https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4993
Summary: QUERY_FS_INFO for Macintosh level 0x301 -
MacSupportFlags decodes wrong
Product: Wireshark
Version: 1.3.x (Experimental)
Platform: x86
OS/Version: Mac OS X 10.6
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: nelson@xxxxxxxxxxx
Created an attachment (id=4894)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4894)
pcap containing a query fs info mac level 0x301
Build Information:
Version 1.2.3 (SVN Rev 30730)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.10, with GLib 2.16.6, with libpcap 1.0.0, with libz
1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.8, with
c-ares
1.5.3, with Lua 5.1, with GnuTLS 2.6.2, with Gcrypt 1.4.3, with MIT Kerberos,
without GeoIP, with PortAudio V19-devel (built Nov 14 2008), without AirPcap.
Running on Darwin 10.4.0 (MacOS 10.6.4), with libpcap version 1.0.0, GnuTLS
2.6.2, Gcrypt 1.4.3.
Built using gcc 4.0.1 (Apple Inc. build 5488).
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
The MacSupportFlags are being decoded improperly. This may have to do with
big/little endian decoding. All the numeric fields in this structure are
little endian. Refer to the SNIA CIFS Reference.
The note in the spec about big endian only applies to the Finder Info field,
and not to other items in the structure.
The attached trace should indicate Macintosh and Streams extensions NOT
supported (0x100).
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
