Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Need advice on modifying tvb

From: Beth <beth.tridium () gmail com>
Date: Mon, 7 Dec 2009 13:47:32 -0500
Returning to this issue once more, where I am dissecting packets that wrap
an 802.15.4 frame in another protocol, but the outer protocol handles the
FCS field.

 I am passing the inner frame to the "wpan_nofcs" dissector, which works
perfectly for all frame types *except* Ack.  When it dissects an 802.15.4
Ack, I get the (non-fatal) error "Unexpected payload in acknowledgement".

I looked at the code for the nofcs dissector, and the first thing it does is
call tvb_new_subset to create a new tvb with the length artificially
increased by the size of FCS_LEN (i.e. 2 bytes).  Which un-does all my
effort to remove those bytes in the first place!

For most 802.15.4 frame types, the extra two bytes are passed to the Data
dissector, which makes for a messy display but no error is reported.  But
since the 802.15.4 common code specifically checks Ack frames for extra
bytes, I get an error where there should be none.

The comments in the code indicate that someone added the two bytes for a
very good reason, but I can't figure out what they mean.  If there is "no"
FCS, why would you expand the buffer by two bytes as if there were one?
Only reason I can think of is that there is common code that calculates some
offset from the end of the buffer, but in that case there needs to be some
way for the common code to know that the extra two bytes don't need to be
processed.

What I am trying to figure out now is whether there is something missing
from the 802.15.4 dissector that needs to be fixed, or whether I'm lacking
in understanding and need to change my code somehow to avoid this error.

Is there anyone familiar with the 802.15.4 dissector who could advise me?

Thank you,
b.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: