 | 1 | initial version |
The spec is ieee. Do you have access to it?
I assume the check below should include NACK but without the spec that's a SWAG.
epan/dissectors/packet-dnp.c:
/* If the DataLink function is 'Request Link Status' or 'Status of Link',
or 'Reset Link' we don't expect any Transport or Application Layer Data
NOTE: This code should probably check what DOES have TR or AL data */
if ((dl_func != DL_FUNC_LINK_STAT) && (dl_func != DL_FUNC_STAT_LINK) &&
(dl_func != DL_FUNC_RESET_LINK) && (dl_func != DL_FUNC_ACK)) //-V560 (both codes are the same value but semantically different)
{
Code goes on to try:
/* get the transport layer byte */
tr_ctl = tvb_get_uint8(tvb, offset);
where offset = 10 and length of tvb is 10. Oops.
Frame 1: Packet, 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface Fake IF, Import from Hex Dump, id 0
Ethernet II, Src: Send_00 (20:53:45:4e:44:00), Dst: Receive_00 (20:52:45:43:56:00)
Internet Protocol Version 4, Src: 10.1.1.1 (10.1.1.1), Dst: 10.2.2.2 (10.2.2.2)
User Datagram Protocol, Src Port: 20000, Dst Port: 0
Distributed Network Protocol 3.0
Data Link Layer, Len: 5, From: 3, To: 1, NACK
Start Bytes: 0x0564
Length: 5
Control: 0x01 (NACK)
0... .... = Direction: Not set
.0.. .... = Primary: Not set
...0 .... = Data Flow Control: Not set
.... 0001 = Control Function Code: NACK (1)
Destination: 1
Source: 3
Data Link Header checksum: 0x3af2 [correct]
[Data Link Header Checksum Status: Good]
[Malformed Packet: DNP 3.0]
Please open a new issue (https://gitlab.com/wireshark/wireshark/-/issues) and attach a capture file and any spec information confirming there is no data on a NACK.