Wireshark mailing list archives
Re: Hierarchy of fields & offsets again, more potential offenders
From: "Sultan, Hassan via Wireshark-dev" <wireshark-dev () wireshark org>
Date: Fri, 4 Aug 2017 00:01:04 +0000
-----Original Message----- From: Pascal Quantin [mailto:pascal.quantin () gmail com] Sent: Wednesday, August 02, 2017 12:41 PM To: Developer support list for Wireshark <wireshark-dev () wireshark org> Cc: Sultan, Hassan <sultah () amazon com> Subject: Re: [Wireshark-dev] Hierarchy of fields & offsets again, more potential offenders 2017-08-02 21:24 GMT+02:00 Pascal Quantin <pascal.quantin () gmail com <mailto:pascal.quantin () gmail com> >: Hi Hassan,
[...]
FT_STRING 378 ntlmssp.auth.domain(8) : SUSE FT_UINT16 186 ntlmssp.string.length(2) : 8 VIOLATION 1 : Child ntlmssp.string.length has an offset lower than its parent FT_UINT16 188 ntlmssp.string.maxlen(2) : 8 VIOLATION 1 : Child ntlmssp.string.maxlen has an offset lower than its parent FT_UINT32 190 ntlmssp.string.offset(4) : 220 VIOLATION 1 : Child ntlmssp.string.offset has an offset lower than its parent It looks like some fields describing the string position (and present before the string) were put in a subtree of the string. Whether this is to improve readability is left to someone knowing NTLM Server Challenge protocol (so not me).
I just submitted https://code.wireshark.org/review/#/c/22937/ to turn the parent field of NTLMSSP strings to FT_NONE, while still providing visually the same information in the same way and having the FT_NONE cover the length/maxlen/offset only. Let me know what you guys think. Thanks, Hassan ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Hierarchy of fields & offsets again, more potential offenders, (continued)
- Re: Hierarchy of fields & offsets again, more potential offenders Sultan, Hassan via Wireshark-dev (Aug 02)
- Re: Hierarchy of fields & offsets again, more potential offenders Sultan, Hassan via Wireshark-dev (Aug 07)
- Re: Hierarchy of fields & offsets again, more potential offenders Alexis La Goutte (Aug 08)
- Re: Hierarchy of fields & offsets again, more potential offenders Sultan, Hassan via Wireshark-dev (Aug 08)
- Re: Hierarchy of fields & offsets again, more potential offenders Pascal Quantin (Aug 09)
- Re: Hierarchy of fields & offsets again, more potential offenders Alexis La Goutte (Aug 09)
- Re: Hierarchy of fields & offsets again, more potential offenders Pascal Quantin (Aug 09)
- Re: Hierarchy of fields & offsets again, more potential offenders Stig Bjørlykke (Aug 10)
- Message not available
- Re: Hierarchy of fields & offsets again, more potential offenders Pascal Quantin (Aug 10)
- Re: Hierarchy of fields & offsets again, more potential offenders Sultan, Hassan via Wireshark-dev (Aug 11)
- Re: Hierarchy of fields & offsets again, more potential offenders Sultan, Hassan via Wireshark-dev (Aug 03)