Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9839] New: DNP3 Dissector Enhancement

Wireshark-bugs: [Wireshark-bugs] [Bug 9839] New: DNP3 Dissector Enhancement - Direct Op No ACK m

Date: Wed, 05 Mar 2014 22:26:42 +0000

Bug ID	9839
Summary	DNP3 Dissector Enhancement - Direct Op No ACK messages / Read Requests with multiple objects
Classification	Unclassified
Product	Wireshark
Version	1.11.x (Experimental)
Hardware	x86
OS	Windows 8
Status	UNCONFIRMED
Severity	Enhancement
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	cbontje@gmail.com

Created attachment 12604 [details]
DNP3 Direct Operate No ACK

Build Information:
Version 1.11.3CJB (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 3.4.4, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.32.4, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6,
with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Mar  5 2014),
with AirPcap.

Running on 64-bit Windows 8, build 9200, with WinPcap version 4.1.3 (packet.dll
version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
       Intel(R) Core(TM) i7-3687U CPU @ 2.10GHz, with 8074MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
This enhancement corrects two issues:

1) Previously, any application layer messages using the function code (0x06)
Direct Operate, No Ack would not be dissected.  They should be handled the same
as Direct Operate (FC 0x05) so I have added in the necessary switch statement.

2) Previously, any read request objects would be noted in the packet info line
however due to misplacement of the update (outside of the 'while' statement)
only the last object in the Read request would be noted.

I have attached 2 pcap files (DLT250, RTAC Serial - set dissector payload
option as DNP3) that demonstrate the issue.

Patch has been committed through GIT Ext on Windows, let me know if I did it
all wrong.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 9839] DNP3 Dissector Enhancement - Direct Op No ACK messages / Read Requests with multiple objects
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9839] DNP3 Dissector Enhancement - Direct Op No ACK messages / Read Requests with multiple objects
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9839] DNP3 Dissector Enhancement - Direct Op No ACK messages / Read Requests with multiple objects
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9839] DNP3 Dissector Enhancement - Direct Op No ACK messages / Read Requests with multiple objects
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9793] SLh interface : Diameter AVP support for 2405, 2406, 2407
Next by Date: [Wireshark-bugs] [Bug 9839] DNP3 Dissector Enhancement - Direct Op No ACK messages / Read Requests with multiple objects
Previous by thread: [Wireshark-bugs] [Bug 9838] Capture filter with "protochain" failed to install.
Next by thread: [Wireshark-bugs] [Bug 9839] DNP3 Dissector Enhancement - Direct Op No ACK messages / Read Requests with multiple objects
Index(es):
- Date
- Thread