It looks like if no protocol version is defined this function will fail to correctly process the rest of the bytes

I’m not sure that field is mandatory or optional, as it’s been so long since I worked on that implementation. Could you show the document to refer for that?

@wmnsk
I will try and find some time to dig through the spec, I was just basing this off a bunch of pcap's I was playing with trying to see how stable this was for parsing bytes off the wire.

Thanks

OK I’ll check but give me some time to find it.

No problem, I haven't had time to even pull up the spec files.

If you let me know which ones you used to write this I don't mind poking around as it seems like there might be something similar going on in ParseDialogue because i am seeing panic: runtime error: slice bounds out of range [143:109] after successfully decoding the ObjectIdentifier on a dialogueRequest

The documents I refer are ITU-T's Q.771 - Q.775. I think it's described in Q.773, which defines the format of messages.
By the way, I saw some samples that have no Protocol Version field. So, I'll fix the codes to check the presence of fields and accepts them even if some are absent, as I make it as kind to real-world users as possible.

I might have misunderstood your case... I did not see any packets without Protocol Version, and I can't make it work without it easily. It'd be very helpful if you could provide the exact PCAP that caused the issue. Could you help with that?

@wmnsk

I will see what i can do to grab a clean one , But here are a couple screen shots of a pcap i have open right now.

The problem with decoding Continue with ParseBER might have been fixed in the latest code. Could you give it a try? For the protocol version, give me some more time for investigation.
It seems you have PCAPs with confidential information. I think copying the payload as a hex dump and masking fields with dummy values (like 11, ff, etc.) and pasting it here works. Make sure not to change the length of any value in that case.

@wmnsk I just tried the latest version and it seems like it still fails to parse it correctly

([]*tcap.TCAP) (len=5 cap=5) {
 (*tcap.TCAP)(0xc0004941e0)({Transaction: {Type: 0x65, Length: 129, OrigTransactionID: <nil>, DestTransactionID: <nil>, PAbortCause: <nil>, Payload: }, Dialogue: <nil>, Components: <nil>}),
 (*tcap.TCAP)(0xc000494200)({Transaction: {Type: 0x64, Length: 0, OrigTransactionID: <nil>, DestTransactionID: <nil>, PAbortCause: <nil>, Payload: }, Dialogue: <nil>, Components: <nil>}),
 (*tcap.TCAP)(0xc000494220)({Transaction: {Type: 0x83, Length: 2, OrigTransactionID: <nil>, DestTransactionID: <nil>, PAbortCause: <nil>, Payload: }, Dialogue: <nil>, Components: <nil>}),
 (*tcap.TCAP)(0xc000494240)({Transaction: {Type: 0x30, Length: 49, OrigTransactionID: <nil>, DestTransactionID: <nil>, PAbortCause: <nil>, Payload: }, Dialogue: <nil>, Components: <nil>}),
 (*tcap.TCAP)(0xc000494260)({Transaction: {Type: 0x98, Length: 1, OrigTransactionID: <nil>, DestTransactionID: <nil>, PAbortCause: <nil>, Payload: }, Dialogue: <nil>, Components: <nil>})
}

as for the pcap you are on the money about private info, I was thinking about a hex dump with a mask. I will find time today or tomorrow morning to do that. Sorry it's taking me a bit

@wmnsk

This should work for a hex dump, most things should be setup with dummy values where they matter (except the sizes). This is the tcap portion of the packet so it should just be able to get pushed through parseBER.

Just let me know when you grab it so i can wipe it. Thanks

@wmnsk I'm guessing I pulled it off there before you grabbed it, I'll out it back today. I just didn't like the idea of leaving it up even if it did have altered hex values .

I think I can find it in my email box, but unfortunately I don’t have time to work on this project these days. Give me some more time.