| Bug ID |
9262
|
| Summary |
PTP Dissector Wrongfully Reports Malformed Packet
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.10.2
|
| Hardware |
All
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
--
Hi. I have come across a bug in the Wireshark dissector for PTP.
The problem I have seen is that the dissector claims that PTP Management
Messages are malformed when they are actually correct. I have personally
verified that this happens with Wireshark 1.10.1 and 1.10.2.
I recently downloaded the source tar ball for 1.10.1. I have identified the
problem. It is in packet-ptp.c (wireshark/epan/dissectors/).
The problem is on line 3030:
managementData_ti = proto_tree_add_item(ptp_tree, hf_ptp_v2_mm_data, tvb,
Offset, tlv_length, ENC_NA);
Here, "Offset" is the offset for where the data field is. The "tlv_length" is
the value pulled out of the TLV Length field from the packet. However,
according to the IEEE 1588-2008 standard, the value of the TLV Length field is
(2 + N) where the '2' bytes is the length of the following "managementId" field
and 'N' is the length of the TLV data payload. This means that the length of
the data field should be (TLV Length – 2). The following code change will
resolve the problem:
managementData_ti = proto_tree_add_item(ptp_tree, hf_ptp_v2_mm_data, tvb,
Offset, tlv_length - 2, ENC_NA);
I have tested this change in my lab and verified that it resolves the problem.
Messages are being decoded properly down into the TLV data field now, and no
malformed packet error is displayed.
Thanks.
--Todd Newton
Senior Research Engineer
Southwest Research Institute
You are receiving this mail because:
- You are watching all bug changes.