Wireshark-dev: Re: [Wireshark-dev] [PATCH] wireshark: can't decode callback if didn't caught CR
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: fanchaoting <fanchaoting@xxxxxxxxxxxxxx>
Date: Mon, 14 Jan 2013 13:16:44 +0800
Guy Harris 写道:
> On Jan 11, 2013, at 1:44 AM, fanchaoting <fanchaoting@xxxxxxxxxxxxxx> wrote:
> 
>> now i found that nfs kernel use 0x40000000 as callback program number.
> 
> Which "nfs kernel"?  The one in OS X uses 0x4E465343, at least in Mountain Lion.
> 
> The NFSv4 specification (RFC 3530) does *NOT* say "0x40000000 is the callback program number", it says "There is no predefined RPC program number for the NFS4_CALLBACK program.", so Wireshark *MUST NOT* assume that it is 0x40000000.
> 
> It's probably OK for it to assume that it is *one of the possible* callback program numbers, although it would probably be better if it were to have the callback program number as a preference that defaults to 0x40000000 (which Solaris also appears to use), but it is *NOT* OK to get rid of the code that sets up the callback when it dissects a packet that gives the callback program number:
> 

thanks , but i think maybe it have some other ways to solve this problem.


>> diff --git a/epan/dissectors/packet-nfs.c b/epan/dissectors/packet-nfs.c
>> index 63d1019..7b5ec88 100644
>> --- a/epan/dissectors/packet-nfs.c
>> +++ b/epan/dissectors/packet-nfs.c
>> @@ -7979,10 +7979,7 @@ dissect_nfs_cb_client4(tvbuff_t *tvb, int offset, proto_tree *tree)
>> {
>> 	proto_tree *cb_location = NULL;
>> 	proto_item *fitem = NULL;
>> -	int cbprog;
>>
>> -	cbprog = tvb_get_ntohl(tvb, offset);
>> -	reg_callback(cbprog);
>> 	offset = dissect_rpc_uint32(tvb, tree, hf_nfs_cb_program, offset);
>> 	fitem = proto_tree_add_text(tree, tvb, offset, 0, "cb_location");
>>
>> @@ -8991,7 +8988,6 @@ dissect_nfs_argop4(tvbuff_t *tvb, int offset, packet_info *pinfo,
>> 	proto_tree *ftree = NULL;
>> 	proto_tree *newftree = NULL;
>> 	guint32 string_length;
>> -	int cbprog;
>> 	const char *name = NULL, *source_name = NULL, *dest_name=NULL;
>> 	const char *opname=NULL;
>> 	guint32 last_fh_hash=0;
> 
> 	...
> 
>> 	if (ops > MAX_NFSV4_OPS) {
>> @@ -9469,8 +9469,6 @@ dissect_nfs_argop4(tvbuff_t *tvb, int offset, packet_info *pinfo,
>> 			offset = dissect_nfs_create_session_flags(tvb, offset, newftree, hf_nfs_create_session_flags_csa);
>> 			offset = dissect_rpc_chanattrs4(tvb, offset, newftree, "csa_fore_chan_attrs");
>> 			offset = dissect_rpc_chanattrs4(tvb, offset, newftree, "csa_back_chan_attrs");
>> -			cbprog = tvb_get_ntohl(tvb, offset);
>> -			reg_callback(cbprog);
>> 			offset = dissect_rpc_uint32(tvb, newftree, hf_nfs_cb_program, offset);
>> 			offset = dissect_rpc_secparms4(tvb, offset, newftree);
>> 			break;
> 
> so the changes shown above *MUST NOT* be made to the NFS dissector.
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> 
>