URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=411104bd89e235e8c2642ba41c71f639f49b848f
Submitter: Michael Mann (mmann78@xxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
411104b by D. Ulis (daulis0@xxxxxxxxx):
Enhancements for EtherNet/IP and CIP
EtherNet/IP
1. EtherNet Link object parsed Physical Address attribute response incorrectly.
2. Display Unknown Commands as ENIP instead of just TCP data.
CIP
1. For connected data, don't interpret it as a Message Router Request/Response format when the Forward Open connection was not directed to the Message Router. Previously, this data would be incorrectly shown as explicit CIP data. In many cases, this would show as malformed. This traffic will now just display as Data in the Wireshark tree, and "Implicit Data - Class (0x123)" in the Info column. Make this data filterable by "cip.conn_path_class == 0x123".
2. Fix parsing of Unconnected Send responses. Previously, for most cases, the response was not fully parsed, and would just show "Data", or it would parse the response as if the request class was the Connection Manager, which is incorrect. Now, also show the request path of the original embedded message in the tree.
3. Add some detailed error data for malformed Forward Close response.
Change-Id: I1c98ce516373d8c0ed6e049e25342f726bc370ea
Reviewed-on: https://code.wireshark.org/review/12339
Petri-Dish: Michael Mann <mmann78@xxxxxxxxxxxx>
Reviewed-by: D. Ulis <daulis0@xxxxxxxxx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
Actions performed:
from c88f24f4 ECMP: fix indent
adds 411104b Enhancements for EtherNet/IP and CIP
Summary of changes:
epan/dissectors/packet-cip.c | 154 +++++++++++++++++++++++++++++++----------
epan/dissectors/packet-cip.h | 1 +
epan/dissectors/packet-enip.c | 69 +++++++++++-------
3 files changed, 162 insertions(+), 62 deletions(-)