Hi,
Gerald Combs wrote:
Could someone take a look at bug #68? I'm having a hard time tracking
it down:
http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=68
IMHO this semes to be caused by ISF frame with length=1, which is less
than the isl header.
Then the frame is split in 1-byte payload_tvb and N-byte trailer
Later 2 1-byte fields are dewrived successfully from the 1-byte header
proto_tree_add_text(fh_tree, payload_tvb, 0, 1, "DSAP: 0x%X",
tvb_get_guint8(tvb, 14));
proto_tree_add_text(fh_tree, payload_tvb, 1, 1, "SSAP: 0x%X",
tvb_get_guint8(tvb, 15));
bu the third one does not succeed:
proto_tree_add_text(fh_tree, payload_tvb, 2, 1, "Control: 0x%X",
tvb_get_guint8(tvb, 16));
which seems like some bug itself
the obvious fix was:
Index: epan/dissectors/packet-isl.c
===================================================================
--- epan/dissectors/packet-isl.c (revision 14112)
+++ epan/dissectors/packet-isl.c (working copy)
@@ -185,7 +185,7 @@
if (tree)
proto_tree_add_uint(fh_tree, hf_isl_len, tvb, 12, 2, length);
- if (length != 0) {
+ if (length >= 12) { /* the ISL header itself */
/* The length field was set; it's like an 802.3 length field, so
treat it similarly, by constructing a tvbuff containing only
the data specified by the length field. */
which produces sane packet dump, but then I know almost nothing about
the inner workings ov ethereal
on a second thought, this may probably be (length >= 60 (or 64?))
as it concerns the entire frame length, not only the header. this change
fixed the few short frames reported with the (length >= 12) check
(frames 40,118,333) and even the reportd fcs is correct for them
just my $0.02
best regards,
Cvetan