Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Bug in the filtering system ?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Sid Sid" <ysidelnikov@xxxxxxxxxxx>
Date: Fri, 09 Jul 2004 07:01:10 +0000
Thanks a lot for answer.
PRES dissector really does call ACSE dissector because I can see ACSE information in detail window(such as type of acse connection, etc) The problem is that the next line for some reason does not work in case of empty filter : 

	if (check_col(pinfo->cinfo, COL_PROTOCOL))
		col_set_str(pinfo->cinfo, COL_PROTOCOL, "ACSE");
as far as line:
		/*  set up type of pdu */
 	if (check_col(pinfo->cinfo, COL_INFO))
col_add_str(pinfo->cinfo, COL_INFO, val_to_str(session->spdu_type, ses_vals, "Unknown pdu type (0x%02x)")); 

So I guess if( check_col(.. )) returns FALSE ?



From: "Martin Regner" <martin.regner@xxxxxxxxx>
Reply-To: Ethereal development <ethereal-dev@xxxxxxxxxxxx>
To: "Ethereal development" <ethereal-dev@xxxxxxxxxxxx>
CC: ysidelnikov@xxxxxxxxxxx
Subject: Re: [Ethereal-dev] Bug in the filtering system ?
Date: Thu, 8 Jul 2004 19:44:51 +0200


Sid Sid wrote:
> I've found strange behavior of the ethereal when I tryed to analyse captured 
> file(see attached file). This is FTAM connect accept pdu so there are
> several pdus TPKT/COTP/SES/PRES/ACSE/FTAM.
> If I don't use filtering(the filter window is empty) the ethereal show me 
> 'PRES'(it's wrong) in protocol column but I can see FTAM details in the
> 'packet details' window.
>
> If I use as filter any of protocol names(TCP,TPKT,COTP,SES ... FTAM)
> ethereal begins to show me correct protocol name(FTAM, in our case).
>
> Can anybody explain me what is wrong ?
>
I think that the problem is that PRES dissector doesn't call ACSE dissector when tree is NULL. The tree pointer can be NULL during the first pass when there is no color or display filter. 

For more information see doc/README.developer.
There are probably some if(tree)-statements that has to be removed (or moved). 


Below is an extract from README.developer:
-----------------------------------------------
Ethereal distinguishes between the 2 modes with the proto_tree pointer:

(a) <=> tree == NULL

(b) <=> tree != NULL

In the interest of speed, if "tree" is NULL, avoid building a

protocol tree and adding stuff to it if possible. Note,

however, that you must call subdissectors regardless of whether

"tree" is NULL or not. */


_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev


_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube