Wireshark-bugs: [Wireshark-bugs] [Bug 2362] New: FIX protocol dissector does not handle FIX 5.x
Date: Fri, 14 Mar 2008 02:34:00 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2362

           Summary: FIX protocol dissector does not handle FIX 5.x and
                    beyond
           Product: Wireshark
           Version: 0.99.8
          Platform: PC
               URL: http://www.fixprotocol.org/specifications/fix5.0spec
        OS/Version: Linux
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: dtrammell@xxxxxxxxxxxxxxxxxx


Created an attachment (id=1546)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1546)
Patch for epan/dissectors/packet-fix.c

Build Information:
wireshark 0.99.8

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.13, with GLib 2.12.12, with libpcap 0.9.7, with libz
1.2.3, with libpcre 7.0, without SMI, without ADNS, without Lua, with GnuTLS
1.6.2, with Gcrypt 1.2.4, with MIT Kerberos, without PortAudio, without
AirPcap.

Running on Linux 2.6.21.5-smp, with libpcap version 0.9.7.

Built using gcc 4.1.2.
--
The FIX protocol dissector uses the 6 byte string "8=FIX." at the beginning of
the data to match the beginning of a FIX version string of the format
"8=FIX.x.x" in order to determine if the data is the FIX protocol or not.  This
causes the dissector to not recognize FIX 5.x packets.  As of FIX 5.0, the
"transport" protocol (really a session protocol) and application protocols have
been decoupled.  With FIX 5.x and beyond, the beginning of the data will have a
version string of the format "8=FIXT.x.x" to indicate the FIX Transport (FIXT)
version, but otherwise subsequent tag=value pairs appear to dissect the same as
FIX 4.x and earlier.

A simple solution is to update the current FIX dissector to only match the
first 5 bytes of the version string (see attached patch).  This will cause a
match for FIX version 4.x and prior (8=FIX.x.x) as well as 5.x and beyond
(8=FIXT.x.x).

The proper fix is likely to create two separate dissectors, one for FIXT (the
"transport" protocol, and a second for the FIX protocol.

Reference: http://www.fixprotocol.org/specifications/fix5.0spec


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.