Wireshark-bugs: [Wireshark-bugs] [Bug 12122] OCFS2 Dissector does not function properly on Linux
Comment # 6
on bug 12122
from Dan Jaksic
Any Idea when these fixes will be incorporated into the downloadable wireshark
versions at wwww.wireshark.org (https://www.wireshark.org/download.html)?
(In reply to Makoto Shimamura from comment #5)
> Created attachment 14873 [details]
> Patch for OCFS2 dissector
>
> Hello,
>
> I encountered the same situation with version 2.0.5 built in Linux.
> During analysis with gdb, I found the dissector treats message length in
> "FA55" message as little endian.
> It is actually big endian (at least in observed packets), so the dissector
> believes the message has very big size and it must reassemble with following
> packets.
> e.g.) Message length 0x0050 is parsed as 0x5000, but the following packets
> are not related to the message at all. Therefore message reconstruction
> fails.
>
> The attached patch fixes the issue by using tvb_get_ntohs() instead of
> tvb_get_letohs().
>
>
> This patch also includes another two fixes.
> First, after I fixed the main problem above, the dissector claims some
> "Proxy AST" and "Convert lock" messages malformed, mistakenly.
> It is because the dissector tries to obtain LVB data which actually is not
> included in the message.
> So this patch also fixes this by adding code to check LVB-related flags.
>
> Second is for keepalive req/resp messages that are always shown as "Unknown
> type (0x00)". This patch changes them to "Keepalive Request" and "Keepalive
> Response".
>
> I also don't have spec of OCFS2 protocol, please confirm and excuse me if
> any mistake.
You are receiving this mail because:
- You are watching all bug changes.
