Created attachment 13405 [details]
Sample trace showing frame (frame 20) incorrectly tagged as SMC-R
Build Information:
Wireshark 1.99.2 (v1.99.2rc0-852-g7ed097c from master)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.8.8, with Pango 1.28.1, with
libpcap, without POSIX capabilities, without libnl, with libz 1.2.3, with GLib
2.28.8, without SMI, without c-ares, without ADNS, with Lua 5.1, with GnuTLS
2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP, without PortAudio,
with AirPcap.
Running on Linux 2.6.32-431.30.1.el6.x86_64, with locale en_US.utf8, with
libpcap version 1.4.0, with libz 1.2.3, with GnuTLS 2.8.5, with Gcrypt 1.4.5,
without AirPcap.
Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz (with SSE4.2)
Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-4).
--
A coding error in packet-smcr.c, dissect_smcr_tcp_heur() is calling
tvb_memeql() with a size of 1 byte, instead of 4 bytes. This error greatly
increases the chances of flagging a non-SMCR frame as SMCR.
In addition to the bug, a bit definition (Failover Indication) is missing from
the RBME Control.
Attaching a capture of the mis-identified frame. There is no capture for the
Failover. I noticed this in a code review.
The following patch addresses both issues:
--- packet-smcr.c.orig 2015-01-23 18:14:33.114341666 -0500
+++ packet-smcr.c 2015-01-23 21:29:59.628293591 -0500
@@ -260,6 +260,7 @@
static int hf_smcr_rmbe_ctrl_urgent_pending = -1;
static int hf_smcr_rmbe_ctrl_urgent_present = -1;
static int hf_smcr_rmbe_ctrl_cons_update_requested = -1;
+static int hf_smcr_rmbe_ctrl_failover_validation = -1;
static int hf_smcr_rmbe_ctrl_peer_conn_state_flags = -1;
static int hf_smcr_rmbe_ctrl_peer_sending_done = -1;
static int hf_smcr_rmbe_ctrl_peer_closed_conn = -1;
@@ -726,6 +727,8 @@
tvb, offset, FLAG_BYTE_LEN, ENC_BIG_ENDIAN);
proto_tree_add_item(rmbe_ctrl_rw_status_flag_tree,
hf_smcr_rmbe_ctrl_cons_update_requested,
tvb, offset, FLAG_BYTE_LEN, ENC_BIG_ENDIAN);
+ proto_tree_add_item(rmbe_ctrl_rw_status_flag_tree,
hf_smcr_rmbe_ctrl_failover_validation,
+ tvb, offset, FLAG_BYTE_LEN, ENC_BIG_ENDIAN);
offset += FLAG_BYTE_LEN;
rmbe_ctrl_peer_conn_state_flag_item =
proto_tree_add_item(tree, hf_smcr_rmbe_ctrl_peer_conn_state_flags,
tvb, offset, FLAG_BYTE_LEN, ENC_BIG_ENDIAN);
@@ -884,7 +887,7 @@
dissect_smcr_tcp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
void *data)
{
- if (tvb_memeql(tvb, CLC_MSG_BYTE_0, SMCR_CLC_ID, sizeof(SMCR_CLC_ID) !=
0)) return FALSE;
+ if (tvb_memeql(tvb, CLC_MSG_BYTE_0, SMCR_CLC_ID, sizeof(SMCR_CLC_ID) - 1)
!= 0) return FALSE;
dissect_smcr_tcp(tvb, pinfo, tree, data);
return TRUE;
}
@@ -1369,6 +1372,11 @@
"smcr.rmbe.ctrl.cons.update.requested",
FT_BOOLEAN, 8, NULL, 0x10, NULL, HFILL}},
+ { &hf_smcr_rmbe_ctrl_failover_validation, {
+ "Failover Validation Indicator",
+ "smcr.rmbe.ctrl.failover.validation",
+ FT_BOOLEAN, 8, NULL, 0x08, NULL, HFILL}},
+
{ &hf_smcr_rmbe_ctrl_peer_conn_state_flags, {
"Peer Connection State Flags",
"smcr.rmbe.ctrl.peer.conn.state.flags",