Ethereal-dev: [ethereal-dev] LLC/xdlc bug

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Gilbert Ramirez <gram@xxxxxxxxxx>
Date: Sun, 26 Sep 1999 00:11:05 -0500
I'm working on a dissector for SNA, and I've encounted an off-by-one
problem in dissect_llc().

The frame I'm decoding has an "extended" LLC control field; 2 bytes
of control field instead of one. (4 bytes of LLC instead of 3)
Line 258 in packet-llc.c assumes that is extended, which is true.

<aside>
It's kind of funny the way it works-- LLC is shown as occupying 3 bytes
in the hex dump when highlighting "Logical-Link Control" in the protocol tree.
But when highlighting "Control Field", two bytes, one extending beyond
the LLC byte range, is highlighted in the hex dump.
</aside>

The code on line 298 in packet-llc.c adds 3 bytes to the offset and
then calls the next dissect function. In my case, it should have added
4, since the Control Field is extended.

Am I reasoning correctly? Can I just change line 298 to add 4 to the
offset?

Attached is the gzipped (thanks Ashok!) Sniffer file. Frame 8 shows
this, although it will call dissect_data() in all copies of ethereal
except mine (where I have a nascent dissect_sna() ).

--gilbert