[Wireshark-bugs] [Bug 15522] ieee80211: QoS Control not correctly dissected for MESH frames

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15522

--- Comment #2 from Gerrit Code Review  ---
Change 32084 merged by Alexis La Goutte:
ieee80211: Dissect MESH specific bit of QoS Control

https://code.wireshark.org/review/32084

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15502] Editcap and TShark don't preserve name resolution and capture statistics information and don't handle IDBs in the middle of the file

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15502

Jim Young  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |CONFIRMED

--- Comment #8 from Jim Young  ---
(In reply to Guy Harris from comment #2)
> Yet Another editcap Problem - it doesn't handle files that have IDBs after
> EPBs.  (Yes, that's legal, as long as no EPB appears until the the IDB for
> its interface occurs; consider a capture that starts capturing on the
> interfaces available at the time and, when new interfaces appear, starts
> capturing on them as well.)

I've attached a pair of small pcapng files, each with two IDBs.  The one with
the noncontiguous IDBs will trigger the issue noted above and cause editcap and
tshark to abort prematurely.

For example:

> $ editcap -d noncontiguous-idbs.pcapng out.pcapng 
> editcap: An error occurred while writing to the file "out.pcapng": Internal 
> error.
> $ 

> $ tshark -r noncontiguous-idbs.pcapng -w out.pcapng 
> tshark: An error occurred while writing to the file "out.pcapng": Internal 
> error.
> $ 

The one with contiguous IDBs can be successfully processed:

> $ editcap -d contiguous-idbs.pcapng out.pcapng 
> 12 packets seen, 4 packets skipped with duplicate window of 5 packets.
> $ 

The differences in the pcapng block layout can be revealed with the the
following commands:

> tshark -X read_format:MIME\ Files\ Format -V -r noncontiguous-idbs.pcapng | 
> grep Block:

> tshark -X read_format:MIME\ Files\ Format -V -r contiguous-idbs.pcapng | grep 
> Block:

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15502] Editcap and TShark don't preserve name resolution and capture statistics information and don't handle IDBs in the middle of the file

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15502

--- Comment #7 from Jim Young  ---
Created attachment 16928
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16928&action=edit
macOS created pcapng file edited to have contiguous IDBs

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15502] Editcap and TShark don't preserve name resolution and capture statistics information and don't handle IDBs in the middle of the file

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15502

Jim Young  changed:

   What|Removed |Added

 CC||jyo...@gsu.edu

--- Comment #6 from Jim Young  ---
Created attachment 16927
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16927&action=edit
macOS created pcapng file with noncontiguous IDBs

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15500] Should capinfos give information about name resolution and decryption secret information in the file?

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15500

Guy Harris  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

--- Comment #2 from Guy Harris  ---
Yes, it should.

https://code.wireshark.org/review/32089 adds counts of decryption secrets,
resolved IPv4 addresses, and resolved IPv6 addresses.

If somebody wants the individual items listed, file an enhancement request.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15523] New: Enhanced Bluetooth Mesh dissector sample files

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15523

Bug ID: 15523
   Summary: Enhanced Bluetooth Mesh dissector sample files
   Product: Wireshark
   Version: Git
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Enhancement
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: win...@gmail.com
  Target Milestone: ---

Created attachment 16926
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16926&action=edit
Sample Bluetooth Mesh capture files

Build Information:
3.1.0-Mesh (v3.1.0rc0-91-g3a3c5de5)

Copyright 1998-2019 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with WinPcap SDK (WpdPack) 4.1.2, with GLib 2.52.2, with zlib
1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.6.3
and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB
resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.9.

Running on 64-bit Windows 10 (1803), build 17134, with Intel(R) Core(TM)
i7-7500U CPU @ 2.70GHz (with SSE4.2), with 16211 MB of physical memory, with
locale Polish_Poland.1252, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.6.3, with Gcrypt 1.8.3, binary plugins supported (0 loaded).

Built using Microsoft Visual Studio 2017 (VC++ 14.16, build 27027).
--
Link to Bluetooth Mesh Profile specification
https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=457092

You may use the following filters for filtering packets that are handled by
enhanced Bluetooth Mesh dissector.

file:   nordic set.pcapng
filter: btmproxy

file:   pb-adv.cap
filter: pbadv

file:   nordic provisioning.pcapng
filter: btmproxy

file:   btsnoop_hci-provisioning.log
filter: btmproxy

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15454] Dissection of CAN packets based on a DBC specification

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15454

--- Comment #8 from Guy Harris  ---
(In reply to Maksim Salau from comment #7)
> The parser is implemented by hand, possibly it should be rewritten to make
> use of flex & bison.

Either Flex & Bison/BYACC (if there's any .y file in the Wireshark source that
works only with Bison, not Berkeley YACC, that's a bug), or Flex & Lemon (most
of the generated parsers in Wireshark are Lemon, not Bison/BYACC).

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15454] Dissection of CAN packets based on a DBC specification

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15454

--- Comment #7 from Maksim Salau  ---
Hi Michael,

> What exactly is this and what other Wireshark constructs would you equate it
> to?
The dissector is for decoding data payload of CAN frames. This is somewhat
similar to AUTOSAR NM "User Data Field Configuration". In AUTOSAR NM you can
define how to interpret data payload, but in this dissector one can define
payload format for any CAN frame based on its id.

Usage scenarios for the dissector are CAN buses that don't make use of standard
protocols like CANopen or J1939.

> Is this similar to ASN.1 definitions where you want a "dbc to dissector"
> tool that will generate a C code dissector from the data in the .dbc file?
> (that in this case would register handlers for the j1939.pgn dissector
> table) 
This dissector has J1939 file type support but it only partially overlap with
it. The J1939 dissector decodes only CAN id, but not data, while this dissector
aims at data and uses id only to pick correct spec from a DBC file.

> Is this supposed to be dynamically loaded at runtime and the J1939 dissector
> would create a "database of hf_ fields" based on the information in the .dbc
> file(s)?
Yes, the spec is loaded in runtime. And 'no' - this dissector doesn't make use
of the J1939 subdissector but acts on its own.

'J1939' in this dissector is only used to define 2 ways of interpreting ids:
  1. full id match;
  2. masked (only J1939 type PGN should match).

> Is there a DBC spec that explains the fields in the file?
Unfortunately there is no official spec of the file format, but there are a
number of open-source tools [1]..[5] that may used as a reference.
Since spec is not available, parser is much more forgiving than the official
tool: CANdb++ Editor by Vector Informatik GmbH.

The parser is implemented by hand, possibly it should be rewritten to make use
of flex & bison.

[1] https://github.com/rbei-etas/busmaster/
[2] https://github.com/ebroecker/canmatrix/
[3] https://bitbucket.org/tobylorenz/vector_dbc/
[4] https://github.com/collin80/SavvyCAN/
[5] https://github.com/eerimoq/cantools/

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15512] pod2man is required for the build process, but that's not documented in the Developer's Guide

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15512

--- Comment #1 from Gerrit Code Review  ---
Change 32088 had a related patch set uploaded by Gerald Combs:
WSDG: Let Windows developers know that they need Perl.

https://code.wireshark.org/review/32088

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15513] If pod2man isn't found, we try building the documentation anyway, and that fails with a non-obvious error

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15513

--- Comment #1 from Gerald Combs  ---
A related question might be "When did Fedora stop shipping pod2man with its
'perl' package and why would they do such a thing?"

According to the pod2man documentation[1], it was added to Perl core in 5.6.
Based on that it should be safe to assume that if the `perl` command is present
then `pod2man` is also present. This is the case for macOS, Debian, Ubuntu, and
Strawberry. It's in Arch's "perl" package, although it's installed in
/usr/bin/core_perl[2]. It's *not* in Fedora's "perl" package -- you have to
install "perl-podlators"[3] instead.

It might make sense to convert the man page markup to Asciidoctor. It has
explicit support for man pages[4] and doing so would unify our documentation
markup. That would imply making Asciidoctor required instead of optional,
however. I'm not sure how onerous that would be.

[1] https://perldoc.perl.org/pod2man.html
[2] https://wiki.archlinux.org/index.php/Perl_Policy
[3] https://apps.fedoraproject.org/packages/perl-podlators/
[4] https://asciidoctor.org/docs/user-manual/#man-pages

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15521] ieee80211: Dissection of Mesh Control not always included

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15521

Alexis La Goutte  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||alexis.lagou...@gmail.com
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15521] ieee80211: Dissection of Mesh Control not always included

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15521

--- Comment #2 from Gerrit Code Review  ---
Change 32083 merged by Anders Broman:
ieee80211: Always include Mesh Control dissection

https://code.wireshark.org/review/32083

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15522] ieee80211: QoS Control not correctly dissected for MESH frames

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15522

--- Comment #1 from Gerrit Code Review  ---
Change 32084 had a related patch set uploaded by cedric izoard:
ieee80211: Dissect MESH specific bit of QoS Control

https://code.wireshark.org/review/32084

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15521] ieee80211: Dissection of Mesh Control not always included

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15521

--- Comment #1 from Gerrit Code Review  ---
Change 32083 had a related patch set uploaded by cedric izoard:
ieee80211: Always include Mesh Control dissection

https://code.wireshark.org/review/32083

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15522] New: ieee80211: QoS Control not correctly dissected for MESH frames

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15522

Bug ID: 15522
   Summary: ieee80211: QoS Control not correctly dissected for
MESH frames
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: cedric.izo...@ceva-dsp.com
  Target Milestone: ---

Created attachment 16925
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16925&action=edit
example of QoS data frame sent by a mesh STA

Build Information:
TShark (Wireshark) 3.1.0 (v3.1.0rc0-67-gea66c417)
--
802.11 spec mentions that for 'All frames sent by mesh STAs in a mesh BSS' QoS
control field bits 8-15 have a specific meaning:

Bit 8: Mesh Control Present
Bit 9: Mesh Power Save Level
Bit 10: RSPI
Bit 11-15: reserved

(802.11-2016 Table 9-6)

For now bits 8-15 are always seen as 'AP PS Buffer State' for mesh frames.

One way to determine if this is a frame 'sent by a mesh STA in a mesh BSS'
would be to rely on the presence of Mesh Control field. In theory this would
not be enough for fragmented frames but since fragmentation is in practice
never used (except in certification test) I guess this is good enough.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15521] New: ieee80211: Dissection of Mesh Control not always included

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15521

Bug ID: 15521
   Summary: ieee80211: Dissection of Mesh Control not always
included
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: cedric.izo...@ceva-dsp.com
  Target Milestone: ---

Created attachment 16924
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16924&action=edit
Mesh control is not included in packet dissection (bytes 0x32-0x37)

Build Information:
TShark (Wireshark) 3.1.0 (v3.1.0rc0-67-gea66c417)
--

Commit "802.11: Dissect locally originated mesh frames" introduced a small
regression.

Indeed, with this patch details of Mesh Control field are no longer included in
the packet dissection.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15501] Add dissector for FSRVP

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15501

Alexis La Goutte  changed:

   What|Removed |Added

 CC||alexis.lagou...@gmail.com
 Status|IN_PROGRESS |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15426] Add support for ARP Probe and ARP Announcement (RFC 5227)

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15426

Alexis La Goutte  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED
 CC||alexis.lagou...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe