Wireshark · Wireshark-dev: Re: [Wireshark-dev] HomePlug AV dissector issues

[Dario Lombardo <lomato@xxxxxxxxx>]

Hi John

You can submit a bug report and/or a patch yourself.

https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcContribute.html

On Fri, Oct 25, 2019 at 10:39 AM John Serock <jserock@xxxxxxxxxxx> wrote:

I noticed two issues with the dissection of HomePlug AV packets. I'm using Wireshark 2.4.16, but the issues also exist in 3.1.1. The following dissection example shows the two issues:

HomePlug AV protocol
    MAC Management Header
        .... ...1 = Version: 1.1 (1)
        Type: Get Network Informations Request (0x6038)
            .... ..00 = LSB: Request (0x0)
            .... .00. = MSB: STA - Central Coordinator (0x0)
        Fragmentation Info: 0x0000
            .... 0000 = Fragment count: 0
            0000 .... = Fragment index: 0
            Fragment Sequence number: 0

The first issue is that the MAC Management Header / Type / MSB should be "STA - STA (0x3)" instead of "STA - Central Coordinator (0x0)".

The second issue is that the MAC Management Header / Fragmentation Info / Fragment count should be the 4 most significant bits instead of the 4 least significant bits and the Fragment index should be the 4 least significant bits instead of the 4 most significant bits.

I believe the HOMEPLUG_AV_PUBLIC_FRAG_COUNT_MASK, HOMEPLUG_AV_PUBLIC_FRAG_INDEX_MASK, and HOMEPLUG_AV_MMTYPE_MSB_MASK should be changed to the values shown in the following git diff output:

diff --git a/epan/dissectors/packet-homeplug-av.c b/epan/dissectors/packet-homeplug-av.c
index b340ffa753..7faee0382d 100644
--- a/epan/dissectors/packet-homeplug-av.c
+++ b/epan/dissectors/packet-homeplug-av.c
@@ -814,8 +814,8 @@ static proto_tree *ti_vendor = 0;

 #define HOMEPLUG_AV_MMHDR_LEN                   3 /* MM version (1) + MM type (2) */

-#define HOMEPLUG_AV_PUBLIC_FRAG_COUNT_MASK  0x0F
-#define HOMEPLUG_AV_PUBLIC_FRAG_INDEX_MASK  0xF0
+#define HOMEPLUG_AV_PUBLIC_FRAG_COUNT_MASK  0xF0
+#define HOMEPLUG_AV_PUBLIC_FRAG_INDEX_MASK  0x0F

 /* MME Values */
 /* General MME Types */
@@ -1386,7 +1386,7 @@ static const value_string homeplug_av_mmtype_lsb_vals[] = {
 #define HOMEPLUG_AV_MMTYPE_MSB_MANUF      0x04
 #define HOMEPLUG_AV_MMTYPE_MSB_VENDOR     0x05
 #define HOMEPLUG_AV_MMTYPE_MSB_RSV        0x06
-#define HOMEPLUG_AV_MMTYPE_MSB_MASK       0x06
+#define HOMEPLUG_AV_MMTYPE_MSB_MASK       0xe0
 #define HOMEPLUG_AV_MMTYPE_MSB_SHIFT      (5)

 static const value_string homeplug_av_mmtype_msb_vals[] = {



Should I submit a bug report for this?

Thanks,

John


Wireshark 2.4.16 info:

Compiled (64-bit) with Qt 5.9.7, with libpcap, without POSIX capabilities, with
libnl 3, with GLib 2.54.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0,
with Lua 5.1.5, with GnuTLS 3.6.7, with Gcrypt 1.8.2, with MIT Kerberos, with
GeoIP, without nghttp2, without LZ4, without Snappy, without libxml2, with
QtMultimedia, without AirPcap, without SBC, without SpanDSP.

Running on Linux 4.12.14-lp151.28.20-default, with Intel(R) Core(TM)
i5-2520M CPU @ 2.50GHz (with SSE4.2), with 7848 MB of physical memory, with
locale en_US.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.6.7, with Gcrypt
1.8.2, with zlib 1.2.11.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

--

Naima is online.