Wireshark-bugs: [Wireshark-bugs] [Bug 5037] New: SCSI dissector misidentifies ATA PASSTHROUGH co
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 20 Jul 2010 14:51:07 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5037

           Summary: SCSI dissector misidentifies ATA PASSTHROUGH command
                    as ACCESS CONTROL IN
           Product: Wireshark
           Version: 1.2.7
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: zachary.mark.two@xxxxxxxxx


Created an attachment (id=4939)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4939)
SVN diff with fix

Build Information:
wireshark 1.2.7

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.20.0, with GLib 2.24.0, with libpcap 1.0.0, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with
c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 18 2010 23:31:11),
without AirPcap.

Running on Linux 2.6.32-22-generic, with libpcap version 1.0.0, GnuTLS 2.8.5,
Gcrypt 1.4.4.

Built using gcc 4.4.3.

--
In epan/dissectors/packet-scsi.h, it appears that SCSI_SPC_ACCESS_CONTROL_IN is
incorrectly set to opcode 0x85 where the actual opcode is 0x86.  0x85 is the
opcode for the 16-byte version of the ATA PASSTHROUGH command of the SAT
standards family.  I found this because I had a situation where a process was
incorrectly attempting to perform SMART operations on connected iSCSI devices.

List of all SCSI opcodes in numeric order:  http://www.t10.org/lists/op-num.htm
OP  DTLPWROMAEBKVF  Description
80  Z               XDWRITE EXTENDED(16) [SBC]
80   M              WRITE FILEMARKS(16)
81  Z               REBUILD(16) [SBC]
81   O              READ REVERSE(16)
82  Z               REGENERATE(16) [SBC]
82   O              ALLOW OVERWRITE
83  OOOOO O    OO   EXTENDED COPY
84  OOOOO O    OO   RECEIVE COPY RESULTS
85  O    O    O     ATA PASS THROUGH(16)
86  OO OO OOOOOOO   ACCESS CONTROL IN
87  OO OO OOOOOOO   ACCESS CONTROL OUT
88  MO  O O   O     READ(16)
89  O               COMPARE AND WRITE
8A  OO  O O   O     WRITE(16)
8B  O               ORWRITE

Found in version 1.2.7 (ubuntu 10.04), however it appears to exist in the
latest SVN.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.