[Wireshark-dev] Reassembling Packets need some help plz
Hello, im just writeing my first dissector and i have some problems with the reassembling My prtocoll contain some fields for Snode =ID ,Packetnumber and total packets i get them with snode =tvb_get_guint8(tvb,offset);offset +=1; pnum =tvb_get_guint8(tvb,offset);offset +=1; totalp =tvb_get_guint8(tvb,offset); Example for a packet split into 3 : Snode=12 pnum=1 total=3 Sonde=12 pnum=2 total=3 Snode=12 pnum=3 total=3 the packet consists of an Trans Header, a App Header and Data. IF its fragmented only the frist packet consists auf tran,app and data the other fragments consists only of trans and data. For the reassembled tvb only the data are importent. the lengh of the trans-header r given in a field loh. I think my fragment_add_seq_check function doesnt work right cause everytime i get a 0 returned thx. Code: save_fragmented = pinfo-fragmented; if (totalp 1 pnum=totalp){//check if it has to be reassembled if(pnum==1){ offset2=loh+20;// First packet, Packet with Tran + App Header ,App Header =20 Byte } else{ offset2=loh; // Not First Packet only trans header } if(totalp==pnum){ more_frag=FALSE;}//Total Packet == pnum =Last Packet set more_frags =FALSE else {more_frag=TRUE;} // Not Last Packet =set more_frags=TRUE msg_seqid =snode; msg_num = pnum-1; pinfo-fragmented = TRUE; frag_msg = fragment_add_seq_check(tvb, offset2, pinfo, msg_seqid, // ID for fragments belonging together msg_fragment_table, // list of message fragments msg_reassembled_table, // list of reassembled messages msg_num, // fragment sequence number tvb_length_remaining(tvb, offset2), //fragment length - to the end more_frag); // More Frag printf(%d,(int)frag_msg);// PRINTF wieder raus new_tvb = process_reassembled_data(tvb, offset2, pinfo, Reassembled Message, frag_msg, msg_frag_items, NULL,nos_tree); if (frag_msg) { // Reassembled col_append_str(pinfo-cinfo, COL_INFO, (Message Reassembled)); } else { // Not last packet of reassembled Short Message col_append_fstr(pinfo-cinfo, COL_INFO, (Message fragment %u), msg_num); col_append_fstr(pinfo-cinfo, COL_INFO, (Frag: %u), pinfo-fragmented); col_append_fstr(pinfo-cinfo, COL_INFO, (Visit: %u), pinfo-fd-flags.visited); col_append_fstr(pinfo-cinfo, COL_INFO, (Fragmsg: %d), (int)frag_msg); } if (new_tvb) { // take it all col_append_str(pinfo-cinfo, COL_INFO, (NEW TVB)); //offset=0; //proto_tree_add_item(nos_tree, hf_nos_data, new_tvb, offset, -1, FALSE); next_tvb = new_tvb; } else { // make a new subset next_tvb = tvb_new_subset(tvb, offset2, -1, -1); } } else { // Not fragmented next_tvb = tvb_new_subset(tvb, offset2, -1, -1); } pinfo-fragmented = save_fragmented; ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] OpenSafety bug - how to fix?
Coverity reports the following in CID 1204 against the OpenSafety dissector: 1466firstByte = ( tvb_get_guint8(message_tvb, 0) 1 ); Event missing_parentheses: !firstByte 0x40 is always 0 regardless of the values of its operands (non-specific value). Did you intend to apply '' to firstByte and 64? If so, parentheses would be required to force this interpretation. 1467if ( ( (!firstByte) 0x40 ) != 0x40 ) 1468{ 1469result = opensafety_package_dissector(openSAFETY/SercosIII, sercosiii, 1470FALSE, FALSE, message_tvb, pinfo, tree); 1471} So, should line 1467 read something like this instead?: 1467if ( !((firstByte 0x40) == 0x40) ) Can someone with knowledge of the OpenSafety dissector confirm if this is the right fix? - Chris ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] OpenSafety bug - how to fix?
The fix is correct. Are there any other Coverty hits for openSafety, or just the one? Regards, Roland Am 20.09.2011 um 15:53 schrieb Chris Maynard chris.mayn...@gtech.com: Coverity reports the following in CID 1204 against the OpenSafety dissector: 1466firstByte = ( tvb_get_guint8(message_tvb, 0) 1 ); Event missing_parentheses: !firstByte 0x40 is always 0 regardless of the values of its operands (non-specific value). Did you intend to apply '' to firstByte and 64? If so, parentheses would be required to force this interpretation. 1467if ( ( (!firstByte) 0x40 ) != 0x40 ) 1468{ 1469result = opensafety_package_dissector(openSAFETY/SercosIII, sercosiii, 1470FALSE, FALSE, message_tvb, pinfo, tree); 1471} So, should line 1467 read something like this instead?: 1467if ( !((firstByte 0x40) == 0x40) ) Can someone with knowledge of the OpenSafety dissector confirm if this is the right fix? - Chris ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] OpenSafety bug - how to fix?
Roland Knall rknall@... writes: The fix is correct. Are there any other Coverty hits for openSafety, or just the one? Hi Roland, There are 6 in total. Besides 1204, there are these 5 more reported: CID 1215: NULL RETURNS: In stringToBytes(), strtok() could return NULL at line 418, but the return value is not checked against NULL as it is in other places, even further down in the same function at line 427. CID 1224: SIZEOF MISMATCH (2 instances): In dissect_opensafety_ssdo_message() at lines 932 and 951, Coverity reports, suspicious_sizeof: Passing argument sizeof (guint8 *) /*8*/ * payloadSize to function ep_alloc and then casting the return value to guint8 * is suspicious. These 2 seem benign to me and can probably be ignored? CID 1246/1247: FORWARD NULL/REVERSE INULL: In opensafety_package_dissector(), pinfo is checked for being non-NULL at line 1374, implying that it could be NULL; yet it is passed to functions that dereference it before checking against NULL (such as add_new_data_source() at lines 1278 and 1284, call_dissector() at line 1370, etc.) Can pinfo really ever be NULL? If not, the easiest thing to do might be just to remove the check at line 1374. If you could submit a patch fixing all these, it would be appreciated. Thanks, - Chris ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe