Wireshark · Wireshark-dev: Re: [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-1430-g600de02805d0

Wireshark-dev: Re: [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-14

From: Oliver Hartkopp <socketcan@xxxxxxxxxxxx>

Date: Sun, 11 Feb 2024 22:19:53 +0100

Hello Guy,

sorry for my late reply. I wanted to look into the details this weekend... and you already did a great job!!

I built Wireshark and it already works great with the libpcap.so.1.10.4from Debian testing (Trixie).

Although the Priority 0x242 and the VCID 0xCD are correctly displayed inthe grey line the values below that line seem to be wrong (Priority52480, VCID 2).


See attached screenshot.

I'll try to build the latest libpcap from the git too.

Btw. I found a potential issue in the libpcap patch fe47b89f2ca93b("socketcan: fix up CAN/CAN FD support and add CAN XL support."):


diff --git a/pcap/sll.h b/pcap/sll.h
index 392faae4..ad3df355 100644
--- a/pcap/sll.h
+++ b/pcap/sll.h
@@ -143,7 +143,8 @@ struct sll2_header {
  */

#define LINUX_SLL_P_802_3 0x0001 /* Novell 802.3 frames without802.2 LLC header */#define LINUX_SLL_P_802_2 0x0004 /* 802.2 frames (not D/I/XEthernet) */#define LINUX_SLL_P_CAN 0x000C /* CAN frames, withSocketCAN pseudo-headers */#define LINUX_SLL_P_CANFD 0x000D /* CAN FD frames, withSocketCAN pseudo-headers */+#define LINUX_SLL_P_CANXL 0x000F /* CAN XL frames, with SocketCANpseudo-headers */


 #endif

Shouldn't LINUX_SLL_P_CANXL be set to 0x000E like ininclude/uapi/linux/if_ether.h for ETH_P_CANXL instead of 0x000F here?


Many thanks & best regards,
Oliver

On 2024-02-09 23:56, Guy Harris wrote:

So the libpcap main and 1.10 branches include changes to

	not clear the CANFD_FDF flag for FD frames;

	put the multi-byte fields in the CAN XL header into little-endian byte order;

and the Wireshark main and 4.2 branches include changes to

	treat CAN frames without the CANXL_XLF flag or the CANFD_FDF flag as FD frames if they're exactly 72 bytes long, to work around the (fixed in the main and 1.10 branches) libpcap bug where CANFD_FDF is unintentionally cleared;

	dissect CAN XL frames;

	hand LINKTYPE_LINUX_SLL frames with a protocol type of CAN XL to the SocketCAN dissector;

so I think this issue will be resolved by the next Wireshark and libpcap releases.

Attachment: Wireshark-v4.3.0rc0-1508-g8143babe21fd.png
Description: PNG image

Follow-Ups:
- Re: [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-1430-g600de02805d0
  - From: Guy Harris
- Re: [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-1430-g600de02805d0
  - From: Guy Harris

References:
- [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-1430-g600de02805d0
  - From: Oliver Hartkopp
- Re: [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-1430-g600de02805d0
  - From: Guy Harris
- Re: [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-1430-g600de02805d0
  - From: Guy Harris
- Re: [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-1430-g600de02805d0
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] Input plugin for PEAK Systems CAN interfaces
Next by Date: Re: [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-1430-g600de02805d0
Previous by thread: Re: [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-1430-g600de02805d0
Next by thread: Re: [Wireshark-dev] SocketCAN Support is broken in latest Wireshark-v4.3.0rc0-1430-g600de02805d0
Index(es):
- Date
- Thread