Wireshark-dev: Re: [Wireshark-dev] [PATCH] wireshark: can't decode callback if didn't caught CR

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 11 Jan 2013 14:06:22 -0800
On Jan 11, 2013, at 1:44 AM, fanchaoting <fanchaoting@xxxxxxxxxxxxxx> wrote:

> now i found that nfs kernel use 0x40000000 as callback program number.

Which "nfs kernel"?  The one in OS X uses 0x4E465343, at least in Mountain Lion.

The NFSv4 specification (RFC 3530) does *NOT* say "0x40000000 is the callback program number", it says "There is no predefined RPC program number for the NFS4_CALLBACK program.", so Wireshark *MUST NOT* assume that it is 0x40000000.

It's probably OK for it to assume that it is *one of the possible* callback program numbers, although it would probably be better if it were to have the callback program number as a preference that defaults to 0x40000000 (which Solaris also appears to use), but it is *NOT* OK to get rid of the code that sets up the callback when it dissects a packet that gives the callback program number:

> diff --git a/epan/dissectors/packet-nfs.c b/epan/dissectors/packet-nfs.c
> index 63d1019..7b5ec88 100644
> --- a/epan/dissectors/packet-nfs.c
> +++ b/epan/dissectors/packet-nfs.c
> @@ -7979,10 +7979,7 @@ dissect_nfs_cb_client4(tvbuff_t *tvb, int offset, proto_tree *tree)
> {
> 	proto_tree *cb_location = NULL;
> 	proto_item *fitem = NULL;
> -	int cbprog;
> 
> -	cbprog = tvb_get_ntohl(tvb, offset);
> -	reg_callback(cbprog);
> 	offset = dissect_rpc_uint32(tvb, tree, hf_nfs_cb_program, offset);
> 	fitem = proto_tree_add_text(tree, tvb, offset, 0, "cb_location");
> 
> @@ -8991,7 +8988,6 @@ dissect_nfs_argop4(tvbuff_t *tvb, int offset, packet_info *pinfo,
> 	proto_tree *ftree = NULL;
> 	proto_tree *newftree = NULL;
> 	guint32 string_length;
> -	int cbprog;
> 	const char *name = NULL, *source_name = NULL, *dest_name=NULL;
> 	const char *opname=NULL;
> 	guint32 last_fh_hash=0;

	...

> 	if (ops > MAX_NFSV4_OPS) {
> @@ -9469,8 +9469,6 @@ dissect_nfs_argop4(tvbuff_t *tvb, int offset, packet_info *pinfo,
> 			offset = dissect_nfs_create_session_flags(tvb, offset, newftree, hf_nfs_create_session_flags_csa);
> 			offset = dissect_rpc_chanattrs4(tvb, offset, newftree, "csa_fore_chan_attrs");
> 			offset = dissect_rpc_chanattrs4(tvb, offset, newftree, "csa_back_chan_attrs");
> -			cbprog = tvb_get_ntohl(tvb, offset);
> -			reg_callback(cbprog);
> 			offset = dissect_rpc_uint32(tvb, newftree, hf_nfs_cb_program, offset);
> 			offset = dissect_rpc_secparms4(tvb, offset, newftree);
> 			break;

so the changes shown above *MUST NOT* be made to the NFS dissector.