[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 Evan Huus changed: What|Removed |Added Status|CONFIRMED |RESOLVED CC||eapa...@gmail.com Resolution|--- |NOTOURBUG --- Comment #11 from Evan Huus --- Based on my reading Wireshark's code is correct here. Feel free to reopen if any information is found to contradict that. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #3 from Bill Meier 2010-06-28 09:06:54 EDT --- [I've attached (privately) a capture file showing the problem]. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. ___ Sent via:Wireshark-bugs mailing list Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #4 from Jaap Keuter 2010-06-28 16:45:49 CEST --- Question is does the L in TLV include the length of the TL part or not? Can't find a spec on this protocol this quickly, so I don't know which is correct. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. ___ Sent via:Wireshark-bugs mailing list Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #5 from Chris Maynard 2011-01-10 14:12:09 PST --- (In reply to comment #4) > Question is does the L in TLV include the length of the TL part or not? > Can't find a spec on this protocol this quickly, so I don't know which is > correct. According to http://www.ethereal.com/lists/ethereal-dev/200312/msg00703.html, the "Enterasys Discovery Protocol" was formerly the "Cabletron Discovery Protocol". RFC 2643 (http://www.faqs.org/rfcs/rfc2641.html), entitled "Cabletron's SecureFast VLAN Operational Model", while not the "Cabletron Discovery Protocol" itself, describes the Cabletron TLV in section 2.3, whereby the L is indicated as the length of the value field only and does not include the bytes for T or L. Other Cabletron RFC's that reference RFC 2643: RFC 2641: "Cabletron's VlanHello Protocol Specification" RFC 2642: "Cabletron's VLS Protocol Specification" Also, RFC 2124, "Cabletron's Light-weight Flow Admission Protocol Specification", doesn't reference RFC 2643 (for obvious reasons), but section 3.1 describes the IE (Information Element) format exactly the same as the RFC 2643 TLV format. Considering the original author's implementation, the fact that the attached packet sample packet capture from Bill decodes correctly and information from these RFC's, I'd say it's a pretty safe bet that the current implementation is correct and this bug can be closed. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. ___ Sent via:Wireshark-bugs mailing list Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 Chris Maynard changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #6 from Chris Maynard 2011-01-11 12:48:06 PST --- Closing as invalid. Reopen if you disagree. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. ___ Sent via:Wireshark-bugs mailing list Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #7 from Bill Meier 2011-01-20 16:05:13 EST --- (In reply to comment #5) > Considering the original author's implementation, the fact that the attached > packet sample packet capture from Bill decodes correctly and information from > these RFC's, I'd say it's a pretty safe bet that the current implementation is > correct and this bug can be closed. For the record: Uh, actually, the (private) packet-capture attached does not decode correctly unless SVN #30814 is reverted. That is the current Wireshark shows the frame as "malformed". In the capture the L includes the length of the T plus the length of the L plus the length of the V. That being said & following up on the info Chris provided I'm guessing that ISMP messages (and their possible payloads) are obsolete[1] and thus further resolving this issue is not necessary or useful. [1] For example: besides the spec Chris found for an ISMP "type 2" message I found another spec [RFC] for what appears to be a different format message with the same type. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. ___ Sent via:Wireshark-bugs mailing list Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #8 from Bill Meier 2011-01-21 10:07:40 EST --- (In reply to comment #7) Some comments after doing a bit more research (see inline comments). > > That being said & following up on the info Chris provided I'm guessing that > ISMP messages (and their possible payloads) are obsolete[1] and thus further > resolving this issue is not necessary or useful. Looking at the specs for several of the current Entersys switch products (www.enterasys.com) I see that several of the switches support "Cabletron Discovery Protocol". So: I guess the protocol is not actually obsolete. > > [1] For example: besides the spec Chris found for an ISMP "type 2" message I > found another spec [RFC] for what appears to be a different format message > with the same type. The above is incorrect; I mis-interpreted RFC 2642. --- Also: The VLAN Hello (Version 4) message described in RFC 2641 appears to be quite similar to the "Enterasys Discovery Protocol" message dissected by packet-ismp.c (with different names for several of the fields and without the "tuples"). In the attached capture the discovery protocol message has a version of 6. There are references in Entersys Release Note documents to Cabletron Discovery Protocol Version 6 but I was unable to find any specification of V6 of the protocol. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. ___ Sent via:Wireshark-bugs mailing list Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 Chris Maynard changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID | --- Comment #9 from Chris Maynard 2011-01-21 13:51:16 PST --- (In reply to comment #7) > Uh, actually, the (private) packet-capture attached does not decode correctly > unless SVN #30814 is reverted. That is the current Wireshark shows the frame > as > "malformed". In the capture the L includes the length of the T plus the > length > of the L plus the length of the V. Right, my mistake. The original implementation assumed the L included TL. But from what I've read, that looks wrong and the change in 30814 looks correct. For the benefit of others, here's the change: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ismp.c?r1=28959&r2=30814 Bill, you indicated in comment 0: > I noticed that ISMP.EDP "Tuples" were not being properly dissected for a > capture file I came across. You (or anyone else) don't happen to have other capture files to compare against, do you? I don't have access to private files, but it sure sounds like those TLV's are improperly coded to me. That said, I guess I can't be 100% certain, so maybe I closed the bug a little too prematurely. I'll reopen it and leave it to you to close it when you think it's appropriate. Perhaps contacting the original author would help resolve this with even more certainty one way or the other? -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. ___ Sent via:Wireshark-bugs mailing list Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 Peter Wu changed: What|Removed |Added Status|RESOLVED|CONFIRMED Component|GTK+ UI |Dissection engine ||(libwireshark) CC||pe...@lekensteyn.nl Resolution|NOTOURBUG |--- --- Comment #12 from Peter Wu --- Previous mailing list link was dead, this is the right one: https://www.wireshark.org/lists/ethereal-dev/200312/msg00702.html > I am attaching a new dissector for ISMP (InterSwitch Message Protocol) > in which EDP (Enterasys Discovery Protocol), formerly known as Cabletron > Discovery Protocol resides on. This dissector decodes Ethernet message > types that match 0x81fd. I cannot find any spec and the ether type is not listed at https://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml Given the absence of information that suggests that the length should not cover the four bytes (Type and Length), I am going to assume that it is needed. The only two ISMP pcaps I could find would work with that: Requires subtractions of four bytes to work properly (v6): http://www.pcapr.net/view/tyson.key/2009/8/3/10/ISMP.pcap.html Does not have any tuples (v4): https://www.pcapr.net/view/tyson.key/2009/8/2/16/NFSCrash_1_20021114102326.html -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #13 from Gerrit Code Review --- Change 27554 had a related patch set uploaded by Peter Wu: ISMP: fix tuple decoding https://code.wireshark.org/review/27554 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #14 from Gerrit Code Review --- Change 27554 merged by Anders Broman: ISMP: fix tuple decoding https://code.wireshark.org/review/27554 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 Peter Wu changed: What|Removed |Added Resolution|--- |FIXED Status|CONFIRMED |RESOLVED -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #15 from Gerrit Code Review --- Change 27923 had a related patch set uploaded by Guy Harris: ISMP: fix tuple decoding https://code.wireshark.org/review/27923 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #16 from Gerrit Code Review --- Change 27923 merged by Guy Harris: ISMP: fix tuple decoding https://code.wireshark.org/review/27923 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #17 from Gerrit Code Review --- Change 27924 had a related patch set uploaded by Guy Harris: ISMP: fix tuple decoding https://code.wireshark.org/review/27924 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #18 from Gerrit Code Review --- Change 27924 merged by Guy Harris: ISMP: fix tuple decoding https://code.wireshark.org/review/27924 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #20 from Gerrit Code Review --- Change 27925 merged by Guy Harris: ISMP: fix tuple decoding https://code.wireshark.org/review/27925 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 4943] ISMP.EDP "Tuples" dissected incorrectly: revert SVN 30814 ?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4943 --- Comment #19 from Gerrit Code Review --- Change 27925 had a related patch set uploaded by Guy Harris: ISMP: fix tuple decoding https://code.wireshark.org/review/27925 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
