Wireshark-dev: Re: [Wireshark-dev] Iteration in dissectors?
From: Tyson Key <[email protected]>
Date: Mon, 23 Jan 2012 11:01:51 +0000
I eventually managed to get thing working by using a combination of a
modified version of Chris's second approach, and use of
tvb_new_subset_remaining() to capture data after the Number of Blocks
byte.

Since I've also managed to get Polling Request/Response, and Read
Without Encryption Response packets mostly dissected (apart from a few
context-dependent data tables related to Status Flags), I might submit
the dissector for review.

Of course, there are other commands - although some are undocumented
and aren't present in the FeliCa Lite protocol "profile"/subset (e.g.
the authentication-related ones - which only get a brief mention in
the FeliCa Standard datasheets, and in the relevant Japanese
Industrial Standard (JIS X 6319-4)); and Write Without Encryption
Request/Response doesn't appear in my traces, so I can't easily test
an implementation of it.

Thanks once again,

Tyson.

On 22 January 2012 21:41, Tyson Key <[email protected]> wrote:
> Thanks Chris,
>
> If I remember correctly, apart from an annoying, misleading "malformed
> packet" error, I eventually managed to dump all of the block IDs (1-4)
> using either :
>
> /* Start counting from 13 */
>             for (rwe_pos = 13; rwe_pos < tvb_get_guint8(tvb, 13); rwe_pos+=2) {
>               proto_tree_add_item(felica_tree, hf_felica_block_nbr, tvb,
> rwe_pos+1, 1, ENC_BIG_ENDIAN);
>             }
>
> or
>
> /* Start counting from 13 */
>             for (rwe_pos = 13; rwe_pos < tvb_get_guint8(tvb, 12); rwe_pos+=2) {
>               proto_tree_add_item(felica_tree, hf_felica_block_nbr, tvb,
> rwe_pos+1, 1, ENC_BIG_ENDIAN);
>             }
>
> I've found that removing the extraneous "+1" from that code will cause
> all of the IDs to be "128" (which is incorrect) - so it's probably
> just a case of trying to break the loop at the right time.
>
> For what it's worth, this also seems to work (with caveats):
>
>            /* Start counting from 13 */
>             for (rwe_pos = 13; tvb_get_guint8(tvb, 12) < rwe_pos; rwe_pos+=2) {
>               printf (rwe_pos);
>
>               proto_tree_add_item(felica_tree, hf_felica_block_nbr,
> tvb, rwe_pos+1, 1, ENC_BIG_ENDIAN);
>             }
>
> In that case, I see the following error messages on stdout:
>
> 21:01:04          Warn Dissector bug, protocol FeliCa, in packet 5:
> More than 1000000 items in the tree -- possible infinite loop
> 21:01:04          Warn Dissector bug, protocol FeliCa, in packet 8:
> More than 1000000 items in the tree -- possible infinite loop
>
> After trying your initial examples, and doing some of my own
> experimentation, I've came to the conclusion that I can either
> "successfully fail" and obtain all of the block IDs along with an
> error message; or "fail successfully" and obtain nothing - since the
> conditions being tested are contradictory (e.g. the number of blocks
> is less than the position - therefore, we don't move the cursor).
>
> Tyson.
>
> On 22 January 2012 18:16, Chris Maynard <[email protected]> wrote:
>> Tyson Key <[email protected]> writes:
>>
>>> My (partially working) iteration code looks like:
>>>
>>>            /* Start counting from 13 */
>>>            for (rwe_pos = 13; rwe_pos < tvb_get_guint8(tvb, 13); rwe_pos++) {
>>>              proto_tree_add_item(felica_tree, hf_felica_block_nbr, tvb,
>>> rwe_pos + 1, 1, ENC_BIG_ENDIAN);
>>>            }
>>
>> How about something like this:
>>
>>    /* Start counting from 14 */
>>    for (rwe_pos = 14; rwe_pos < tvb_get_guint8(tvb, 12); rwe_pos+=2) {
>>        proto_tree_add_item(felica_tree, hf_felica_block_nbr, tvb, rwe_pos, 1,
>> ENC_BIG_ENDIAN);
>>    }
>>
>> ... or if you want the 0x80 byte highlighted as part of the block number
>> (instead of skipping it), then do something like:
>>
>>    /* Start counting from 13 */
>>    for (rwe_pos = 13; rwe_pos < tvb_get_guint8(tvb, 12); rwe_pos+=2) {
>>        proto_tree_add_uint(felica_tree, hf_felica_block_nbr, tvb, rwe_pos, 2,
>> tvb_get_guint8(tvb, rwe_pos + 1));
>>    }
>>
>> - Chris
>>
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <[email protected]>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>             mailto:[email protected]?subject=unsubscribe
>
>
>
> --
>                                           Fight Internet Censorship!
> http://www.eff.org
> http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
> 00447934365844



-- 
                                          Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844