Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6082] New: Enhancement of Hilscher Analyzer Dissector

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 1 Jul 2011 02:10:19 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6082

           Summary: Enhancement of Hilscher Analyzer Dissector
           Product: Wireshark
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: hpfrommer@xxxxxxxxxxxx


Created an attachment (id=6599)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6599)
Patch and example pcap for Hilscher dissector

Build Information:

Compiled (32-bit) with GTK+ 2.22.1, with GLib 2.26.1, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.10.3,
with
Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Jun
21 2011), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.10.3, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 10.0 build 40219

--
The heuristic dissector was extended to support additional information which is
added by a netANALYZER capture interface after the frames payload data. This
information is not part of the frame data.
Therefore it was necessary to register a heurisitc dissector list within the
frame dissector (packet-frame.c). I hope this is ok for you.
After the additional information has been parsed via the heuristic packet-frame
attached dissector, a new tbv subset is generated which is then passed to the
packet-frame dissector for further dissection.
This allows the frame-dissector to show the correct length of the real frame
data without any interference of the additional information appended after the
frames data.
The original feature of dissecting Ethernet frames with a specifc reserved MAC
address by using a heuristic eth-dissector kept unchanged.

Fuzz testing has passed using the attached pcap file.
The file contains:
* a frame which is dissected by the eth-attached heuristic dissector, which is
then not passed back to the eth dissector
* a frame which is dissected by the new frame-attached heuristic dissector and
then is passed with an new tvb to another instance of the frame dissector
* a frame which is not affected by neither of the both heuristic dissectors

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube