Wireshark · Ethereal-dev: [Ethereal-dev] [PATCH] BACnet BVLC bug#855

Ethereal-dev: [Ethereal-dev] [PATCH] BACnet BVLC bug#855

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Steve Karg <skarg@xxxxxxxxxxxxxxxxxxxxx>

Date: Sat, 15 Apr 2006 21:02:59 -0400

Hello Developers,

Regarding bug:
http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=855

The BACnet BVLC decoding assumed that it was the only protocol using UDPport 0xBAC0, and the example message arrived on that port.

A valid BACnet BVLC should also have a valid type byte (0x81) and avalid function byte (0x00 - 0x0B).

The example message had the BVLC type byte of 0x04, which indicates thatit is not a BACnet BVLC message.

The example message had a function byte of 0x00 which falls in the rangeof valid BVLC function bytes.

In the attached patch, I added a check for the BVLC type at the verybeginning of the dissection, so now it dissects the payload as data ifthe BVLC type is invalid. It also does not set the COL or INFO if theBVLC type is invalid, so the invalid message shows UDP andsource/destination port in Info.

Is there a way to dump the message back into the dissection queue if thetype and function of the BVLC fails, or is just dissecting the payloadas data the best we can do in this case?


Best Regards,

Steve

Attachment: bvlc.patch.gz
Description: GNU Zip compressed data

Follow-Ups:
- Re: [Ethereal-dev] [PATCH] BACnet BVLC bug#855
  - From: Jaap Keuter

Prev by Date: [Ethereal-dev] Re: BACnet packet-bacapp corrections
Next by Date: [Ethereal-dev] Re: Assistance with BACNet bugs?
Previous by thread: Re: [Ethereal-dev] Re: BACnet packet-bacapp corrections
Next by thread: Re: [Ethereal-dev] [PATCH] BACnet BVLC bug#855
Index(es):
- Date
- Thread