Wireshark-bugs: [Wireshark-bugs] [Bug 12702] New: File over EtherCAT: dissector produces file le
Bug ID |
12702
|
Summary |
File over EtherCAT: dissector produces file length field that doesn't exist in spec
|
Product |
Wireshark
|
Version |
2.0.4
|
Hardware |
x86
|
OS |
Windows 7
|
Status |
UNCONFIRMED
|
Severity |
Trivial
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
dominic@baudvine.net
|
Created attachment 14787 [details]
FoE Read request
Build Information:
Version 2.0.4 (v2.0.4-0-gdd7746e from master-2.0)
Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.38.0, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale C, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz (with SSE4.2), with 8080MB of physical
memory.
Built using Microsoft Visual C++ 12.0 build 40629
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
In short: I've got an EtherCAT packet capture for the initial FoE Read request
in an EtherCAT file transfer operation. Wireshark is parsing one field as
"FileLength" (ecat_mailbox.foe_filelength), but FoE does not have this field -
it has no method at all of indicating a file size beforehand.
This field, at offset 2 past the mailbox header for FoE Read and FoE Write
requests, holds a uint32 "Password" field. In an FoE Data request (carrying the
file contents) it's Packet Number. I'm not sure anyone uses the password field
(or why they would, it's pointless) and wouldn't be surprised if someone
somewhere repurposed it for file length, but that's not what the spec says.
In the attached capture, the relevant field is at bytes 48-51, "a8 00 07 10".
You are receiving this mail because:
- You are watching all bug changes.