False expect error seen on FCoE frames (not seen with older release wireshark 1.2.18)
Summary
After upgrading Wireshark on our systems from wireshark 1.2.18 to the latest wireshark 3.2.8 version, started to see false expect errors on some of the FCoE frames
Steps to reproduce
Attached the pcap file to the bug, decode the frames using latest 3.2.8 wireshark application and see the errors.
What is the current bug behavior?
mostly a false notification, expect errors reported on FCoE
What is the expected correct behavior?
The same frames do not show errors with older wireshark releases. Our system had older version 1.2.18, no errors are reported there. There are no change in the FCoE application that are generating these frames.
Sample capture file
attached the filtered error frames to the bug. (If possible attach a sample capture file, not screenshot of dissection, showing this issue)
Relevant logs and/or screenshots
Frame 126: 64 bytes on wire (512 bits), 64 bytes captured (512 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Nov 18, 2020 16:41:39.108010000 IST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1605697899.108010000 seconds
[Time delta from previous captured frame: 0.000106000 seconds]
[Time delta from previous displayed frame: 0.000459000 seconds]
[Time since reference or first frame: 5.996916000 seconds]
Frame Number: 126
Frame Length: 64 bytes (512 bits)
Capture Length: 64 bytes (512 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:vlan:ethertype:fcoe:fc]
Cisco Protocol
Ethernet II, Src: 00:3a:9c:07:a8:6a, Dst: 0e:fc:00:ff:fc:ee
Destination: 0e:fc:00:ff:fc:ee
Address: 0e:fc:00:ff:fc:ee
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:3a:9c:07:a8:6a
Address: 00:3a:9c:07:a8:6a
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 3, DEI: 0, ID: 100
011. .... .... .... = Priority: Critical Applications (3)
...0 .... .... .... = DEI: Ineligible
.... 0000 0110 0100 = ID: 100
Type: Fibre Channel over Ethernet (0x8906)
FCoE (SOFf/EOFt) 24 bytes
Version: 0
SOF: SOFf (0x28)
CRC: 0x30dc067a [correct]
[CRC Status: Good]
EOF: EOFt (0x42)
Fibre Channel
R_CTL: 0xc0(Link_Control Frame/ACK1)
Dest Addr: ff.fc.ee
CS_CTL: 0x00
Src Addr: ff.fc.ef
Type: Basic Link Svc (0x00)
F_CTL: 0x580000, ExgRpd: Exchange Originator, SeqRec: Seq Recipient, ExgFst: NOT exchg first, ExgLst: Exchg Last, SeqLst: Seq Last, Pri: CS_CTL, TSI: NOT transfer seq initiative, LDF: Last Data Frame - No Info, A01: no ack required, RetSeq
0... .... .... .... .... .... = ExgRpd: Exchange Originator
.1.. .... .... .... .... .... = SeqRec: Seq Recipient
..0. .... .... .... .... .... = ExgFst: NOT exchg first
...1 .... .... .... .... .... = ExgLst: Exchg Last
.... 1... .... .... .... .... = SeqLst: Seq Last
.... ..0. .... .... .... .... = Pri: CS_CTL
.... ...0 .... .... .... .... = TSI: NOT transfer seq initiative
.... .... 00.. .... .... .... = LDF: Last Data Frame - No Info (0x0)
.... .... ..00 .... .... .... = A01: no ack required (0x0)
.... .... .... ..0. .... .... = RetSeq: NOT retransmitted sequence
.... .... .... .... ..00 .... = AA: ABTS - Cont (0x0)
.... .... .... .... .... 0... = RelOff: rel offset NOT set
SEQ_ID: 0x44
DF_CTL: 0x00
SEQ_CNT: 0
OX_ID: 0x025b
RX_ID: 0x8fce
Parameter: 0x00000001
Packet length is shorter than the required header
[Expert Info (Error/Malformed): Packet length is shorter than the required header]
[Packet length is shorter than the required header]
[Severity level: Error]
[Group: Malformed]
(Paste any relevant logs here)
(Paste any relevant screenshots here)
Build information
bash-4.4# tshark -v
TShark (Wireshark) 3.2.4 (Git commit 893b5a5e1e3e)
Copyright 1998-2020 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.58.0, without zlib, without SMI, without c-ares, with Lua 5.2.4,
with GnuTLS 3.6.4, with Gcrypt 1.8.4, without Kerberos, without MaxMind DB
resolver, without nghttp2, without brotli, without LZ4, without Zstandard,
without Snappy, with libxml2 2.9.8.
Running on Linux 4.19.138, with Intel(R) Xeon(R) CPU D-1548 @ 2.00GHz (with
SSE4.2), with 32018 MB of physical memory, with locale en_US.UTF-8, with libpcap
version 1.9.1 (with TPACKET_V3), with GnuTLS 3.6.4, with Gcrypt 1.8.4, binary
plugins supported (0 loaded).
Built using clang 4.2.1 Compatible Clang 7.0.1 (tags/RELEASE_701/final).
bash-4.4# [FC_error_frames.pcap](/uploads/3359d5766095ba4cbc3816d1568ca6ca/FC_error_frames.pcap)
(In Wireshark, select Help->About Wireshark from the main menu and use the button "Copy To Clipboard".
Please paste the complete output here. Or from the command line, run `tshark -v` or `wireshark -v`)