Incorrect type for the IEC 60870 APDU appears in packet details pane

Summary

(Summarize the bug encountered concisely)

Steps to reproduce

(How one can reproduce the issue - this is very important)

What is the current bug behavior?

Incorrect type for the IEC 60870 APDU appears in packet details pane, there are three different APDU frames types (I-frame, S-frame and U-frame). The "Type" field under the "ApduLen" field is not correct. While the type is correctly displayed in "info" column in packet list pane.

What is the expected correct behavior?

The type is determined based on the value of the last two bits of the byte nest to "ApduLen" byte, and not determined by the first two bits of this byte as the Wireshark parser behaves.

Sample capture file

attached 104pcap.pcap file, example of such packets are packets no. 77, 79, 83 and others.104pcap.pcap

Relevant logs and/or screenshots

Build information

(In Wireshark, select Help->About Wireshark from the main menu and use the button "Copy To Clipboard".
Please paste the complete output here. Or from the command line, run `tshark -v` or `wireshark -v`)

Edited Jun 30, 2022 by Guy Harris

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information