Wireshark-dev: [Wireshark-dev] PATCH: Update LANforge protocol dissector.
From: Ben Greear <greearb@xxxxxxxxxxxxxxx>
Date: Wed, 06 Jan 2010 17:09:05 -0800
I changed our LANforge protocol slightly..stealing 1 byte from the 'pattern' field to support larger payload-length. Attached is a patch against the latest wireshark svn to let wireshark decode this properly. Thanks, Ben -- Ben Greear <greearb@xxxxxxxxxxxxxxx> Candela Technologies Inc http://www.candelatech.com
Index: epan/dissectors/packet-lanforge.c =================================================================== --- epan/dissectors/packet-lanforge.c (revision 31458) +++ epan/dissectors/packet-lanforge.c (working copy) @@ -56,6 +56,8 @@ static int hf_lanforge_magic = -1; static int hf_lanforge_src_session = -1; static int hf_lanforge_dst_session = -1; +static int hf_lanforge_pld_len_l = -1; +static int hf_lanforge_pld_len_h = -1; static int hf_lanforge_pld_len = -1; static int hf_lanforge_pld_pattern = -1; static int hf_lanforge_seq = -1; @@ -78,6 +80,8 @@ guint32 offset = 0; nstime_t tstamp; guint32 tss; + guint32 tmpi; + guint32 pld_len = 0; /* check for min size */ if(tvb_length(tvb) < 28) { /* Not a LANforge packet. */ @@ -119,12 +123,22 @@ proto_tree_add_item(lanforge_tree, hf_lanforge_dst_session, tvb, offset, 2, FALSE); offset+=2; - proto_tree_add_item(lanforge_tree, hf_lanforge_pld_len, tvb, offset, 2, FALSE); + pld_len = tvb_get_ntohs(tvb, offset); + tmp = proto_tree_add_item(lanforge_tree, hf_lanforge_pld_len_l, tvb, offset, 2, FALSE); + PROTO_ITEM_SET_GENERATED(tmp); offset+=2; - proto_tree_add_item(lanforge_tree, hf_lanforge_pld_pattern, tvb, offset, 2, FALSE); - offset+=2; + tmpi = tvb_get_guint8(tvb, offset); + tmp = proto_tree_add_item(lanforge_tree, hf_lanforge_pld_len_h, tvb, offset, 1, FALSE); + PROTO_ITEM_SET_GENERATED(tmp); + offset+=1; + pld_len |= (tmpi << 16); + proto_tree_add_uint(lanforge_tree, hf_lanforge_pld_len, tvb, offset-3, 3, pld_len); + + proto_tree_add_item(lanforge_tree, hf_lanforge_pld_pattern, tvb, offset, 1, FALSE); + offset+=1; + proto_tree_add_item(lanforge_tree, hf_lanforge_seq, tvb, offset, 4, FALSE); offset+=4; @@ -196,14 +210,30 @@ } }, - { &hf_lanforge_pld_len, + { &hf_lanforge_pld_len_l, { - "Payload Length", "LANforge.pld-length", + "Payload Length(L)", "LANforge.pld-len-L", FT_UINT16, BASE_DEC, NULL, 0x0, - "The LANforge payload length", HFILL + "The LANforge payload length (low bytes)", HFILL } }, + { &hf_lanforge_pld_len_h, + { + "Payload Length(H)", "LANforge.pld-len-H", + FT_UINT8, BASE_DEC, NULL, 0x0, + "The LANforge payload length (high byte)", HFILL + } + }, + + { &hf_lanforge_pld_len, + { + "Payload Length", "LANforge.pld-length", + FT_UINT32, BASE_DEC, NULL, 0x0, + "The LANforge payload length", HFILL + } + }, + { &hf_lanforge_pld_pattern, { "Payload Pattern", "LANforge.pld-pattern",
- Follow-Ups:
- Re: [Wireshark-dev] PATCH: Update LANforge protocol dissector.
- From: Jeff Morriss
- Re: [Wireshark-dev] PATCH: Update LANforge protocol dissector.
- Prev by Date: Re: [Wireshark-dev] How does Wireshark do name resolution?
- Next by Date: Re: [Wireshark-dev] How does Wireshark do name resolution?
- Previous by thread: Re: [Wireshark-dev] Security issue being reported by the SecuniaPSI scanner.
- Next by thread: Re: [Wireshark-dev] PATCH: Update LANforge protocol dissector.
- Index(es):
- Get Wireshark
- Download
- Code of Conduct