Wireshark mailing list archives
Re: Exported PUD proto_name
From: Dario Lombardo <dario.lombardo.ml () gmail com>
Date: Fri, 26 Aug 2016 10:14:13 +0200
It seems that it prevents the dissection of exported payloads if proto_name is disaligned. Alexis is experiencing that during the testing of udpdump. Maybe he can clarify where the problem is so we can work on it. AFAIK, he's using aruba_erm as proto_name in udpdump, but this is changed into "aruba_erm\x00\x00\x00" that is not matched by the dissectors table. Alexis, did I get the point? On Fri, Aug 26, 2016 at 10:05 AM, Pascal Quantin <pascal.quantin () gmail com> wrote:
Hi Dario, 2016-08-26 10:02 GMT+02:00 Dario Lombardo <dario.lombardo.ml () gmail com>:Hi, I'm looking into the code of exported_pdu.c and specifically into export_pdu_create_tags(). The first tag it creates is the tag with proto_name. The piece of code that I don't understand is /* Start by computing size of protocol name as a tag */ proto_str_len = (int)strlen(proto_name); /* Ensure that tag length is a multiple of 4 bytes */ proto_tag_len = ((proto_str_len + 3) & 0xfffffffc); /* Add Tag + length */ tag_buf_size += (proto_tag_len + 4); [...] exp_pdu_data->tlv_buffer = (guint8 *)g_malloc0(tag_buf_size); Basically, the buffer to store the proto_name tag must be multiple of 4 bytes. This means that if I use "data", I have "data", but if I use "data1" I have "data1\x00\x00\x00". What's the rationale behind this? Why is the alignment to 4 bytes required?This is inspired by the pcapng specification. You have a complete description of the TLV format used in epan/exported_pdu.h Pascal. ____________________________________________________________ _______________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject= unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Exported PUD proto_name Dario Lombardo (Aug 26)
- Re: Exported PUD proto_name Pascal Quantin (Aug 26)
- Re: Exported PUD proto_name Dario Lombardo (Aug 26)
- Re: Exported PUD proto_name Pascal Quantin (Aug 26)
- Re: Exported PUD proto_name Dario Lombardo (Aug 26)
- Re: Exported PUD proto_name Dario Lombardo (Aug 29)
- Re: Exported PUD proto_name Pascal Quantin (Aug 29)
- Re: Exported PUD proto_name Dario Lombardo (Aug 29)
- Re: Exported PUD proto_name Anders Broman (Aug 29)
- Re: Exported PUD proto_name Dario Lombardo (Aug 26)
- Re: Exported PUD proto_name Pascal Quantin (Aug 26)