Wireshark-bugs: [Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN
Date: Fri, 21 Jan 2011 13:51:17 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943

Chris Maynard <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |

--- Comment #9 from Chris Maynard <[email protected]> 2011-01-21 13:51:16 PST ---
(In reply to comment #7)
> Uh, actually, the (private) packet-capture attached does not decode correctly
> unless SVN #30814 is reverted. That is the current Wireshark shows the frame as
> "malformed".  In the capture the L includes the length of the T plus the length
> of the L plus the length of the V.

Right, my mistake.  The original implementation assumed the L included TL.  But
from what I've read, that looks wrong and the change in 30814 looks correct. 
For the benefit of others, here's the change:

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ismp.c?r1=28959&r2=30814

Bill, you indicated in comment 0:
> I noticed that ISMP.EDP "Tuples" were not being properly dissected for a 
> capture file I came across.

You (or anyone else) don't happen to have other capture files to compare
against, do you?  I don't have access to private files, but it sure sounds like
those TLV's are improperly coded to me.  That said, I guess I can't be 100%
certain, so maybe I closed the bug a little too prematurely.  I'll reopen it
and leave it to you to close it when you think it's appropriate.

Perhaps contacting the original author would help resolve this with even more
certainty one way or the other?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.