[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-bugs
Subject: [Wireshark-bugs] [Bug 16296] New: smb2 oplock/lease break packets are displayed improperly
From: bugzilla-daemon () wireshark ! org
Date: 2019-12-25 12:15:48
Message-ID: bug-16296-15 () https ! bugs ! wireshark ! org/bugzilla/
[Download RAW message or body]
--15772761480.2d04049.30695
Date: Wed, 25 Dec 2019 12:15:48 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.wireshark.org/bugzilla/
Auto-Submitted: auto-generated
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16296
Bug ID: 16296
Summary: smb2 oplock/lease break packets are displayed
improperly
Product: Wireshark
Version: 2.6.10
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: Normal
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-admin@wireshark.org
Reporter: Khomenko.Volodymyr@gmail.com
Target Milestone: ---
Created attachment 17543
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17543&action=edit
Screenshot of the sequence of lease_break packets as displayed by wireshark
Build Information:
Wireshark 2.6.10 (Git v2.6.10 packaged as 2.6.10-1~ubuntu18.04.0)
Copyright 1998-2019 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.9.5, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.56.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.14.0, with Lua 5.2.4, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.30.0, with LZ4, with Snappy,
with libxml2 2.9.4, with QtMultimedia, with SBC, with SpanDSP, without bcg729.
Running on Linux 4.15.0-72-generic, with Intel(R) Core(TM) i5-7200U CPU @
2.50GHz (with SSE4.2), with 15908 MB of physical memory, with locale
uk_UA.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt 1.8.1,
with zlib 1.2.11, binary plugins supported (0 loaded).
Built using gcc 7.4.0.
--
SMB2 Oplock/lease break packets have three different types:
-Notification
-Acknowledgment
-Response
See [MS-SMB2] 2.2.23 SMB2 OPLOCK_BREAK Notification
and related (2.2.24 and 2.2.25).
wireshark does not display them properly:
-Notification packets are displayed as 'Response' packets, making this meaning
ambiguous due collision with real Response type of packets
-Acknowledgment packets are displayed as 'Request' packets, that have no sense
in terms of protocol
-no any difference between oplock and lease break packets, making them
indistinguishable from packets view
--
You are receiving this mail because:
You are watching all bug changes.
--15772761480.2d04049.30695
Date: Wed, 25 Dec 2019 12:15:48 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.wireshark.org/bugzilla/
Auto-Submitted: auto-generated
<html>
<head>
<base href="https://bugs.wireshark.org/bugzilla/" />
<style>
body, th, td {
font-size: 12px;
font-family: Arial, Helvetica, sans-serif; }
p, pre { margin-top: 1em; }
pre {
font-family: Bitstream Vera Sans Mono, Consolas, Lucida Console, \
monospace; white-space: pre-wrap;
}
table { border: 0; border-spacing: 0; border-collapse: collapse; }
th, td {
padding: 0.25em;
padding-left: 0.5em;
padding-right: 0.5em;
}
th { background: rgb(240, 240, 240); }
th.th_top { border-bottom: 1px solid rgb(116, 126, 147); }
th.th_left { border-right: 1px solid rgb(116, 126, 147); }
td.removed { background-color: #ffcccc; }
td.added { background-color: #e4ffc7; }
</style>
</head>
<body><table>
<tr>
<th class="th_left">Bug ID</th>
<td><a class="bz_bug_link
bz_status_UNCONFIRMED "
title="UNCONFIRMED - smb2 oplock/lease break packets are displayed improperly"
href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16296">16296</a>
</td>
</tr>
<tr>
<th class="th_left">Summary</th>
<td>smb2 oplock/lease break packets are displayed improperly
</td>
</tr>
<tr>
<th class="th_left">Product</th>
<td>Wireshark
</td>
</tr>
<tr>
<th class="th_left">Version</th>
<td>2.6.10
</td>
</tr>
<tr>
<th class="th_left">Hardware</th>
<td>x86
</td>
</tr>
<tr>
<th class="th_left">OS</th>
<td>Linux
</td>
</tr>
<tr>
<th class="th_left">Status</th>
<td>UNCONFIRMED
</td>
</tr>
<tr>
<th class="th_left">Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th class="th_left">Priority</th>
<td>Low
</td>
</tr>
<tr>
<th class="th_left">Component</th>
<td>Dissection engine (libwireshark)
</td>
</tr>
<tr>
<th class="th_left">Assignee</th>
<td>bugzilla-admin@wireshark.org
</td>
</tr>
<tr>
<th class="th_left">Reporter</th>
<td>Khomenko.Volodymyr@gmail.com
</td>
</tr>
<tr>
<th class="th_left">Target Milestone</th>
<td>---
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=17543" \
name="attach_17543" title="Screenshot of the sequence of lease_break packets as \
displayed by wireshark">attachment 17543</a> <a \
href="attachment.cgi?id=17543&action=edit" title="Screenshot of the sequence of \
lease_break packets as displayed by wireshark">[details]</a></span> Screenshot of the \
sequence of lease_break packets as displayed by wireshark
Build Information:
Wireshark 2.6.10 (Git v2.6.10 packaged as 2.6.10-1~ubuntu18.04.0)
Copyright 1998-2019 Gerald Combs <<a \
href="mailto:gerald@wireshark.org">gerald@wireshark.org</a>> and \
contributors. License GPLv2+: GNU GPL version 2 or later
<<a href="http://www.gnu.org/licenses/old-licenses/gpl-2.0.html">http://www.gnu.org/licenses/old-licenses/gpl-2.0.html</a>>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.9.5, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.56.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.14.0, with Lua 5.2.4, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.30.0, with LZ4, with Snappy,
with libxml2 2.9.4, with QtMultimedia, with SBC, with SpanDSP, without bcg729.
Running on Linux 4.15.0-72-generic, with Intel(R) Core(TM) i5-7200U CPU @
2.50GHz (with SSE4.2), with 15908 MB of physical memory, with locale
uk_UA.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt 1.8.1,
with zlib 1.2.11, binary plugins supported (0 loaded).
Built using gcc 7.4.0.
--
SMB2 Oplock/lease break packets have three different types:
-Notification
-Acknowledgment
-Response
See [MS-SMB2] 2.2.23 SMB2 OPLOCK_BREAK Notification
and related (2.2.24 and 2.2.25).
wireshark does not display them properly:
-Notification packets are displayed as 'Response' packets, making this meaning
ambiguous due collision with real Response type of packets
-Acknowledgment packets are displayed as 'Request' packets, that have no sense
in terms of protocol
-no any difference between oplock and lease break packets, making them
indistinguishable from packets view</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>
--15772761480.2d04049.30695--
[Attachment #3 (text/plain)]
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic