Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5696] New: IEC61850 Sampled Values (sv) dissector issues

Date: Wed, 16 Feb 2011 04:57:11 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5696

           Summary: IEC61850 Sampled Values (sv) dissector issues
           Product: Wireshark
           Version: 1.4.2
          Platform: x86
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: kdjloca@xxxxxxxxx


Created an attachment (id=5943)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5943)
IEC61850 Sampled Values capture

Build Information:
Version 1.4.2 (SVN Rev 34959 from /trunk-1.4)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.16.6, with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Nov
18 2010), with AirPcap.

Running on 32-bit Windows Vista Service Pack 2, build 6002, with WinPcap
version
4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS
2.8.5, Gcrypt 1.4.5, without AirPcap,  from the PortableApps U3 device in drive
C:.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The "sv" dissector (IEC61850 Sampled Values) has a few problems.

1) It assumes that the sampled data in the ASDUs is based on the "PhsMeas1"
dataset, defined in the "Implementation Guideline for Digital Interface to
Instrument Transformers using IEC 61850-9-2" document. But this cannot be
derived from the data captured. Our software sends a different dataset, which
is now displayed incorrectly. The actual ASN.1 description states that the
sampled data is of type "OCTET STRING". Further analysis of these octets in a
generic way is not possible due to the way the protocol works.

2) The protocol payload length is not set correctly. Our hardware also captures
the Ethernet CRC32, which is incorrectly assumed to be part of the protocol
payload (starting a new SV PDU). The dissector should use the value of its
Length field (sv.length) instead to limit dissection.

A capture file is attached which shows both issues.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.