Ethereal-dev: Re: [Ethereal-dev] New release rush - small patch for packet-dcerpc.c, big patch

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Yaniv Kaul <ykaul@xxxxxxxxxxxx>
Date: Wed, 22 Oct 2003 23:50:24 +0200
Regarding the version field - I suspect there's a difference between version 11 and version 9 of the protocol, where in version 11 the version field 2 bytes long, and in version 9 it's 4 bytes. I'd be glad if others could check captures and verify that. 

Guy Harris wrote:



On Oct 22, 2003, at 4:52 AM, Yaniv Kaul wrote:
3. Small patch for packet-ymsg.c, which: (1) Removes the check on 3 ports only - since Yahoo! Messenger can stream on any port and (2) removes the check that will not dissect if the packet is not big enough - as partial dissection is also helpful sometimes.
The check still has to require the packet to be at least 4 bytes long, so that it can check that the packet begins with "YMSG".
I changed it to use "tvb_memeql()", which returns -1 rather than throwing an exception, if there aren't enough bytes in the packet to match the value passed in.
Also, it (3) changes the length of the "ymsg.version" field to 2 bytes - but it still increases the offset by 4 bytes; what are the two bytes following the version field?