http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1166
Summary: Missing part of BACnet decoder (with solution)
Product: Wireshark
Version: 0.99.3
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: mikeg@xxxxxxxx
Build Information:
Version 0.99.3a
Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.8.20, with GLib 2.10.2, with libpcap 0.9.4,
with libz 1.2.3, with libpcre 6.3, with Net-SNMP 5.3, without ADNS, without
Lua.
Running with libpcap version 0.9.4 on Linux 2.6.17-1.2187_FC5.
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
When decoding an i-could-be-router-to-network message, the decoder skips over
checking for the actual network and goes right to reading the performance.
I think adding the following lines into packet-bacnet.c, line 370, should fix
it:
---
if (bacnet_mesgtyp == BAC_NET_ICB_R) { // NOTE- this line for reference only
proto_tree_add_uint(bacnet_tree, hf_bacnet_snet, // new line 1
tvb, offset, 2, tvb_get_ntohs(tvb, offset)); // new line 2
offset += 2; // new line 3
---
This may not be exactly right, I copied it from an example further up in
the code, but it's probably pretty close. This is the first time I've looked
at the Wireshark code (but probably not the last!).
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.