ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] RX/AFS dissectors updated

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ronnie Sahlberg" <rsahlber@xxxxxxxxxxxxxx>
Date: Sun, 27 May 2001 18:35:51 +1000
Hi,

----- Original Message -----
From: "Guy Harris" <gharris@xxxxxxxxx>
To: "Nathan Neulinger" <nneul@xxxxxxx>
Cc: "Guy Harris" <gharris@xxxxxxxxx>; "Ronnie Sahlberg"
<rsahlber@xxxxxxxxxxxxxx>; <ethereal-dev@xxxxxxxxxxxx>
Sent: Sunday, May 27, 2001 6:05 PM
Subject: Re: [Ethereal-dev] RX/AFS dissectors updated


> On Sat, May 26, 2001 at 09:14:00PM -0500, Nathan Neulinger wrote:
> >
> > > On frame 65 of "afs.cap", the old dissector listed a bunch of
arguments
> > > to the give-up-callbacks information, but the new dissector doesn't;
> > > does that operation take any arguments, or is the stuff after the
opcode
> > > just junk?
> >
> > Yes, it is supposed to have arguments:
> >
> > GiveUpCallBacks(
> >   IN  AFSCBFids *Fids_Array,
> >   AFSCBs *CallBacks_Array
> > ) = 147;
> >
> >
> > Should have a file id array, followed by a callback array.
>
> So are the lengths of those arrays 1 byte long, or 4 bytes long?

I think they should be 4 bytes long. I will check this.

>
> In the version of "packet-afs-macros.h" before Ronnie Sahlberg's
> changes, "OUT_FS_AFSCBFids()" and "OUT_FS_AFSCBs()" did:
>
>                 unsigned int j,i; \
>                 TRUNC(1); \
>                 j = pntohl(&pd[curoffset]); \
>                 curoffset += 1; \
>
> which fetches a 4-byte length field, but only bumps the offset by 1
> byte.
>
> In Ronnie's version, it does
>
>                 j = tvb_get_guint8(tvb, offset); \
>                 offset += 1; \
>
> which fetches a 1-byte length field, and bumps the offset by 1 byte -
> but that doesn't look correct for frame 65.
>
> If, however, we do
>
>                 j = tvb_get_ntohl(tvb, offset); \
>                 offset += 4; \

I think this would be the correct behaviour. I will check this.

>
> i.e., fetching a 4-byte length field and bumping the offset by 4 bytes,
> that appears to do the right thing, although the "version" value in the
> callback is a large number (3309083628) and the "expires" value in the
> callback is 1 second after the UNIX Epoch, which seems a bit wrong.
>
> If the lengths are 4 bytes long, "OUT_FS_ViceIds()", "OUT_FS_IPAddrs()",
> and "OUT_FS_AFSBulkStats()" might need to be fixed to fetch 4-byte
> lengths.
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube