Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12946] New: BTLE feature bits are incorrectly decoded (backwards)

Wireshark-bugs: [Wireshark-bugs] [Bug 12946] New: BTLE feature bits are incorrectly decoded (bac

Date: Sun, 25 Sep 2016 03:01:39 +0000

Bug ID	12946
Summary	BTLE feature bits are incorrectly decoded (backwards)
Product	Wireshark
Version	2.3.x (Experimental)
Hardware	x86
OS	Mac OS X 10.4
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 14944 [details]
dissection picture

Build Information:
tshark -v
TShark (Wireshark) 2.3.0-825-g06b09ee (v2.3.0rc0-825-g06b09ee from unknown)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, with GLib 2.36.0,
with zlib 1.2.5, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2.4, with
GnuTLS
2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP.

Running on Mac OS X 10.12, build 16A323 (Darwin 16.0.0), with Intel(R) Core(TM)
i7-4850HQ CPU @ 2.30GHz (with SSE4.2), with 16384 MB of physical memory, with
locale C/UTF-8/C/C/C/C, with libpcap version 1.7.4 - Apple version 67, with
GnuTLS 2.12.19, with Gcrypt 1.5.0, with zlib 1.2.8.

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).

--
The feature flags for BTLE in the LL_FEATURE_REQ and LL_FEATURE_RSP are decoded
backwards. 

>From BT spec 4.2 volume 6 part B section 4.6, Feature support, the bits are 

0 - LE Encryption
1 - Connection Parameters Request
2 - Extended Reject Indication
3 - Slave-initiated Features Exchange
4 - LE Ping
5 - LE Data Packet Length Extension
6 - LL Privacy
7 - Extended Scanner Filter policies

However they are dissected in the opposite order, with LE Encryption showing
enabled if bit 7 is set etc etc. Please see the screenshot of a dissection of a
response which sets the flags to 0x21. That's bits 0 and 5 set and should show
"LE Encryption + LE Data Packet Length Extension", however it incorrectly shows
"Extended Reject Indication  + Extended Scanner Filter policies". 

I'll attach the pcap if I can figure out how to send two attachments.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12946] BTLE feature bits are incorrectly decoded (backwards)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12946] BTLE feature bits are incorrectly decoded (backwards)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12946] BTLE feature bits are incorrectly decoded (backwards)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12946] BTLE feature bits are incorrectly decoded (backwards)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12946] BTLE feature bits are incorrectly decoded (backwards)
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12184] MATE AVPL match modes "Loose" and "Every" do not work correctly
Next by Date: [Wireshark-bugs] [Bug 12946] BTLE feature bits are incorrectly decoded (backwards)
Previous by thread: [Wireshark-bugs] [Bug 12945] CMake builds don't register the NCP dissector, so the resulting Wireshark/TShark crashes with NCP packets
Next by thread: [Wireshark-bugs] [Bug 12946] BTLE feature bits are incorrectly decoded (backwards)
Index(es):
- Date
- Thread