Wireshark-bugs: [Wireshark-bugs] [Bug 2281] New: PDML syntax error for ICMP packets
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 19 Feb 2008 12:52:18 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2281

           Summary: PDML syntax error for ICMP packets
           Product: Wireshark
           Version: 0.99.7
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: gkrames@xxxxxxx



Gerfl <gkrames@xxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1471|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=1471)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1471)
Proposed patch (altered print.c)

Build Information:
Built under Linux from  0.99.7 source distribution
The problem exists also in earlier versions, but it is masked behind another
difference.
--
Each ICMP (ping) packet will be written with 2 closing "</proto>" tags, which
breaks the well-formedness of the PDML file.

Steps to reproduce:
1) Capture arbitrary traffic with ICMP packets created by ping command.
2) Export to PDML
3) Use XML tool to check well-formedness of the PDML file. Or review manually.

Analysis:
It seems that in print.c, the special treatment of the "data" 
protocol is not considering the creation of the closing XML tags.
In version 0.99.7, thsark uses "data.data" for ICMP, which causes the problem
to pop up.
In version 0.99.6, not "data.data" is written, and thus there is no problem
(though it should be demonstratable with other protocols).


Proposed solution: Fix the logic in print.c (around line 425). 
Works fine for me, but not tested with other protocols.

diff print.c.0_99_7 print.c
425c425,429
<               for (i = -1; i < pdata->level; i++) {
---
>               if (fi->hfinfo->id == proto_data) {
>                   /* do nothing, see above. */
>               }
>               else {
>                   for (i = -1; i < pdata->level; i++) {
427,428c431,432
<               }
<               if (fi->hfinfo->type == FT_PROTOCOL) {
---
>                   }
>                   if (fi->hfinfo->type == FT_PROTOCOL) {
430,431c434,435
<               }
<               else {
---
>                   }
>                   else {
432a437
>                   }


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.