Wireshark-dev: Re: [Wireshark-dev] Iteration in dissectors?

From: Tyson Key <tyson.key@xxxxxxxxx>
Date: Sun, 22 Jan 2012 21:41:31 +0000
Thanks Chris,

If I remember correctly, apart from an annoying, misleading "malformed
packet" error, I eventually managed to dump all of the block IDs (1-4)
using either :

/* Start counting from 13 */
	     for (rwe_pos = 13; rwe_pos < tvb_get_guint8(tvb, 13); rwe_pos+=2) {
	       proto_tree_add_item(felica_tree, hf_felica_block_nbr, tvb,
rwe_pos+1, 1, ENC_BIG_ENDIAN);
	     }

or

/* Start counting from 13 */
	     for (rwe_pos = 13; rwe_pos < tvb_get_guint8(tvb, 12); rwe_pos+=2) {
	       proto_tree_add_item(felica_tree, hf_felica_block_nbr, tvb,
rwe_pos+1, 1, ENC_BIG_ENDIAN);
	     }

I've found that removing the extraneous "+1" from that code will cause
all of the IDs to be "128" (which is incorrect) - so it's probably
just a case of trying to break the loop at the right time.

For what it's worth, this also seems to work (with caveats):

            /* Start counting from 13 */
             for (rwe_pos = 13; tvb_get_guint8(tvb, 12) < rwe_pos; rwe_pos+=2) {
	       printf (rwe_pos);
	
               proto_tree_add_item(felica_tree, hf_felica_block_nbr,
tvb, rwe_pos+1, 1, ENC_BIG_ENDIAN);
             }

In that case, I see the following error messages on stdout:

21:01:04          Warn Dissector bug, protocol FeliCa, in packet 5:
More than 1000000 items in the tree -- possible infinite loop
21:01:04          Warn Dissector bug, protocol FeliCa, in packet 8:
More than 1000000 items in the tree -- possible infinite loop

After trying your initial examples, and doing some of my own
experimentation, I've came to the conclusion that I can either
"successfully fail" and obtain all of the block IDs along with an
error message; or "fail successfully" and obtain nothing - since the
conditions being tested are contradictory (e.g. the number of blocks
is less than the position - therefore, we don't move the cursor).

Tyson.

On 22 January 2012 18:16, Chris Maynard <Chris.Maynard@xxxxxxxxx> wrote:
> Tyson Key <tyson.key@...> writes:
>
>> My (partially working) iteration code looks like:
>>
>>            /* Start counting from 13 */
>>            for (rwe_pos = 13; rwe_pos < tvb_get_guint8(tvb, 13); rwe_pos++) {
>>              proto_tree_add_item(felica_tree, hf_felica_block_nbr, tvb,
>> rwe_pos + 1, 1, ENC_BIG_ENDIAN);
>>            }
>
> How about something like this:
>
>    /* Start counting from 14 */
>    for (rwe_pos = 14; rwe_pos < tvb_get_guint8(tvb, 12); rwe_pos+=2) {
>        proto_tree_add_item(felica_tree, hf_felica_block_nbr, tvb, rwe_pos, 1,
> ENC_BIG_ENDIAN);
>    }
>
> ... or if you want the 0x80 byte highlighted as part of the block number
> (instead of skipping it), then do something like:
>
>    /* Start counting from 13 */
>    for (rwe_pos = 13; rwe_pos < tvb_get_guint8(tvb, 12); rwe_pos+=2) {
>        proto_tree_add_uint(felica_tree, hf_felica_block_nbr, tvb, rwe_pos, 2,
> tvb_get_guint8(tvb, rwe_pos + 1));
>    }
>
> - Chris
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



-- 
                                          Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844