Wireshark mailing list archives
Re: working with header data
From: Ed Beroset <beroset () mindspring com>
Date: Fri, 14 Oct 2011 17:05:20 -0400
Guy Harris wrote:
On Oct 14, 2011, at 1:16 PM, Ed Beroset wrote:I did two earlier versions of the code that did something like that. One version used knowledge of what the tags are and recalculated the length based on the length of the tvb. The other one looked attempted to verify that the expected tag really was the expected number of bytes ahead of the data. Both versions seemed messy and complex to me.So why does not a #.FN_BODY such as int start_offset = offset; int length; $(DEFAULT_BODY) length = offset - start_offset; <copy "length" bytes of stuff starting at "start_offset"> work? No need to know what the tags are, no need to verify anything, from what I can see.
I understand what you mean, and will experiment. If I can work through the filter issue, and it works, then this could be a viable replacement.
if (PNODE_FINFO(tree)->hfinfo->id == hf_c1222_user_information) pkt_tree = proto_item_get_parent_nth(tree, 2); else return FALSE;None of that has anything to do with adding hf_c1222_crypto_good to the protocol tree, which is what is relevant for making a "c1222.crypto_good" field work; where is the code that adds that to the tree?
It does, but it's a bit indirect. If the call to that function returns false, it's an indication that the encryption validation failed for some reason.
The *displayed* values for parsed packets are all correct,Where is the "c1222.crypto_good" field displayed in the protocol tree?
It's around line 889 of packet-c1222-template.c and is only populated if the packet has a Message Authentication Code (MAC) which is part of how the cryptography verifies the integrity of the message.
if (hasmac) { if (tvb_offset_exists(epsem_buffer, local_offset+4-1)) {yt = proto_tree_add_item(tree, hf_c1222_epsem_mac, epsem_buffer, local_offset, 4, ENC_NA);
/* now we have enough information to fill in the crypto subtree */ crypto_tree = proto_item_add_subtree(yt, ett_c1222_crypto);item = proto_tree_add_boolean(crypto_tree, hf_c1222_epsem_crypto_good, tvb, local_offset, 4, crypto_good);
PROTO_ITEM_SET_GENERATED(item);item = proto_tree_add_boolean(crypto_tree, hf_c1222_epsem_crypto_bad, tvb, local_offset, 4, crypto_bad);
PROTO_ITEM_SET_GENERATED(item); } else {expert_add_info_format(pinfo, tree, PI_MALFORMED, PI_ERROR, "C12.22 MAC missing");
return offset+len; } } Ed ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- working with header data Ed Beroset (Oct 14)
- Re: working with header data Guy Harris (Oct 14)
- Re: working with header data Ed Beroset (Oct 14)
- Re: working with header data Guy Harris (Oct 14)
- Re: working with header data Ed Beroset (Oct 14)
- Re: working with header data Guy Harris (Oct 17)
- Re: working with header data Ed Beroset (Oct 17)
- Re: working with header data Ed Beroset (Oct 14)
- Re: working with header data Guy Harris (Oct 14)