Wireshark mailing list archives

Re: Hierarchy of fields & offsets again, more potential offenders

From: "Sultan, Hassan via Wireshark-dev" <wireshark-dev () wireshark org>
Date: Fri, 4 Aug 2017 00:01:04 +0000

-----Original Message-----
From: Pascal Quantin [mailto:pascal.quantin () gmail com]
Sent: Wednesday, August 02, 2017 12:41 PM
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Cc: Sultan, Hassan <sultah () amazon com>
Subject: Re: [Wireshark-dev] Hierarchy of fields & offsets again, more potential
offenders



2017-08-02 21:24 GMT+02:00 Pascal Quantin <pascal.quantin () gmail com
<mailto:pascal.quantin () gmail com> >:


      Hi Hassan,

[...]

                                               FT_STRING 378 ntlmssp.auth.domain(8) :
SUSE
                                                       FT_UINT16 186 ntlmssp.string.length(2) :
8
              VIOLATION 1 : Child ntlmssp.string.length has an offset lower
than its parent
                                                       FT_UINT16 188 ntlmssp.string.maxlen(2)
: 8
              VIOLATION 1 : Child ntlmssp.string.maxlen has an offset lower
than its parent
                                                       FT_UINT32 190 ntlmssp.string.offset(4) :
220
              VIOLATION 1 : Child ntlmssp.string.offset has an offset lower
than its parent



      It looks like some fields describing the string position (and present
before the string) were put in a subtree of the string. Whether this is to improve
readability is left to someone knowing NTLM Server Challenge protocol (so not
me).


I just submitted https://code.wireshark.org/review/#/c/22937/ to turn the parent field of NTLMSSP strings to FT_NONE, 
while still providing visually the same information in the same way and having the FT_NONE cover the 
length/maxlen/offset only. Let me know what you guys think.

Thanks,

Hassan
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Hierarchy of fields & offsets again, more potential offenders, (continued)
- - - Re: Hierarchy of fields & offsets again, more potential offenders Sultan, Hassan via Wireshark-dev (Aug 02)
    - Re: Hierarchy of fields & offsets again, more potential offenders Sultan, Hassan via Wireshark-dev (Aug 07)
    - Re: Hierarchy of fields & offsets again, more potential offenders Alexis La Goutte (Aug 08)
    - Re: Hierarchy of fields & offsets again, more potential offenders Sultan, Hassan via Wireshark-dev (Aug 08)
    - Re: Hierarchy of fields & offsets again, more potential offenders Pascal Quantin (Aug 09)
    - Re: Hierarchy of fields & offsets again, more potential offenders Alexis La Goutte (Aug 09)
    - Re: Hierarchy of fields & offsets again, more potential offenders Pascal Quantin (Aug 09)
    - Re: Hierarchy of fields & offsets again, more potential offenders Stig Bjørlykke (Aug 10)
    - Message not available
    - Re: Hierarchy of fields & offsets again, more potential offenders Pascal Quantin (Aug 10)
    - Re: Hierarchy of fields & offsets again, more potential offenders Sultan, Hassan via Wireshark-dev (Aug 11)
    - Re: Hierarchy of fields & offsets again, more potential offenders Sultan, Hassan via Wireshark-dev (Aug 03)