Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 3642] New: Analyze->Decode as... menu item becomes unavail

Date: Wed, 1 Jul 2009 10:47:01 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3642

           Summary: Analyze->Decode as... menu item becomes unavailable
           Product: Wireshark
           Version: 1.3.x (Experimental)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Critical
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: artem.tamazov@xxxxxxxxxxx


Build Information:
TShark 1.3.0-tlab-pwe3-atm (SVN Rev unknown)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.20.3, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with c-ares
1.6.0,
without Lua, without Python, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4.

Built using Microsoft Visual C++ 7.10 build 3077
--
Analyze->Decode as... menu item becomes unavailable is some situations.

When Ethernet/MPLS/Ethernet-PW encapsulated frames are being decoded,
pinfo->ethertype is first extracted from the top-level Ethernet frame. 
Dissection of Ethernet PW payload overwrites this value as the 
same dissector is invoked again.

This may lead to undesired behavior. Example of such behavior is 
disappearance of "Link" tab from the "Decode as" menu 
if ethertype in the PW is 0x0000 (due to some problem in PW payload).

Then, due to missing check in decode_as_dlg.c::decode_as_ok(), 
Wireshark decides that there is no tabs to display in the "Decode as" 
window and then makes it unavailable to open.

In effect, it is impossible to manually select dissector for 
MPLS payload for certain packets.

Important note: 
It looks that more pinfo members (or the whole pinfo,
or even more data from context... I do not know) should be saved/restored 
in PW cases. For example, multilayer encapsulations, like 
ethernet/mpls/ethernet-pw/ip/vlan/mpls..., 
may lead to undesired changes if pinfo->ipproto, ptype, mpls_label 
and so on.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.