Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2226] Mismatching </proto> element in a PDML explort

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 31 Jan 2008 08:56:09 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2226





--- Comment #3 from Rene Baumann <Rene.Baumann@xxxxxxxxxxxxxx>  2008-01-31 08:56:07 GMT ---
I try to find the problem by analysing the output of wireshark.
Look at this part of a http-packet:

    <field name="" show="HTTP chunked response" size="546" pos="463"
value="3231360d0a3c68746d6c3e0a3c686561643e0a3c7469746c653e4d794d696e69436974793c2f7469746c653e0a3c2f686561643e0a3c626f64793e0a093c6e6f7363726970743e0a0909546869732073697465206e65656473204a6176615363726970742e09090a093c2f6e6f7363726970743e0a0a093c73637269707420747970653d22746578742f6a617661736372697074223e0a092f2f3c215b43444154415b0a0a097661722064203d206e6577204461746528293b0a09642e73657454696d6528642e67657454696d6528292b3234333430293b0a0976617220657870203d20642e746f474d54537472696e6728293b0a0969662820646f63756d656e742e726566657272657220213d206e756c6c20290a0909646f63756d656e742e636f6f6b6965203d2022582d4d562d526566657265723d222b656e636f6465555249436f6d706f6e656e7428646f63756d656e742e7265666572726572293b0a09646f63756d656e742e636f6f6b6965203d2022582d5265662d4f6b3d313b657870697265733d222b6578702b223b706174683d2f220a09646f63756d656e742e6c6f636174696f6e2e68726566203d20646f63756d656e742e6c6f636174696f6e2e687265663b0a092f2f5d5d3e0a093c2f7363726970743e0a093c703e3c656d3e506c65617365207
 7616974206120666577206d6f6d656e74732e2e2e3c2f656d3e3c2f703e0a0a3c2f626f64793e0a3c2f68746d6c3e0a0d0a300d0a0d0a">
      <field name="" show="Data chunk (534 octets)" size="541" pos="463"
value="3231360d0a3c68746d6c3e0a3c686561643e0a3c7469746c653e4d794d696e69436974793c2f7469746c653e0a3c2f686561643e0a3c626f64793e0a093c6e6f7363726970743e0a0909546869732073697465206e65656473204a6176615363726970742e09090a093c2f6e6f7363726970743e0a0a093c73637269707420747970653d22746578742f6a617661736372697074223e0a092f2f3c215b43444154415b0a0a097661722064203d206e6577204461746528293b0a09642e73657454696d6528642e67657454696d6528292b3234333430293b0a0976617220657870203d20642e746f474d54537472696e6728293b0a0969662820646f63756d656e742e726566657272657220213d206e756c6c20290a0909646f63756d656e742e636f6f6b6965203d2022582d4d562d526566657265723d222b656e636f6465555249436f6d706f6e656e7428646f63756d656e742e7265666572726572293b0a09646f63756d656e742e636f6f6b6965203d2022582d5265662d4f6b3d313b657870697265733d222b6578702b223b706174683d2f220a09646f63756d656e742e6c6f636174696f6e2e68726566203d20646f63756d656e742e6c6f636174696f6e2e687265663b0a092f2f5d5d3e0a093c2f7363726970743e0a093c703e3c656d3e506c65617365207
 7616974206120666577206d6f6d656e74732e2e2e3c2f656d3e3c2f703e0a0a3c2f626f64793e0a3c2f68746d6c3e0a0d0a">
        <field name="" show="Chunk size: 534 octets" size="5" pos="463"
value="3231360d0a"/>
        <field name="data"
value="3c68746d6c3e0a3c686561643e0a3c7469746c653e4d794d696e69436974793c2f7469746c653e0a3c2f686561643e0a3c626f64793e0a093c6e6f7363726970743e0a0909546869732073697465206e65656473204a6176615363726970742e09090a093c2f6e6f7363726970743e0a0a093c73637269707420747970653d22746578742f6a617661736372697074223e0a092f2f3c215b43444154415b0a0a097661722064203d206e6577204461746528293b0a09642e73657454696d6528642e67657454696d6528292b3234333430293b0a0976617220657870203d20642e746f474d54537472696e6728293b0a0969662820646f63756d656e742e726566657272657220213d206e756c6c20290a0909646f63756d656e742e636f6f6b6965203d2022582d4d562d526566657265723d222b656e636f6465555249436f6d706f6e656e7428646f63756d656e742e7265666572726572293b0a09646f63756d656e742e636f6f6b6965203d2022582d5265662d4f6b3d313b657870697265733d222b6578702b223b706174683d2f220a09646f63756d656e742e6c6f636174696f6e2e68726566203d20646f63756d656e742e6c6f636174696f6e2e687265663b0a092f2f5d5d3e0a093c2f7363726970743e0a093c703e3c656d3e506c656173652077616974206
 120666577206d6f6d656e74732e2e2e3c2f656d3e3c2f703e0a0a3c2f626f64793e0a3c2f68746d6c3e0a"/>
          <field name="data.data" showname="Data:
3C68746D6C3E0A3C686561643E0A3C7469746C653E4D794D..." size="534" pos="468"
show="3c:68:74:6d:6c:3e:0a:3c:68:65:61:64:3e:0a:3c:74:69:74:6c:65:3e:4d:79:4d:69:6e:69:43:69:74:79:3c:2f:74:69:74:6c:65:3e:0a:3c:2f:68:65:61:64:3e:0a:3c:62:6f:64:79:3e:0a:09:3c:6e:6f:73:63:72:69:70:74:3e:0a:09:09:54:68:69:73:20:73:69:74:65:20:6e:65:65:64:73:20:4a:61:76:61:53:63:72:69:70:74:2e:09:09:0a:09:3c:2f:6e:6f:73:63:72:69:70:74:3e:0a:0a:09:3c:73:63:72:69:70:74:20:74:79:70:65:3d:22:74:65:78:74:2f:6a:61:76:61:73:63:72:69:70:74:22:3e:0a:09:2f:2f:3c:21:5b:43:44:41:54:41:5b:0a:0a:09:76:61:72:20:64:20:3d:20:6e:65:77:20:44:61:74:65:28:29:3b:0a:09:64:2e:73:65:74:54:69:6d:65:28:64:2e:67:65:74:54:69:6d:65:28:29:2b:32:34:33:34:30:29:3b:0a:09:76:61:72:20:65:78:70:20:3d:20:64:2e:74:6f:47:4d:54:53:74:72:69:6e:67:28:29:3b:0a:09:69:66:28:20:64:6f:63:75:6d:65:6e:74:2e:72:65:66:65:72:72:65:72:20:21:3d:20:6e:75:6c:6c:20:29:0a:09:09:64:6f:63:75:6d:65:6e:74:2e:63:6f:6f:6b:69:65:20:3d:20:22:58:2d:4d:56:2d:52:65:66:65:72:65:72:3d:22:2b:65:6e:63:6f:64:65:55:52:49:43:6f:6d:70:6f:6e:65:6e:74:28:
 64:6f:63:75:6d:65:6e:74:2e:72:65:66:65:72:72:65:72:29:3b:0a:09:64:6f:63:75:6d:65:6e:74:2e:63:6f:6f:6b:69:65:20:3d:20:22:58:2d:52:65:66:2d:4f:6b:3d:31:3b:65:78:70:69:72:65:73:3d:22:2b:65:78:70:2b:22:3b:70:61:74:68:3d:2f:22:0a:09:64:6f:63:75:6d:65:6e:74:2e:6c:6f:63:61:74:69:6f:6e:2e:68:72:65:66:20:3d:20:64:6f:63:75:6d:65:6e:74:2e:6c:6f:63:61:74:69:6f:6e:2e:68:72:65:66:3b:0a:09:2f:2f:5d:5d:3e:0a:09:3c:2f:73:63:72:69:70:74:3e:0a:09:3c:70:3e:3c:65:6d:3e:50:6c:65:61:73:65:20:77:61:69:74:20:61:20:66:65:77:20:6d:6f:6d:65:6e:74:73:2e:2e:2e:3c:2f:65:6d:3e:3c:2f:70:3e:0a:0a:3c:2f:62:6f:64:79:3e:0a:3c:2f:68:74:6d:6c:3e:0a"
value="3c68746d6c3e0a3c686561643e0a3c7469746c653e4d794d696e69436974793c2f7469746c653e0a3c2f686561643e0a3c626f64793e0a093c6e6f7363726970743e0a0909546869732073697465206e65656473204a6176615363726970742e09090a093c2f6e6f7363726970743e0a0a093c73637269707420747970653d22746578742f6a617661736372697074223e0a092f2f3c215b43444154415b0a0a097661722064203d206e6577204461746528293b0a09642e73657454696d6528642e67657454696d6528292b3234333430293b0a0976617220657870203d20642e746f474d54537472696e6728293b0a0969662820646f63756d656e742e726566657272657220213d206e756c6c20290a0909646f63756d656e742e636f6f6b6965203d2022582d4d562d526566657265723d222b656e636f6465555249436f6d706f6e656e7428646f63756d656e742e7265666572726572293b0a09646f63756d656e742e636f6f6b6965203d2022582d5265662d4f6b3d313b657870697265733d222b6578702b223b706174683d2f220a09646f63756d656e742e6c6f636174696f6e2e68726566203d20646f63756d656e742e6c6f636174696f6e2e687265663b0a092f2f5d5d3e0a093c2f7363726970743e0a093c703e3c656d3e506c656173652077616974206
 120666577206d6f6d656e74732e2e2e3c2f656d3e3c2f703e0a0a3c2f626f64793e0a3c2f68746d6c3e0a"/>
error-->>> </proto>
        <field name="" show="Chunk boundary" size="2" pos="1002" value="0d0a"/>
      </field>
      <field name="" show="End of chunked encoding" size="5" pos="1004"
value="300d0a0d0a">
        <field name="" show="Chunk size: 0 octets" size="3" pos="1004"
value="300d0a"/>
        <field name="" show="Chunk boundary" size="2" pos="1007" value="0d0a"/>
      </field>
    </field>

The solution here:
Just delete it.
But in another context, you can not just delete it.
Look at this code snippet:

<proto name="udp" showname="User Datagram Protocol, Src Port: avt-profile-1
(5004), Dst Port: avt-profile-1 (5004)" size="8" pos="34">
    <field name="udp.srcport" showname="Source port: avt-profile-1 (5004)"
size="2" pos="34" show="5004" value="138c"/>
    <field name="udp.dstport" showname="Destination port: avt-profile-1 (5004)"
size="2" pos="36" show="5004" value="138c"/>
    <field name="udp.port" showname="Source or Destination Port: 5004"
hide="yes" size="2" pos="34" show="5004" value="138c"/>
    <field name="udp.port" showname="Source or Destination Port: 5004"
hide="yes" size="2" pos="36" show="5004" value="138c"/>
    <field name="udp.length" showname="Length: 44" size="2" pos="38" show="44"
value="002c"/>
    <field name="udp.checksum_coverage" showname="Checksum coverage: 44"
hide="yes" size="0" pos="38" show="44"/>
    <field name="udp.checksum" showname="Checksum: 0x6d7f [correct]" size="2"
pos="40" show="0x6d7f" value="6d7f">
      <field name="udp.checksum_good" showname="Good Checksum: True" size="2"
pos="40" show="1" value="6d7f"/>
      <field name="udp.checksum_bad" showname="Bad Checksum: False" size="2"
pos="40" show="0" value="6d7f"/>
    </field>
  </proto>
error-->> ---proto is missing---
  <field name="data"
value="24000000986900001c004c18c9648c1364008c13bab10000504b0000b95b2a6f36aa1d00"/>
    <field name="data.data" showname="Data:
24000000986900001C004C18C9648C1364008C13BAB10000..." size="36" pos="42"
show="24:00:00:00:98:69:00:00:1c:00:4c:18:c9:64:8c:13:64:00:8c:13:ba:b1:00:00:50:4b:00:00:b9:5b:2a:6f:36:aa:1d:00"
value="24000000986900001c004c18c9648c1364008c13bab10000504b0000b95b2a6f36aa1d00"/>
  </proto>
</packet>
</pdml>


The specification says, that a <packet>-tag is only followed by many
<proto>-tags.
Look at this snippet:

  <proto name="tcp" showname="Transmission Control Protocol, Src Port: http-alt
(8080), Dst Port: q55-pcc (1253), Seq: 2091, Ack: 1424, Len: 56" size="20"
pos="34">
    <field name="tcp.srcport" showname="Source port: http-alt (8080)" size="2"
pos="34" show="8080" value="1f90"/>
    <field name="tcp.dstport" showname="Destination port: q55-pcc (1253)"
size="2" pos="36" show="1253" value="04e5"/>
    <field name="tcp.port" showname="Source or Destination Port: 8080"
hide="yes" size="2" pos="34" show="8080" value="1f90"/>
    <field name="tcp.port" showname="Source or Destination Port: 1253"
hide="yes" size="2" pos="36" show="1253" value="04e5"/>
    <field name="tcp.len" showname="TCP Segment Len: 56" hide="yes" size="4"
pos="34" show="56" value="1f9004e5"/>
    <field name="tcp.seq" showname="Sequence number: 2091    (relative sequence
number)" size="4" pos="38" show="2091" value="82dc3c1c"/>
    <field name="tcp.nxtseq" showname="Next sequence number: 2147    (relative
sequence number)" size="0" pos="34" show="2147"/>
    <field name="tcp.ack" showname="Acknowledgement number: 1424    (relative
ack number)" size="4" pos="42" show="1424" value="465d834a"/>
    <field name="tcp.hdr_len" showname="Header length: 20 bytes" size="1"
pos="46" show="20" value="50"/>
    <field name="tcp.flags" showname="Flags: 0x18 (PSH, ACK)" size="1" pos="47"
show="0x18" value="18">
      <field name="tcp.flags.cwr" showname="0... .... = Congestion Window
Reduced (CWR): Not set" size="1" pos="47" show="0" value="0"
unmaskedvalue="18"/>
      <field name="tcp.flags.ecn" showname=".0.. .... = ECN-Echo: Not set"
size="1" pos="47" show="0" value="0" unmaskedvalue="18"/>
      <field name="tcp.flags.urg" showname="..0. .... = Urgent: Not set"
size="1" pos="47" show="0" value="0" unmaskedvalue="18"/>
      <field name="tcp.flags.ack" showname="...1 .... = Acknowledgment: Set"
size="1" pos="47" show="1" value="1" unmaskedvalue="18"/>
      <field name="tcp.flags.push" showname=".... 1... = Push: Set" size="1"
pos="47" show="1" value="1" unmaskedvalue="18"/>
      <field name="tcp.flags.reset" showname=".... .0.. = Reset: Not set"
size="1" pos="47" show="0" value="0" unmaskedvalue="18"/>
      <field name="tcp.flags.syn" showname=".... ..0. = Syn: Not set" size="1"
pos="47" show="0" value="0" unmaskedvalue="18"/>
      <field name="tcp.flags.fin" showname=".... ...0 = Fin: Not set" size="1"
pos="47" show="0" value="0" unmaskedvalue="18"/>
    </field>
    <field name="tcp.window_size" showname="Window size: 65535" size="2"
pos="48" show="65535" value="ffff"/>
    <field name="tcp.checksum" showname="Checksum: 0xf1ac [correct]" size="2"
pos="50" show="0xf1ac" value="f1ac">
      <field name="tcp.checksum_good" showname="Good Checksum: True" size="2"
pos="50" show="1" value="f1ac"/>
      <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2"
pos="50" show="0" value="f1ac"/>
    </field>
    <field name="" show="TCP segment data (56 bytes)" size="56" pos="54"
value="53f90d734163e4e9461c9e33f48a2687871cf4e5f70275a63e12e7c3c19f8541b11a1aee8d1ebaaefd1f0000ffff0300e11a872691090000"/>
  </proto>

---whats that???---
  <field name="tcp.segments" showname="Reassembled TCP Segments (1516 bytes):
#181(1460), #182(56)" size="1516" pos="0" show="" value="">
    <field name="tcp.segment" showname="Frame: 181, payload: 0-1459 (1460
bytes)" size="1460" pos="0" show="181"
value="485454502f312e3120323030204f4b0d0a446174653a205468752c203331204a616e20323030382030373a30323a303520474d540d0a5365727665723a204170616368652f322e322e33202844656269616e29206d6f645f707974686f6e2f332e322e313020507974686f6e2f322e342e34205048502f352e322e302d382b657463683130206d6f645f73736c2f322e322e33204f70656e53534c2f302e392e3863206d6f645f7065726c2f322e302e32205065726c2f76352e382e380d0a582d506f77657265642d42793a205048502f352e322e302d382b6574636831300d0a457870697265733a205468752c203139204e6f7620313938312030383a35323a303020474d540d0a43616368652d436f6e74726f6c3a206e6f2d63616368650d0a507261676d613a206e6f2d63616368650d0a566172793a204163636570742d456e636f64696e670d0a436f6e74656e742d547970653a20746578742f6a6176617363726970740d0a436f6e74656e742d6c656e6774683a20313035320d0a50726f78792d436f6e6e656374696f6e3a204b6565702d416c6976650d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a0d0a1f8b08000000000000037c556d6fdb3610feee5f71288a5a4e0cc96
 bba17c40bd0a24bd3acdd1620dd802208065a3a59ac655220296b469bffbe3bd292a5d8a9be5012ef1ededdf3dc31393919c109fc2e36c2a646560e4ab930c26cc1692884ca4a0401161de81c56b85d489549b5b43179b1e3a702a1b668c016ba2e33902a2deb0cc115d242409c02c1d00f54908ab264b00f1d5044985306e2ad85485713c8b5011469d13b8ebc850342ccd04a83594ce776f8d04842756285046290c128d6525a878a7d198fa02a83d6a2f5c1ac455505585c73a2b47601405eabd449adec14b461b44cb3add29413ad32a7d7bd358781ae2dc7f3f7da64780e052f89c375550a8736f9d2d537e917f18b9d6ee087f8c7f855fc33bc9ccd7e4a66bf246733989d9dcf66e7672f212d6a3ae3f2bf0a9eef4eb845f4e122155a5bcc209744d1dbbf6e3e5fff79e5732d658aca2251415f6bc1a940f4f1eae6e32486eb1cb6ba864c668c452981c114e5664718634d291f84c2b9ea3c499aa689739bc7da2c935457db12739794cbaa8c0bb72edbac5f575409b144f0d9d39f64344a82b0de90886cf184785e6f84817f69e30f5179afde375c80c206de1823b6d164de01de9214ebca97a02575c7359ad883104151a6d37a8dcac5a9a85c6df072431f165ebc00ff167fb8fcfcf7cd04be8e809ee3c651df723e7a1875665ad1c9354748eb7bdf236610a0e508454f
 51c48a60e35467d82b9a116bfe0be1f91452621baf4923974b6a2cade29e7987e9cd5ba9b2bdefad86bbec19a13c636106c953b7dc86e65c502f33d6c1d3e290401c2c39012f312e40dbbc5d68827039147468ecf4289cd5a161596aa9503c20288d61b8bbd9b2ae4b27abd2c35beaada3788c53ca15067e3b94c341b29f22a3402d6bc16d2b24fded747547cb3d5c5cc0b85619e65261366e85c0cfd00ceeeee77eeb61f418af6382b1da989e848aabda165117de0e14b0a4d27ccf837be0dd0e3c1ae3780a63da1cef3385531847d4b4f477321f4f5a64d26b2bc86bb5d12b1a148bade79147fd6d189c81e035b1ba538e17e9403957240606e92b20128e271bab647f4790f81646377415d889d74ca9f5ca5bf03809c4363457c4862f94e06560c780ef102f193ac34f29ab438a20dda386c120fd107b17c040e3dd647824987dbb46d82a84470e12d108dfbed14da232ddc41e7bbe671c63f27c4ba9f7d9e54a915bbb3560343835854c8b632e7e63a0abe48493a6221b1cdb27ebe32908756a444752285438e484ea35a5feb4d65f556ad8b9bb4ef6e9c55c9936c1beeefa01f3b111574852dcb3392dbf0e355aa25aba620ea7a7b2ef770cf74edeb73a7d6cca0fc60669f8aa7f4459331fb9a042ce0fcc7a0d88311580"/>
    <field name="tcp.segment" showname="Frame: 182, payload: 1460-1515 (56
bytes)" size="56" pos="1460" show="182"
value="53f90d734163e4e9461c9e33f48a2687871cf4e5f70275a63e12e7c3c19f8541b11a1aee8d1ebaaefd1f0000ffff0300e11a872691090000"/>
  </field>
---whats that???---

  <proto name="http" showname="Hypertext Transfer Protocol" size="464" pos="0"> 

After a <proto>-tag follows a field tag with tcp-segments?!?!
Seems like there is new layer in the OSI Model.
This makes it difficult to write a programm, that wants to process such pdml
data packets.
I don't know how to wright a correct DTD for validation.

I tried to make a DTD.
Please give me a feedback about that.
You find it in the attachment (The DTD of the PDML)


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube