Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Iteration in dissectors?

From: Tyson Key <tyson.key@xxxxxxxxx>
Date: Sun, 22 Jan 2012 13:25:51 +0000
Hi,

I'm currently working on a dissector for Sony's FeliCa application
layer protocol; and things seem to be progressing nicely. However, I'm
facing some issues surrounding iterating through list data structures
in a non-standard manner.

The data structure in question is a list of memory block IDs separated
with 0x80, like:
06 01 27 00 5d 1a 05 8a cd 01 0b 00 [04] {80 01 80 02 80 03 80 04} -
where [04] represents a decimal count of 4 blocks, and the values in
accolades are the decimal block IDs themselves.

My (partially working) iteration code looks like:

	     /* Start counting from 13 */
	     for (rwe_pos = 13; rwe_pos < tvb_get_guint8(tvb, 13); rwe_pos++) {
	       proto_tree_add_item(felica_tree, hf_felica_block_nbr, tvb,
rwe_pos + 1, 1, ENC_BIG_ENDIAN);
	     }

The "rwe_pos" variable is defined near the start of the
dissect_felica() method, and initialised to 0 - although that value
doesn't matter in practice. (I assume that it doesn't quite fit with
the usual Wireshark coding conventions - but it was the most obvious
way of making things work within a switch() case).

The result of using that code, in the context of my dissector (at
https://gist.github.com/1657044) is:

DLT: 160
Sony FeliCa
    Command: Read Without Encryption (0x06)
    IDm (Manufacture ID)/NFCID2: 0x0127005d1a058acd
    Number of Services: 1
    Service Code: 0x0b00
    Number of Blocks: 4
    Block Number: 1
    Block Number: 128
    Block Number: 2
    Block Number: 128
    Block Number: 3
    Block Number: 128
    Block Number: 4
[Malformed Packet: FeliCa]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Message: Malformed Packet (Exception occurred)]
        [Severity level: Error]
        [Group: Malformed]

Obviously, I need to skip every second byte (instances of 0x80 for
padding) - except for cases where 0x80 0x80 is present (since we have
a block 128), to achieve something that looks like:

DLT: 160
Sony FeliCa
    Command: Read Without Encryption (0x06)
    IDm (Manufacture ID)/NFCID2: 0x0127005d1a058acd
    Number of Services: 1
    Service Code: 0x0b00
    Number of Blocks: 4
    Block Number: 1
    Block Number: 2
    Block Number: 3
    Block Number: 4

(through to at least ~136 (if necessary) from looking at the FeliCa
Lite User Manual at
http://www.sony.net/Products/felica/business/tech-support/data/fl_usmnl_1.2.pdf)

Any thoughts?

Thanks in advance,

Tyson.

-- 
                                          Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844