Wireshark-bugs: [Wireshark-bugs] [Bug 6305] New: Dissection fails for frames with Gigamon Header

Date: Fri, 2 Sep 2011 11:06:28 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6305

           Summary: Dissection fails for frames with Gigamon Header and
                    VLAN
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: sdahiya@xxxxxxxxx


Build Information:
wireshark 1.7.0 (SVN Rev 38849 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.4, with Cairo 1.10.2, with Pango 1.28.4, with
GLib 2.28.6, with libpcap 1.1.1, with libz 1.2.3.4, without POSIX capabilities,
with threads support, without SMI, without c-ares, without ADNS, without Lua,
without Python, without GnuTLS, without Gcrypt, without Kerberos, without
GeoIP,
without PortAudio, without AirPcap.

Running on Linux 2.6.38-11-generic-pae, with locale en_US.UTF-8, with libpcap
version 1.1.1, with libz 1.2.3.4.

Built using gcc 4.5.2.
--
Whenever frames with Gigamon header and VLAN are received, dissection fails for
all data bytes beyond the Gigamon header. VLAN and all bytes beyond that
displayed as 'data' bytes.
This seems to be a generic problem with any frame where there is any header
between the Ethernet & the VLAN headers. Dissection will fail for all such
frames.
This used to work in Wireshark versions 1.4.x but seems to have been broken in
versions 1.6.x after the VLAN dissector was pulled into Ethernet (bug #2254).
As fix I added parsing for 802.1q VLAN into the Gigamon gmhdr dissector and
display it as a "Generic Field".
(Attached screenshots for working dissector in 1.4.x, failed dissector in 1.7.x
& working dissector after patch. Also attached is the sample pcap file used for
testing and patch.)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.