I noticed two issues with the dissection of HomePlug AV packets. I'm using Wireshark 2.4.16, but the issues also exist in 3.1.1. The following dissection example shows the two issues:
HomePlug AV protocol
MAC Management Header
.... ...1 = Version: 1.1 (1)
Type: Get Network Informations Request (0x6038)
.... ..00 = LSB: Request (0x0)
.... .00. = MSB: STA - Central Coordinator (0x0)
Fragmentation Info: 0x0000
.... 0000 = Fragment count: 0
0000 .... = Fragment index: 0
Fragment Sequence number: 0
The first issue is that the MAC Management Header / Type / MSB should be "STA - STA (0x3)" instead of "STA - Central Coordinator (0x0)".
The second issue is that the MAC Management Header / Fragmentation Info / Fragment count should be the 4 most significant bits instead of the 4 least significant bits and the Fragment index should be the 4 least significant bits instead of the 4 most significant bits.
I believe the HOMEPLUG_AV_PUBLIC_FRAG_COUNT_MASK, HOMEPLUG_AV_PUBLIC_FRAG_INDEX_MASK, and HOMEPLUG_AV_MMTYPE_MSB_MASK should be changed to the values shown in the following git diff output:
diff --git a/epan/dissectors/packet-homeplug-av.c b/epan/dissectors/packet-homeplug-av.c
index b340ffa753..7faee0382d 100644
--- a/epan/dissectors/packet-homeplug-av.c
+++ b/epan/dissectors/packet-homeplug-av.c
@@ -814,8 +814,8 @@ static proto_tree *ti_vendor = 0;
#define HOMEPLUG_AV_MMHDR_LEN 3 /* MM version (1) + MM type (2) */
-#define HOMEPLUG_AV_PUBLIC_FRAG_COUNT_MASK 0x0F
-#define HOMEPLUG_AV_PUBLIC_FRAG_INDEX_MASK 0xF0
+#define HOMEPLUG_AV_PUBLIC_FRAG_COUNT_MASK 0xF0
+#define HOMEPLUG_AV_PUBLIC_FRAG_INDEX_MASK 0x0F
/* MME Values */
/* General MME Types */
@@ -1386,7 +1386,7 @@ static const value_string homeplug_av_mmtype_lsb_vals[] = {
#define HOMEPLUG_AV_MMTYPE_MSB_MANUF 0x04
#define HOMEPLUG_AV_MMTYPE_MSB_VENDOR 0x05
#define HOMEPLUG_AV_MMTYPE_MSB_RSV 0x06
-#define HOMEPLUG_AV_MMTYPE_MSB_MASK 0x06
+#define HOMEPLUG_AV_MMTYPE_MSB_MASK 0xe0
#define HOMEPLUG_AV_MMTYPE_MSB_SHIFT (5)
static const value_string homeplug_av_mmtype_msb_vals[] = {
Should I submit a bug report for this?
Thanks,
John
Wireshark 2.4.16 info:
Compiled (64-bit) with Qt 5.9.7, with libpcap, without POSIX capabilities, with
libnl 3, with GLib 2.54.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0,
with Lua 5.1.5, with GnuTLS 3.6.7, with Gcrypt 1.8.2, with MIT Kerberos, with
GeoIP, without nghttp2, without LZ4, without Snappy, without libxml2, with
QtMultimedia, without AirPcap, without SBC, without SpanDSP.
Running on Linux 4.12.14-lp151.28.20-default, with Intel(R) Core(TM)
i5-2520M CPU @ 2.50GHz (with SSE4.2), with 7848 MB of physical memory, with
locale en_US.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.6.7, with Gcrypt
1.8.2, with zlib 1.2.11.
