NAS-5GS wrong length definitions?

5G
nas
retag add tags

Hi,

I find some definitions in NAS-5GS protol strange - such as:

NAS protocol spec (3GPP TS 24.501 V15.1.0 (2018-09)) defines the lengths of some parameters as follows:

AMF Region ID = 8 bits

AMF Set ID = 10 bits

AMF Pointer = 6 bits

However Wireshark code defines these as follows in "epan\dissectors\packet-nas_5gs.c":

    { &hf_nas_5gs_amf_region_id,
    { "AMF Region ID",   "nas_5gs.amf_region_id",
        FT_UINT16, BASE_DEC, NULL, 0x0,
        NULL, HFILL }
    },
    { &hf_nas_5gs_amf_set_id,
    { "AMF Set ID",   "nas_5gs.amf_set_id",
        FT_UINT8, BASE_DEC, NULL, 0xf0,
        NULL, HFILL }
    },
    { &hf_nas_5gs_amf_pointer,
    { "AMF Pointer",   "nas_5gs.amf_pointer",
        FT_UINT8, BASE_DEC, NULL, 0x0f,
        NULL, HFILL }

So,

AMF Region ID is defined as 16 bits as opposed to 8 bits definition in the spec.

AMF Set ID is defined as 8 bits as opposed to 10 bits definition in the spec.

AMF Pointer is defined as 8 bits as opposed to 6 bits definition in the spec.

And furthermore, when I analyze these parameters in NAS-5GS messages, Wireshark decodes them as in following lengths:

AMF Region ID - 16 bits

AMF Set ID - 4 bits

AMF Pointer - 4 bits

Why is this discrepancy? Anybody else has seen this?

PS. I am using today's latest "wireshark-2.9.0rc0-2526-g9ea94e29.tar"

Ertan

asked 2018-11-14 13:25:52 +0000, updated 2018-11-14 13:26:06 +0000

edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

Sort by

oldest

newest

most voted

That's because this element has not been updated to V15.1.0 yet. The specification of AMF Set ID seems a bit badly specifed with the full 0ctet(8) and dthe lower 2 bits of octet 9 wonder if that's intentional it would make more sense to have the upper 2 bits in octet 9....

Anders

answered 2018-11-14 14:32:26 +0000

edit flag offensive 0 remove flag delete link

Comments

Thank you, Anders. Yes, indeed I checked and I saw that the current definitions of these fields in Wireshark are in line with the definitions in 3GPP TS 24.501 V15.0.0 (2018-06). Kind Regards.

Ertan (2018-11-15 06:04:21 +0000) edit

You can try the latest development release.

Anders (2018-11-15 06:16:02 +0000) edit

Wow! That was fast! I tried again with the current latest "Wireshark-win64-2.9.0-2539-g99c4e96b" now and it decodes the above mentioned parameters as per 3GPP TS 24.501 V15.1.0 (2018-09). Thank you.

Ertan (2018-11-15 06:46:07 +0000) edit

Hi Anders,

One more small correction that may be needed is with AMF Set ID. As you mentioned this was constructed rather strangely in "3GPP TS 24.501 V15.1.0" with the last two bits added after the 6-bit AMF Pointer. This causes another misinterpretation by Wireshark as follows:

When I set AMF Set ID as "0101 0101 01" I see Wireshark decodes this as follows:

0101 0101 .... ..01 = AMF Set ID: 21761

However here the decimal equivalent of this example should be 341 not 21761. I guess the current Wireshark decoding code replaces the 6-bit AMF Pointer with 0's which makes AMF Set ID equivalent to "0101 0101 0000 0001" (21761).

I tried this with current latest load: Wireshark-win64-2.9.0-2582-g9aa29213.

I guess this needs corrected as well.

Regards,

Ertan (2018-11-19 07:35:06 +0000) edit

Patches welcome :-; or raise an enhancement bug request.

Anders (2018-11-19 12:54:45 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer

NAS-5GS wrong length definitions? edit

Comments

1 Answer

Comments