[email protected]
changed
bug 12122
Comment # 5
on bug 12122
from [email protected]
Created attachment 14873 [details]
Patch for OCFS2 dissector
Hello,
I encountered the same situation with version 2.0.5 built in Linux.
During analysis with gdb, I found the dissector treats message length in "FA55"
message as little endian.
It is actually big endian (at least in observed packets), so the dissector
believes the message has very big size and it must reassemble with following
packets.
e.g.) Message length 0x0050 is parsed as 0x5000, but the following packets are
not related to the message at all. Therefore message reconstruction fails.
The attached patch fixes the issue by using tvb_get_ntohs() instead of
tvb_get_letohs().
This patch also includes another two fixes.
First, after I fixed the main problem above, the dissector claims some "Proxy
AST" and "Convert lock" messages malformed, mistakenly.
It is because the dissector tries to obtain LVB data which actually is not
included in the message.
So this patch also fixes this by adding code to check LVB-related flags.
Second is for keepalive req/resp messages that are always shown as "Unknown
type (0x00)". This patch changes them to "Keepalive Request" and "Keepalive
Response".
I also don't have spec of OCFS2 protocol, please confirm and excuse me if any
mistake.
You are receiving this mail because:
- You are watching all bug changes.