Hi,
I find some definitions in NAS-5GS protol strange - such as:
NAS protocol spec (3GPP TS 24.501 V15.1.0 (2018-09)) defines the lengths of some parameters as follows:
AMF Region ID = 8 bits
AMF Set ID = 10 bits
AMF Pointer = 6 bits
However Wireshark code defines these as follows in "epan\dissectors\packet-nas_5gs.c":
{ &hf_nas_5gs_amf_region_id,
{ "AMF Region ID", "nas_5gs.amf_region_id",
FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }
},
{ &hf_nas_5gs_amf_set_id,
{ "AMF Set ID", "nas_5gs.amf_set_id",
FT_UINT8, BASE_DEC, NULL, 0xf0,
NULL, HFILL }
},
{ &hf_nas_5gs_amf_pointer,
{ "AMF Pointer", "nas_5gs.amf_pointer",
FT_UINT8, BASE_DEC, NULL, 0x0f,
NULL, HFILL }
So,
AMF Region ID is defined as 16 bits as opposed to 8 bits definition in the spec.
AMF Set ID is defined as 8 bits as opposed to 10 bits definition in the spec.
AMF Pointer is defined as 8 bits as opposed to 6 bits definition in the spec.
And furthermore, when I analyze these parameters in NAS-5GS messages, Wireshark decodes them as in following lengths:
AMF Region ID - 16 bits
AMF Set ID - 4 bits
AMF Pointer - 4 bits
Why is this discrepancy? Anybody else has seen this?
PS. I am using today's latest "wireshark-2.9.0rc0-2526-g9ea94e29.tar"
