SOMEIP-SD hidden entries are off
Summary
The following fields are behind the SOME/IP-SD entry instead on it. This means we might read behind the packet!
The following fields are affected:
- someipsd.entry.offerservice
- someipsd.entry.stopofferservice
- someipsd.entry.findservice
- someipsd.entry.subscribeeventgroup
- someipsd.entry.stopsubscribeeventgroup
- someipsd.entry.subscribeeventgroupack
- someipsd.entry.subscribeeventgroupnack
I have a patch prepared and will upload.
Steps to reproduce
Open a trace with SOME/IP-SD and hover over a (hidden) entry item (see list above). It marks the wrong bytes.
What is the current bug behavior?
Offset of these entries is not set to start of the entry.
What is the expected correct behavior?
Offset is at start of entry.
Sample capture file
every SOME/IP-SD file.
Relevant logs and/or screenshots
n/a
Build information
Every OS. Wireshark 3.2, 3.4, and master affected.
Edited by Gerald Combs