Wireshark · Wireshark-dev: [Wireshark-dev] Bug? TPKT length invalid? DIFF

Wireshark-dev: [Wireshark-dev] Bug? TPKT length invalid? DIFF

From: "Wiese, Hendrik" <hendrik.wiese@xxxxxxxxxxx>

Date: Thu, 25 Jan 2007 17:04:22 +0100

Hi there,
 
I think, I've found a bug: the length of a TPKT header evaluated later
is swapped by tvb_get_ntohs() (Wireshark 0.99.6
/epan/dissectors/packet-tpkt.c:193). It only works for us if we re-swap
it with g_htons() just after fetching it from the tvb:

packet-tpkt.c:193: data_len = g_htons(tvb_get_ntohs(tvb, offset + 2));

This makes Wireshark display the value correctly and split several TPKT
packet inside one TCP packet. Other way around the length isn't
displayed correctly (much too high) and further TPKT packets inside a
TCP packet are ignored.

Please have a look at my generated diff-file. Am I right?

----------- zip -------------------------------------

Index: packet-tpkt.c
===================================================================
--- packet-tpkt.c	(revision 20531)
+++ packet-tpkt.c	(working copy)
@@ -190,8 +190,8 @@
 		/*
 		 * Get the length from the TPKT header.
 		 */
-		data_len = tvb_get_ntohs(tvb, offset + 2);
-
+		data_len = g_htons(tvb_get_ntohs(tvb, offset + 2));
+		
 		/*
 		 * Can we do reassembly?
 		 */
 
----------- zip -------------------------------------

Thanks a lot

Bye,
Hendrik

Follow-Ups:
- Re: [Wireshark-dev] Bug? TPKT length invalid? DIFF
  - From: Charles Lepple

Prev by Date: Re: [Wireshark-dev] How to modify hf_register_info hf[] ?
Next by Date: Re: [Wireshark-dev] Bug? TPKT length invalid? DIFF
Previous by thread: Re: [Wireshark-dev] Dissector for Cisco ITP packet logging facility
Next by thread: Re: [Wireshark-dev] Bug? TPKT length invalid? DIFF
Index(es):
- Date
- Thread