Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Handling of TVBs

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Fri, 27 Dec 2002 23:08:29 +0100
Guy,
see my comment below.
Best regards
Michael
On Friday, Dec 27, 2002, at 22:53 Europe/Berlin, Guy Harris wrote:


On Fri, Dec 27, 2002 at 05:01:42PM +0100, Michael Tuexen wrote:

But should not the case reported length <> length also raise an
exception?


No, it should not necessarily do so.  That will often be the case, for
example, if you have captured with a snapshot length less than the
maximum packet length, as the reported length will be the length of the
packet as delivered to the machine running Ethereal and the length will
be the length of the packet after trimming the packet to the snapshot
length.
If by "<>" you meant "<", then, at least in the case of packets from the 
link layer, that "should not happen", and probably means a corrupt
capture file or a bug in the capture mechanism or libpcap.  The correct
fix for that might just be to have Wiretap reduce the length so that
it's <= the reported length.



I'm thinking about a protocol with parameters having TLV structure.
Consider a parameter for an IPv4 address. The parameter header is
4 bytes long, the IPv4 address 4 bytes long, so the protocol
says that the parameter length MUST be 8 bytes long.

Writing the dissector I thought it would be the 'correct way' to
set the reported_length for the parameter TLV to 8, because that
is what the protocol definition says. Then I write the code
to display the 8 bytes. But what happens if someone sends a
non-conform parameter with a length of 12 bytes?

Of course I can go through all the parameters, see if there is
a defined length and handle the stuff explicitly. But there are
a lot of protocols using the TLV structure (SCTP, ASAP, M2UA, M3UA,
SUA, M2PA, ...) that have the same problem. So I thing it
is a good way to simply set the reported length.

As you see from the example, handling the reported length < length
is the case I'm interested in, because the case reported length > length
would result into an exception due to the dissection of the parameters.

I'm want to handle these cases as bad packets and I'm looking for
the best way to do this using the ethereal framework.

Best regards
Michael
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube