Wireshark-bugs: [Wireshark-bugs] [Bug 12122] OCFS2 Dissector does not function properly on Linux

Date: Thu, 01 Sep 2016 00:49:21 +0000

changed bug 12122


What Removed Added
CC   [email protected]

Comment # 5 on bug 12122 from
Created attachment 14873 [details]
Patch for OCFS2 dissector

Hello, 

I encountered the same situation with version 2.0.5 built in Linux.
During analysis with gdb, I found the dissector treats message length in "FA55"
message as little endian. 
It is actually big endian (at least in observed packets), so the dissector
believes the message has very big size and it must reassemble with following
packets.
e.g.) Message length 0x0050 is parsed as 0x5000, but the following packets are
not related to the message at all. Therefore message reconstruction fails.

The attached patch fixes the issue by using tvb_get_ntohs() instead of
tvb_get_letohs().


This patch also includes another two fixes.
First, after I fixed the main problem above, the dissector claims some "Proxy
AST" and "Convert lock" messages malformed, mistakenly. 
It is because the dissector tries to obtain LVB data which actually is not
included in the message.
So this patch also fixes this by adding code to check LVB-related flags.

Second is for keepalive req/resp messages that are always shown as "Unknown
type (0x00)". This patch changes them to "Keepalive Request" and "Keepalive
Response".

I also don't have spec of OCFS2 protocol, please confirm and excuse me if any
mistake.


You are receiving this mail because:
  • You are watching all bug changes.