http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1633
Summary: Fibre Channel BLS ABTS frames cause message "malformed
packet"
Product: Wireshark
Version: 0.99.6
Platform: All
OS/Version: All
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: joe@xxxxxxxxxxxxxxxx
Build Information:
wireshark 0.99.6 (SVN Rev 21910)
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.8.3, with GLib 2.8.1, with libpcap 0.9.2, with libz 1.2.3,
with libpcre 6.2, without Net-SNMP, without ADNS, without Lua, with GnuTLS
1.2.5, with Gcrypt 1.2.1, without Kerberos, without PortAudio, without AirPcap.
Running on Linux 2.6.13-15.13-default, with libpcap version 0.9.2.
Built using gcc 4.0.2 20050901 (prerelease) (SUSE Linux).
--
The Fibre Channel dissector reports a bounds error on legitimate BLS ABTS
frames. This can be seen at frame 101 in the fcoe1.cap file in the sample
traces.
http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=fcoe1.cap
Here's the tshark output for that frame:
101 16.837356 FCoE_ed:01:00 -> FCoE_ed:00:00 ed.01.00 -> ed.00.00 0x1b
0xffff FC Basic Link Svc[Malformed Packet]
The error is thrown when the length is less than or equal to the header size,
and since ABTS has no payload, a length equal to the header size is normal.
Also, the BLS (basic link services) code isn't nicely printed, and neither is
the ABTS opcode. I'm also fixing a problem marked by a comment where the
F_CTL bit isn't being found correctly, although it was previously fetched
into a local variable.
With these fixes, frame 101 shows up correctly:
101 16.837356 fc:fc:fc:ed:01:00 -> fc:fc:fc:ed:00:00 ed.01.00 -> ed.00.00
0x1b 0xffff BLS ABTS
I've put the three fixes in the patch below.
Index: epan/dissectors/packet-fc.c
===================================================================
--- epan/dissectors/packet-fc.c (revision 21989)
+++ epan/dissectors/packet-fc.c (working copy)
@@ -192,6 +192,7 @@
const value_string fc_fc4_val[] = {
+ {FC_TYPE_BLS, "Basic Link Svc"},
{FC_TYPE_ELS, "Ext Link Svc"},
{FC_TYPE_LLCSNAP, "LLC_SNAP"},
{FC_TYPE_IP, "IP/FC"},
@@ -969,11 +970,10 @@
*/
is_lastframe_inseq = TRUE;
} else {
- /* XXX is this right? offset 20, shouldnt it be offset 9? */
- is_exchg_resp = ((tvb_get_guint8 (tvb, offset+20) & 0x80) == 0x80);
+ is_exchg_resp = (f_ctl & FC_FCTL_EXCHANGE_RESPONDER) != 0;
}
- if (tvb_reported_length (tvb) <= FC_HEADER_SIZE)
+ if (tvb_reported_length (tvb) < FC_HEADER_SIZE)
THROW(ReportedBoundsError);
frag_size = tvb_reported_length (tvb)-FC_HEADER_SIZE;
@@ -1124,9 +1124,15 @@
dissect_fc_ba_acc (next_tvb, pinfo, tree);
} else if ((fchdr.r_ctl & 0x0F) == FC_BLS_BARJT) {
dissect_fc_ba_rjt (next_tvb, pinfo, tree);
+ } else if ((fchdr.r_ctl & 0x0F) == FC_BLS_ABTS) {
+ if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "BLS");
+ }
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_set_str(pinfo->cinfo, COL_INFO, "ABTS");
+ }
}
}
-
tap_queue_packet(fc_tap, pinfo, &fchdr);
}
Index: epan/dissectors/packet-fc.h
===================================================================
--- epan/dissectors/packet-fc.h (revision 21989)
+++ epan/dissectors/packet-fc.h (working copy)
@@ -39,6 +39,7 @@
#define FC_TYPE_CMNSVC 0x0 /* Used in PRLI Svc Param Page */
/* TYPE definitions for Basic or Extended Link_Data */
+#define FC_TYPE_BLS 0x0
#define FC_TYPE_ELS 0x1
/* TYPE definitions for FC-4 */
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
