NAS-5GS wrong length definitions?

asked 2018-11-14 13:25:52 +0000

Ertan

1 ●1 ●2

updated 2018-11-14 13:26:06 +0000

Hi,

I find some definitions in NAS-5GS protol strange - such as:

NAS protocol spec (3GPP TS 24.501 V15.1.0 (2018-09)) defines the lengths of some parameters as follows:

AMF Region ID = 8 bits

AMF Set ID = 10 bits

AMF Pointer = 6 bits

However Wireshark code defines these as follows in "epan\dissectors\packet-nas_5gs.c":

    { &hf_nas_5gs_amf_region_id,
    { "AMF Region ID",   "nas_5gs.amf_region_id",
        FT_UINT16, BASE_DEC, NULL, 0x0,
        NULL, HFILL }
    },
    { &hf_nas_5gs_amf_set_id,
    { "AMF Set ID",   "nas_5gs.amf_set_id",
        FT_UINT8, BASE_DEC, NULL, 0xf0,
        NULL, HFILL }
    },
    { &hf_nas_5gs_amf_pointer,
    { "AMF Pointer",   "nas_5gs.amf_pointer",
        FT_UINT8, BASE_DEC, NULL, 0x0f,
        NULL, HFILL }

So,

AMF Region ID is defined as 16 bits as opposed to 8 bits definition in the spec.

AMF Set ID is defined as 8 bits as opposed to 10 bits definition in the spec.

AMF Pointer is defined as 8 bits as opposed to 6 bits definition in the spec.

And furthermore, when I analyze these parameters in NAS-5GS messages, Wireshark decodes them as in following lengths:

AMF Region ID - 16 bits

AMF Set ID - 4 bits

AMF Pointer - 4 bits

Why is this discrepancy? Anybody else has seen this?

PS. I am using today's latest "wireshark-2.9.0rc0-2526-g9ea94e29.tar"

edit retag flag offensive close merge delete

add a comment

Comments

Thank you, Anders. Yes, indeed I checked and I saw that the current definitions of these fields in Wireshark are in line with the definitions in 3GPP TS 24.501 V15.0.0 (2018-06). Kind Regards.

Ertan ( 2018-11-15 06:04:21 +0000 )edit

You can try the latest development release.

Anders ( 2018-11-15 06:16:02 +0000 )edit

Wow! That was fast! I tried again with the current latest "Wireshark-win64-2.9.0-2539-g99c4e96b" now and it decodes the above mentioned parameters as per 3GPP TS 24.501 V15.1.0 (2018-09). Thank you.

Ertan ( 2018-11-15 06:46:07 +0000 )edit

Hi Anders,

One more small correction that may be needed is with AMF Set ID. As you mentioned this was constructed rather strangely in "3GPP TS 24.501 V15.1.0" with the last two bits added after the 6-bit AMF Pointer. This causes another misinterpretation by Wireshark as follows:

When I set AMF Set ID as "0101 0101 01" I see Wireshark decodes this as follows:

0101 0101 .... ..01 = AMF Set ID: 21761

However here the decimal equivalent of this example should be 341 not 21761. I guess the current Wireshark decoding code replaces the 6-bit AMF Pointer with 0's which makes AMF Set ID equivalent to "0101 0101 0000 0001" (21761).

I tried this with current latest load: Wireshark-win64-2.9.0-2582-g9aa29213.

I guess this needs corrected as well.

Regards,

Ertan ( 2018-11-19 07:35:06 +0000 )edit

Patches welcome :-; or raise an enhancement bug request.

Anders ( 2018-11-19 12:54:45 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

NAS-5GS wrong length definitions?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

NAS-5GS wrong length definitions? edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

NAS-5GS wrong length definitions?