Wireshark 3.2 Some/IP Dissector Payload interpretation

asked 2020-02-15 14:42:08 +0000

Jannis94
1 ●1 ●1 ●2

updated 2020-02-15 15:56:27 +0000

Hello together,
I want to use the new integrated SOME/IP Dissector in Wireshark.
If I go to the Wireshark Settings for the SOME/IP Protocol I have plenty of possibilities to dissect my payload.
Setting up my UDP Ports, SOME/IP Services and SOME/IP Methods is not a problem and already working.
But I am stuck with payload dissection. I don't know how to correctly configure the SOME/IP Parameter and it seems to me, that this payload dissection is more for Fibex4 xml files than arxml files that we use.

Easy Payload example:

Service ID: 0xaaaa
Service Name: example
Method ID and name:
0x0c10 test1
0x0c20 test2
00 00 00 22 00 00 00 1e 20 00 00 00 00 01 00 01 01 00 02 01 00 03 01 00 04 01 00 05 01 00 06 01 20 07 00 00 00 1f

Analysis:

00 00 00 22    => 34 Bytes vector
00 00 00 1e    => Length of first struct is 30 Bytes
20 00             => 1. element: Wire Type:2(32bit) and TLV-Data ID: 0
00 00 00 01    => Property_a(key-value): 1 Type is enum
00 01             => 2. element: Wire Type:0(8bit) and TLV-Data ID: 1
01                 =>Property_b: 1 Type is boolean
00 02             => 3. element: Wire Type:0(8bit) and TLV-Data ID: 2
01                  =>Property_c: 1 Type is boolean
00 03             => 4. element: Wire Type:0(8bit) and TLV-Data ID: 3
01                  =>Property_d: 1 Type is boolean
00 04             => 5. element: Wire Type:0(8bit) and TLV-Data ID: 4
01                 =>Property_e: 1 Type is boolean
00 05             => 6. element: Wire Type:0(8bit) and TLV-Data ID: 5
01                 =>Property_f: 1 Type is boolean
00 06             => 7. element: Wire Type:0(8bit) and TLV-Data ID: 6
01                  =>Property_g: 1 Type is boolean
20 07             => 8. element: Wire Type:2(32bit) and TLV-Data ID: 7
00 00 00 1f    =>Property_h: 31 Type is enum

(I don't have enough points to upload a picture)

What I want now, is to see in Wireshark->message-someip->payload a structure like this:

struct 1:
  -property_a: value
  -property_b: value
  -property_c: value
  -etc.

Which SOME/IP Parameter do I have to configure?
I tried it with structs, enums and list, but I always get error messages that the payload can't be dissected. For instance what is the field ID Reference meaning in SOME/IP Parameter List?
I searched for a documentation but was not able to find one, maybe this dissector is to new.

Thanks in advance for helping me.
Jannis

edit retag flag offensive close merge delete

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2020-02-15 16:48:04 +0000

Jaap

13742 ●710 ●115

This site probably gives you the best information, it's by the dissectors author.

edit flag offensive delete link

Comments

Hello Jaap, thanks for your response, but I've already read his documentation.
If somebody want to test it, you can use Scapy for Windows like me.

This is my test configuration:

load_contrib("automotive.someip")
u = UDP(sport=30509, dport=30509)
i = IP(src="192.168.0.13", dst="192.168.0.10")
sip = SOMEIP()
sip.iface_ver = 1
sip.proto_ver = 1
sip.msg_type = "NOTIFICATION"
sip.retcode = "E_OK"
sip.srv_id = 0x1234
sip.method_id = 0x4210
sip.add_payload(‘\x00\x00\x00\x22\x00\x00\x00\x1e\x20\x00\x00\x00\x00\x01\x00\x01\x01\x00\x02\x01\x00\x03\x01\x00\x04\x01\x00\x05\x01\x00\x06\x01\x20\x07\x00\x00\x00\x1f‘)
p = i/u/sip
send(p)

I get the following error message in Wireshark, if I am trying to dissect the payload:

SOME/IP: Payload: item->data_type (0x0) unknown/not implemented yet! name: (NULL), id_ref: 0x0

I get ...(more)

Jannis94 ( 2020-02-16 12:48:12 +0000 )edit

Hello, I find the solution for this on my own. I had to define the SOME/IP Parameter base Type List accordingly.

SOME/IP parameter base Type List Example:

ID: 1
Name: UINT32
Data Type: uint32
Big Endian: 1
Bitlength base type: 32
Bitlength enc. type: 32

ID: 2
Name: ENUM
Data Type: uint32
Big Endian: 1
Bitlength base type: 32
Bitlength enc. type: 32

ID: 3
Name: BOOLEAN
Data Type: uint8
Big Endian: 1
Bitlength base type: 8
Bitlength enc. type: 8

ID: 4
Name: UINT12
Data Type: uint12
Big Endian: 1
Bitlength base type: 12
Bitlength enc. type: 12

ID: 5
Name: UINT3
Data Type: uint3
Big Endian: 1
Bitlength base type: 3
Bitlength enc. type: 3

ID: 6
Name: UINT1
Data Type: uint1
Big Endian: 1
Bitlength base type: 1
Bitlength enc. type: 1

SOME/IP Parameter List:

Service ID: 1234
Method ID: 4210
Version: 1
Message ...

(more)

Jannis94 ( 2020-02-24 09:18:04 +0000 )edit

Further information: (couldn't add this to my post before, because maximum comment size has been reached)

ID: 2
Struct Name: test1
Length of length Field: 32
Pad to: 0
Number of items: 3
Parameter Position: 2
Parameter Name: property_1
Parameter Type: 1
ID Reference: 1

Jannis94 ( 2020-02-24 09:35:39 +0000 )edit

it was enough for me to just read hint of 'parameter type' and everything became clear:

1 - base
2 - string 
3 - array

and so on

icegood1980 ( 2023-10-17 16:13:30 +0000 )edit

add a comment

answered 2023-06-02 12:01:05 +0000

liviuc
1

Hello, what's the difference between Parameter Type and ID Reference

edit flag offensive delete link

Comments

This should be a separate question

grahamb ( 2023-06-02 12:19:45 +0000 )edit

add a comment