Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PATCH] wireshark: can't decode callback if didn't caught CREATE_SESSION and SETCLIENTID packets before

From: Guy Harris <guy () alum mit edu>
Date: Fri, 11 Jan 2013 14:06:22 -0800

On Jan 11, 2013, at 1:44 AM, fanchaoting <fanchaoting () cn fujitsu com> wrote:


now i found that nfs kernel use 0x40000000 as callback program number.


Which "nfs kernel"?  The one in OS X uses 0x4E465343, at least in Mountain Lion.

The NFSv4 specification (RFC 3530) does *NOT* say "0x40000000 is the callback program number", it says "There is no 
predefined RPC program number for the NFS4_CALLBACK program.", so Wireshark *MUST NOT* assume that it is 0x40000000.

It's probably OK for it to assume that it is *one of the possible* callback program numbers, although it would probably 
be better if it were to have the callback program number as a preference that defaults to 0x40000000 (which Solaris 
also appears to use), but it is *NOT* OK to get rid of the code that sets up the callback when it dissects a packet 
that gives the callback program number:


diff --git a/epan/dissectors/packet-nfs.c b/epan/dissectors/packet-nfs.c
index 63d1019..7b5ec88 100644
--- a/epan/dissectors/packet-nfs.c
+++ b/epan/dissectors/packet-nfs.c
@@ -7979,10 +7979,7 @@ dissect_nfs_cb_client4(tvbuff_t *tvb, int offset, proto_tree *tree)
{
      proto_tree *cb_location = NULL;
      proto_item *fitem = NULL;
-     int cbprog;

-     cbprog = tvb_get_ntohl(tvb, offset);
-     reg_callback(cbprog);
      offset = dissect_rpc_uint32(tvb, tree, hf_nfs_cb_program, offset);
      fitem = proto_tree_add_text(tree, tvb, offset, 0, "cb_location");

@@ -8991,7 +8988,6 @@ dissect_nfs_argop4(tvbuff_t *tvb, int offset, packet_info *pinfo,
      proto_tree *ftree = NULL;
      proto_tree *newftree = NULL;
      guint32 string_length;
-     int cbprog;
      const char *name = NULL, *source_name = NULL, *dest_name=NULL;
      const char *opname=NULL;
      guint32 last_fh_hash=0;


        ...


      if (ops > MAX_NFSV4_OPS) {
@@ -9469,8 +9469,6 @@ dissect_nfs_argop4(tvbuff_t *tvb, int offset, packet_info *pinfo,
                      offset = dissect_nfs_create_session_flags(tvb, offset, newftree, 
hf_nfs_create_session_flags_csa);
                      offset = dissect_rpc_chanattrs4(tvb, offset, newftree, "csa_fore_chan_attrs");
                      offset = dissect_rpc_chanattrs4(tvb, offset, newftree, "csa_back_chan_attrs");
-                     cbprog = tvb_get_ntohl(tvb, offset);
-                     reg_callback(cbprog);
                      offset = dissect_rpc_uint32(tvb, newftree, hf_nfs_cb_program, offset);
                      offset = dissect_rpc_secparms4(tvb, offset, newftree);
                      break;


so the changes shown above *MUST NOT* be made to the NFS dissector.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: