tcpdump icon indicating copy to clipboard operation
tcpdump copied to clipboard

Published 20 hours ago verified publisher icon the-tcpdump-group

GeoNetworking module is outdated

Open banks23 opened this issue 3 years ago • 8 comments

The ETSI specifications defining the GeoNetworking (and higher layer) protocols have moved on significantly from the version supported within the print-geonet.c module. The GeoNetworking version 0 protocol is obsolete, all GeoNetworking messages should be signed (requiring 1609.2 header elements), the GeoNetworking packet types have format changes, also the messages types used in the BTP body have changed significantly.

Support for the older version could be maintained, but in my opinion is not necessary as those early versions are no longer used in any situation in my experience.

Updating the GeoNetworking dissector is straight-forward enough (I have some changes ready) but updating all the tests, specifically the PCAP files is a bit more tricky - obviously the existing test PCAPs are not necessary if the older (obsolete) protocol support is removed, newer test data can be provided. But I wondered what the tcpdump 'philosophy' is for PCAP test data?

Thanks, Matt

banks23 avatar Jul 01 '22 08:07 banks23

I think it's better to keep the code for version 0, because there are pcap(ng) files with this version in the wild. You don't have to update the current pcap files. They use GeoNetworking version 0 or are the result of fuzzing. (I have renamed one test and associated pcap file to specify the version) You will add new pcap files/tests for the new version.

fxlb avatar Sep 04 '22 18:09 fxlb

You could update geonet_print() with a test based on the version or if the code for the new version is very different you could update geonet_print() to call geonet_v0_print() or geonet_vX_print() based on the version. If there are common dissection codes for old and new version, put these common codes in some new "helper" functions.

fxlb avatar Sep 04 '22 19:09 fxlb

Nobody is going to work on adding the newer protocol versions anytime soon, correct?

infrastation avatar Jan 08 '23 14:01 infrastation

I will look at adding the ETSI GeoNet v1 support (ETSI EN 302 636-4-1) but at the moment I haven't been able to create all the suitable test vectors (PCAPs).

Regarding the versions, there is actually also a v0 of the ETSI EN 302 636-4-1 protocol which is different from the current tcpdump dissector. I think the current dissector is based on a preliminary ETSI technical spec, but at standardisation (in EN spec) the GeoNet formats were changed. This standardisation was in 2013, so tcpdump has been wrong for a while. The more correct approach would be support v0 and v1 of ETSI EN 302 636-4-1 (i.e. ditch the current dissector implementation) but being pragmatic it's probably best just to add v1 according to the latest ETSI standards

banks23 avatar Jan 12 '23 23:01 banks23

Thank you for these comments. To what extent do you feel you could reduce that problem? The decoder is small and the standard seems to be public, but GeoNet traffic seems to be a rarity.

infrastation avatar Jan 13 '23 00:01 infrastation

It has been a year.

infrastation avatar Jan 26 '24 13:01 infrastation