SIP protocol: P-Called-Party-ID header mixed up with P-Charge-Info header
Summary
SIP headers P-Called-Party-ID and P-Charge-Info are mixed up during parsing.
Steps to reproduce
Find a sip packet with P-Called-Party-ID header.
Run:
1, tshark -r <pcap> -I -n -T json |grep P-Called-Party-ID
2, tshark -r <pcap> -I -n -T json |grep P-Charge-Info
Expected output:
1,
- sip.msg_hdr and raw_sip.line entries contain "P-Called-Party-ID" header
- no sip.P-Called-Party-ID entry
2,
- sip.msg_hdr and raw_sip.line entries NOT contain "P-Charge-Info" header
- sip.P-Charge-Info entry exists with the content of P-Called-Party-ID
What is the current bug behavior?
tshark provides wrong output.
Display filter does not find the P-Called-Party-ID headers
What is the expected correct behavior?
tshark should produce json output with P-Called-Party-ID
Sample capture file
(If possible attach a sample capture file showing this issue)
Relevant logs and/or screenshots
The issue is in epan/dissectors/packet-sip.c
Current version:
{ "P-Associated-URI", NULL }, /* 47 RFC3455 */
#define POS_P_ASSOCIATED_URI 47
{ "P-Called-Party-ID", NULL }, /* 49 RFC3455 */
#define POS_P_CHARGE_INFO 48
{ "P-Charge-Info", NULL }, /* 48 RFC8496 */
#define POS_P_CALLED_PARTY_ID 49
{ "P-Charging-Function-Addresses", NULL }, /* 50 RFC3455 */
#define POS_P_CHARGING_FUNC_ADDRESSES 50
As you can see, entries and defines of 48 and 49 are mixed up.
Should be like this (one possible way(:
{ "P-Associated-URI", NULL }, /* 47 RFC3455 */
#define POS_P_ASSOCIATED_URI 47
{ "P-Called-Party-ID", NULL }, /* 48 RFC3455 */
#define POS_P_CALLED_PARTY_ID 48
{ "P-Charge-Info", NULL }, /* 49 RFC8496 */
#define POS_P_CHARGE_INFO 49
{ "P-Charging-Function-Addresses", NULL }, /* 50 RFC3455 */
#define POS_P_CHARGING_FUNC_ADDRESSES 50
Build information
TShark (Wireshark) 3.4.3 (Git commit 6ae6cd335aa9)
Copyright 1998-2021 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
GLib 2.56.1, with zlib 1.2.7, without SMI, with c-ares 1.16.1, without Lua,
without GnuTLS, with Gcrypt 1.5.3, with MIT Kerberos, without MaxMind DB
resolver, without nghttp2, without brotli, with LZ4, without Zstandard, with
Snappy, with libxml2 2.9.1.
Running on Linux 4.15.0-135-generic, with Intel(R) Core(TM) i7-8650U CPU @
1.90GHz (with SSE4.2), with 32013 MB of physical memory, with locale C, with
libpcap version 1.5.3, with Gcrypt 1.5.3, with zlib 1.2.7, binary plugins
supported (0 loaded).
Built using gcc 8.3.1 20190311 (Red Hat 8.3.1-3).