU_PDU(tvb, pinfo, s1ap_tree, NULL);}

Screen-Shot link: http://postimg.org/image/56t7fkuxv/

alt text

Regards, Ankur

asked 06 May ‘14, 04:22

ankur92's gravatar image

ankur92
31227
accept rate: 0%

edited 06 May ‘14, 04:47

One Answer:

2

Your code cannot work as you try to use globals that have not been populated with the current dissection yet (dissect_S1AP_PDU_PDU() function has not been called). Instead they contain the data of the previous packet (as you saw). The right way to do it would be something like:

    /* create the s1ap protocol tree */
s1ap_item = proto_tree_add_item(tree, proto_s1ap, tvb, 0, -1, ENC_NA);
s1ap_tree = proto_item_add_subtree(s1ap_item, ett_s1ap);

dissect_S1AP_PDU_PDU(tvb, pinfo, s1ap_tree, NULL);
proto_item_append_text(s1ap_item, ", Event-Message:%s ,Result:%s, Cause:%s ",val_to_str_ext(ProcedureCode, &s1ap_ProcedureCode_vals_ext,
"unknown message"),val_to_str(S1AP_PDU,s1ap_S1AP_PDU_vals, "unknown"),val_to_str(Cause,s1ap_Cause_vals, "unknown"));

answered 06 May ‘14, 06:38

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

Hi Pascal,

Thanks for the resolving the issue.

Now I face one more: I want to display the cause(in detail) for the failure of an event and also the possible way to resolve it. I want to store these info in a string corresponding to each and every S1AP failures separately.

For this I need to do one more thing of identifying the failure apart from unsucessfulOutcomes which are like “Attach Reject” so for this type of failure in the cause section of the previously stated code I would like to display the “EMM Cause” for this which is “IMSI unknown in HSS”.

So, can you assist me the way in which I can do it.

Regards, Ankur

(07 May ‘14, 02:54) ankur92

For the EMM Cause, something like this (untested) ? Can’t just paste the patch, so here is a description:

in de_emm_cause(), get the cause byte using tvb_get_guint8(tvb, curr_offset). Then do col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)", val_to_str_ext_const(cause, &nas_eps_emm_cause_values_ext, “Unknown”));

(07 May ‘14, 10:55) MartinM

@MartinM: Thanks for the help, it worked. But I want this info beside S1 Application Protocol tree like the one which I am getting using the below function in packet-s1ap.c

Also, is there any way to access the EMM cause parameter in the packet-s1ap.c file

proto_item_append_text(s1ap_item, “, Event-Message:%s ,Result:%s, Cause:%s “,val_to_str_ext(ProcedureCode, &s1ap_ProcedureCode_vals_ext, “unknown message”),val_to_str(S1AP_PDU,s1ap_S1AP_PDU_vals, “unknown”),val_to_str(Cause,s1ap_Cause_vals, “unknown”));

(12 May ‘14, 23:21) ankur92