Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9931] Encapsulated ethernet packets sometimes show invalid FCS

Wireshark-bugs: [Wireshark-bugs] [Bug 9931] Encapsulated ethernet packets sometimes show invalid

Date: Thu, 27 Mar 2014 22:17:11 +0000

What	Removed	Added
Hardware	x86	All

Comment # 1 on bug 9931 from Guy Harris

(In reply to comment #0)
> 2) Even if the file reader had set the pseudo-header,

...which they all should do...

> if the lower
> link-layer encap wasn't Ethernet but something else like ATM, it would set
> the ATM-specific pseudo-header info.  But when the ATM cells contain an
> Ethernet packet inside, ATM's dissector doesn't call the dissector for
> "eth_withoutfcs" or "eth_withfcs", which I believe it should do,

You are correct.

*NO* dissector for a protocol over which Ethernet can be encapsulated should
call the "eth" dissector, with the possible exception of protocols for remote
packet capture.  Perhaps that dissector should be renamed "eth_maybefcs" to
clarify that it's not "the" Ethernet dissector.

I'd be inclined to split this into two bugs:

   1) a libwiretap bug for the file-reading modules that aren't setting the
pseudo-header;

   2) a libwireshark bug for the dissectors calling the "eth" dissector - and
for renaming the "eth" dissector to "eth_maybefcs".

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 9931] New: Encapsulated ethernet packets sometimes show invalid FCS
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9932] New: Buildbot crash output: fuzz-2014-03-27-28239.pcap
Next by Date: [Wireshark-bugs] [Bug 9933] New: Questionable calling of ethernet dissector by encapsulating protocol dissectors
Previous by thread: [Wireshark-bugs] [Bug 9931] New: Encapsulated ethernet packets sometimes show invalid FCS
Next by thread: [Wireshark-bugs] [Bug 9931] Encapsulated ethernet packets sometimes show invalid FCS
Index(es):
- Date
- Thread