Wireshark-bugs: [Wireshark-bugs] [Bug 1110] New: Invalid characters in show attribute in PDML ou

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 18 Sep 2006 11:08:47 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1110

           Summary: Invalid characters in show attribute in PDML output
           Product: Wireshark
           Version: 0.99.3
          Platform: PC
               URL: http://www.redali.com/bugs/wireshare/pdml/
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: paul.blankenbaker@xxxxxxxxxx
                CC: paul.blankenbaker@xxxxxxxxxx


This is similar to bug #1026, however it involves Wireshark 0.99.3 and
different packet types.

We've run across an issue in the PDML output from tshark v0.99.3
(Linux build) when we include the "-T pdml".

The XML file being created in some circumstances is not valid
(contains illegal characters) and can't be used by standard XML tools
(firefox won't display it and xlstproc won't process it).

The command being run is:

   tshark -t r -r /tmp/badxml.pcap -R 'frame.number == 4' -T pdml

And:

   tshark -t r -r /tmp/badxml.pcap -R 'frame.number == 16' -T pdml

The two .pcap files the result of a previous capture.

The issue appears in the output of the "show" attribute of the
"tcp.analysis.ack_lost_segment" field (in badxml4.pdml) and the
"tcp.analysis.keep_alive" field (in badxml16.pdml).

I will attempt to attach the following files to this bug report:

  badxml.txt - The text of this bug report.
  badxml.pcap - A capture file of a single packet with the problem.
  badxml4.pdml - Frame 4 PDML output (bad show value)
  badxml16.pdml - Frame 16 PDML output (bad show value)

The above files can also be found at:

  http://www.redali.com/bugs/wireshark/pdml/


The following shows the version of tshark I'm running (plus build and OS info):

[root@probe tmp]# tshark -v
TShark 0.99.3

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.10.3, with libpcap 0.9.4, with libz 1.2.3,
with libpcre 6.3, with Net-SNMP 5.3, with ADNS, without Lua.

Running with libpcap version 0.9.4 on Linux 2.6.17-1.2174_FC5.



KEYWORDS (for people searching): pdml, xml, xsl

Thanks for taking a look,
Paul


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.