Wireshark mailing list archives

Re: 300 multiple choices dissection

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Wed, 11 Sep 2013 08:42:33 +0200

2013/9/11 Manolis Katsidoniotis <manoska () gmail com>

Hello folks

I have the following message traced from wireshark in which the contact
header is dissected as in the attachment.

SIP/2.0 300 Multiple Choices
Contact: <
sip:1190000107 () sr icst com?P-Asserted-Identity=sip:+11900000107%40sr.icst.com

;q=1,<

sip:555555555 () sr icst com?P-Asserted-Identity=sip:+155555555%40sr.icst.com

;q=2

Call-ID: 00000062-00000F4C-0016D9BD-7@2001:1234:5678:2807::77
CSeq: 1 INVITE
From: <sip:+11100000066 () icst com>;tag=3916.1497565.14
To: <sip:911 () icst com>;tag=1828.607964187.596
Via: SIP/2.0/UDP icsthp1fee11.icst.com:6088
;branch=z9hG4bK27dc2296bb70;received=10.52.228.69
Via: SIP/2.0/TCP icsthp1fee11.icst.com:6088
;branch=z9hG4bKd0e74ba700a5;received=10.52.228.69
Via: SIP/2.0/TCP 10.52.228.69:5090
;branch=z9hG4bK0c9ce7d6538136bd5d98293223a2929e;lskpmc=SCF
Via: SIP/2.0/TCP [2001:1234:5678:2807::77];branch=z9hG4bK1497565.3916.28
Content-Length: 0

It looks like the dissector uses “;” as the key divider
whereas in this specific case (for the contact field)
I am under the impression that
the main delimiter should be the comma “,” (and then ";")
as per the example in rfc3261 §20.10 (
http://tools.ietf.org/html/rfc3261#section-20.10)

In other words
I believe a more (elegant?) dissection might be like the below
(using the order of preference and perhaps taking the potential "expires"
into account as well?)

- Contact: <
sip:1190000107 () sr icst com?P-Asserted-Identity=sip:+11900000107%40sr.icst.com

;q=1,<

sip:555555555 () sr icst com?P-Asserted-Identity=sip:+155555555%40sr.icst.com

;q=2


  - Contact: <
sip:555555555 () sr icst com?P-Asserted-Identity=sip:+155555555%40sr.icst.com

;q=2


    - Contact URI:
sip:555555555 () sr icst com?P-Asserted-Identity=sip:+155555555%40sr.icst.com

      - Contact URI User part: 555555555

      - Contact URI Host part: sr.icst.com

      - Contact URI Order of preference: 2

  - Contact <
sip:1190000107 () sr icst com?P-Asserted-Identity=sip:+11900000107%40sr.icst.com

;q=1


    - Contact URI:
sip:1190000107 () sr icst com?P-Asserted-Identity=sip:+11900000107%40sr.icst.com

      - Contact URI User part: 1190000107

      - Contact URI Host part: sr.icst.com

      - Contact URI Order of preference: 1

any comments?

Thanks
Manolis


Hi Manolis,

the issue you describe seems rather similar to bug 9031:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9031
Could you give a try to the newly released 1.10.2 version? The dissection
should look a bit better.

Regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

300 multiple choices dissection Manolis Katsidoniotis (Sep 10)
- Re: 300 multiple choices dissection Pascal Quantin (Sep 10)