Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5510] New: CIGI 3.2/3.3 support broken

Date: Mon, 20 Dec 2010 19:44:36 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5510

           Summary: CIGI 3.2/3.3 support broken
           Product: Wireshark
           Version: 1.4.2
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: daulis0@xxxxxxxxx


Created an attachment (id=5646)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5646)
Correct support for CIGI 3.2/3.3

Build Information:
Version 1.5.0 (SVN Rev 35234 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.22.0, with GLib 2.26.0, with libpcap 1.1.1, with
libz 1.2.3.4, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.8.6, with
Gcrypt 1.4.5, without Kerberos, without GeoIP, without PortAudio, without
AirPcap.

Running on Linux 2.6.35-23-generic, with libpcap version 1.1.1, with libz
1.2.3.4, GnuTLS 2.8.6, Gcrypt 1.4.5.

Built using gcc 4.4.5.

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
CIGI 3.2 and 3.3 support is broken. CIGI 3.2 was broken, when CIGI 3.3 support
was added in 1.2.0.

There are 2 parts to the CIGI protocol. 1) Host to IG messages and 2) IG to
Host messages. Currently, Host to IG messages are parsed correctly, but IG to
Host messages show Malformed Packet (or may not even detect as CIGI at all)

Some of the protocol format is different between versions. The "Minor Version"
is used by the dissector to separate the differences, but this field is in a
different location in the IG Control Packet (Host to IG message) vs the Start
of Frame Packet (IG to Host message).

Attached patch to correct this, as well as a pcap file for CIGI 3.3 format.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.