headers
Jakub Zawadzki | 1 Jun 2010 13:20

Re: [Wireshark-commits] rev 32929 - (ENC_*_ENDIAN vs FI_*_ENDIAN)

Hi,

> -       FI_SET_FLAG(new_fi, (little_endian) ? FI_LITTLE_ENDIAN : FI_BIG_ENDIAN);
> +       /*
> +        * XXX - this should just check the REP_*_ENDIAN bit, with
> +        * those fields for which we treat any non-zero value of
> +        * "encoding" checking the rest of the bits.
> +        */
> +       FI_SET_FLAG(new_fi, (encoding) ? FI_LITTLE_ENDIAN : FI_BIG_ENDIAN);

I'm not sure if I understand this comment properly...

I could instead of using (FI_LITTLE_ENDIAN, FI_BIG_ENDIAN) use (ENC_LITTLE_ENDIAN, ENC_BIG_ENDIAN, ENC_NA),
and do FI_SET_FLAG(new_fi, encoding) (if it is what comment suggest)

but ENC_LITTLE_ENDIAN should have different value than ENC_NA
 (preferably ENC_LITTLE_ENDIAN != 0)

I know there's big problem with it, cause many dissectors are
using encoding as little_endian (with TRUE/FALSE values)

The easiest case when TRUE/FALSE is implicit used:
#v+
 $ grep -Ir '\<ptvcursor_add\>' ./ |egrep 'FALSE|TRUE'
 325
 $ grep -Ir '\<proto_tree_add_item\>' ./ |egrep 'FALSE|TRUE' | wc -l
 16257
 $ grep -Ir '\<ptvcursor_add_no_advance\>' ./ |egrep 'FALSE|TRUE' | wc -l
 90
#v-
(Continue reading)

Permalink | Reply | 2 comments |
headers
Thierry Emmanuel | 1 Jun 2010 16:16
Favicon

Machine-readable dissector errors

Hello,

 

I’m developing a probe designed to monitor bad and malformed packets on a network, so I plan to use epan as an independant library, without wireshark or tshark interface.

Here is the question : Is there a way to retrieve errors generated by dissectors under a more machine-readable representation ? I have seen this is possible for ip checksum thanks to the ip.checksum_good and ip.checksum_bad epan dissect tree elements, but what about other errors ?

 

Am I forced to parse each epan dissect tree element to seek for dissector generated errors ?

 

Best regards.

 

Emmanuel Thierry

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Guy Harris | 1 Jun 2010 20:19
Picon
Favicon

Re: [Wireshark-commits] rev 32929 - (ENC_*_ENDIAN vs FI_*_ENDIAN)


On Jun 1, 2010, at 4:20 AM, Jakub Zawadzki wrote:

> Hi,
> 
>> -       FI_SET_FLAG(new_fi, (little_endian) ? FI_LITTLE_ENDIAN : FI_BIG_ENDIAN);
>> +       /*
>> +        * XXX - this should just check the REP_*_ENDIAN bit, with
>> +        * those fields for which we treat any non-zero value of
>> +        * "encoding" checking the rest of the bits.
>> +        */
>> +       FI_SET_FLAG(new_fi, (encoding) ? FI_LITTLE_ENDIAN : FI_BIG_ENDIAN);
> 
> I'm not sure if I understand this comment properly...
> 
> I could instead of using (FI_LITTLE_ENDIAN, FI_BIG_ENDIAN) use (ENC_LITTLE_ENDIAN, ENC_BIG_ENDIAN, ENC_NA),
> and do FI_SET_FLAG(new_fi, encoding) (if it is what comment suggest)

That's not what it suggests.  The FI_

It suggests doing

	FI_SET_FLAG(new_fi, (encoding & ENC_LITTLE_ENDIAN) ? FI_LITTLE_ENDIAN : FI_BIG_ENDIAN);

instead of

	FI_SET_FLAG(new_fi, (encoding) ? FI_LITTLE_ENDIAN : FI_BIG_ENDIAN);

"Should", in this context, means "in the best of all possible worlds, this is what would be done", not "do
this now".  Perhaps we'll be able to do it for 1.6, but it's not something for 1.4.

> but ENC_LITTLE_ENDIAN should have different value than ENC_NA
> (preferably ENC_LITTLE_ENDIAN != 0)

It *does* have a different value, because it *is* != 0:

$ egrep ENC_ epan/proto.h
 * So, for now, we define ENC_BIG_ENDIAN and ENC_LITTLE_ENDIAN as
 * the same.  We therefore define ENC_BIG_ENDIAN as 0x00000000 and
 * ENC_LITTLE_ENDIAN as 0x80000000 - we're using the high-order bit
 * have ENC_NA (for "Not Applicable").
#define ENC_BIG_ENDIAN		0x00000000
#define ENC_LITTLE_ENDIAN	0x80000000
#define ENC_NA			0x00000000

Note the "8" after the "0x".

> I know there's big problem with it, cause many dissectors are
> using encoding as little_endian (with TRUE/FALSE values)

That's why no code in the libwireshark core tests the ENC_LITTLE_ENDIAN bit - it just tests whether the
encoding field is zero or non-zero.  It is tested as a bit in the CIGI and MQ dissectors, but those dissectors
are now using ENC_BIG_ENDIAN and ENC_LITTLE_ENDIAN rather than their own homegrown #defines in place of
TRUE and FALSE.

> (I'm unsure if you want to break API/ABI)

Not for 1.4.

> It's quite big change so I think we should wait till 1.5 branch,

For 1.4 my main goals were to

	1) get people to start using the new #defines in new dissectors, so we can move away from just "big-endian/little-endian";

	2) get people to stop adding their own #defines (the fact that several dissectors had their own #defines
for the endianness argument suggests that at least some people wanted something that made it a bit clearer
whether the field was big-endian or little-endian than TRUE or FALSE - and the BSSGP dissector indicates
that a little clarity helps; see the comment early in the dissector).

> anyway if we want to make so big change maybe we could put encoding in header_field_info?

That's one thing I was considering - for 1.6.  Fields in *most* protocols have a standard representation, so
it could be convenient to have the encoding there and have a new proto_add_item_default_encoding() (or
whatever) that takes no encoding argument; proto_tree_add_item() would override whatever encoding
would be inferred from the header_field_info.

> Btw. what about proto_tree_add_bitmask*()? 
> It still has: (gboolean little_endian) instead of encoding, do you plan to change it?

At some point.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |
headers
Stephen Fisher | 1 Jun 2010 20:34

Re: Change new_packet_list to old_packet_list

On Thu, May 27, 2010 at 12:01:22PM +0200, Jaap Keuter wrote:

> Now that the New Packet List feature is the default for a while, and 
> is likely to become the default for the 1.4 branch, wouldn't it be 
> better to change the version info to report ", with old_packet_list" 
> if so configured during build?

Good idea.  I have made the change in svn rev 33035.

--

-- 
Steve
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Jakub Zawadzki | 1 Jun 2010 20:51

Re: [Wireshark-commits] rev 32929 - (ENC_*_ENDIAN vs FI_*_ENDIAN)

On Tue, Jun 01, 2010 at 11:19:05AM -0700, Guy Harris wrote:
> > I'm not sure if I understand this comment properly...
> > 
> > I could instead of using (FI_LITTLE_ENDIAN, FI_BIG_ENDIAN) use (ENC_LITTLE_ENDIAN,
ENC_BIG_ENDIAN, ENC_NA),
> > and do FI_SET_FLAG(new_fi, encoding) (if it is what comment suggest)
> 
> That's not what it suggests.  The FI_
> 
> It suggests doing
> 
> 	FI_SET_FLAG(new_fi, (encoding & ENC_LITTLE_ENDIAN) ? FI_LITTLE_ENDIAN : FI_BIG_ENDIAN);
> 
> instead of
> 
> 	FI_SET_FLAG(new_fi, (encoding) ? FI_LITTLE_ENDIAN : FI_BIG_ENDIAN);

Thanks for reply, I was confused what REP_*_ENDIAN bit means.

> > but ENC_LITTLE_ENDIAN should have different value than ENC_NA
> > (preferably ENC_LITTLE_ENDIAN != 0)
> 
> It *does* have a different value, because it *is* != 0:
> 
> $ egrep ENC_ epan/proto.h
>  * So, for now, we define ENC_BIG_ENDIAN and ENC_LITTLE_ENDIAN as
>  * the same.  We therefore define ENC_BIG_ENDIAN as 0x00000000 and
>  * ENC_LITTLE_ENDIAN as 0x80000000 - we're using the high-order bit
>  * have ENC_NA (for "Not Applicable").
> #define ENC_BIG_ENDIAN		0x00000000
> #define ENC_LITTLE_ENDIAN	0x80000000
> #define ENC_NA			0x00000000
> 
> Note the "8" after the "0x".

My bad :) I was thinking about (ENC_BIG_ENDIAN != ENC_NA && ENC_BIG_ENDIAN != 0)
But if encoding value won't be used directly in FI_SET_FLAG() it's not important.

Regards.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Andreas Schuler | 1 Jun 2010 22:27

custom columns in dissector

hi,

i'm writing a dissector and want to use custom columns for displaying some
dynamic generated informations, but when i use
proto_tree_add_none_format() the column remains empty although in the
details the right values will be displayed. other proto_tree_add_... works
but only show the value that comes direct from packet-data, no additional
text etc.

i tried to set static values over the hf_register_info.hf_info.strings,
that works, but sometimes i need different string for different packets in
the same column.

any suggestions ?

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 5 comments |
headers
buildbot | 2 Jun 2010 05:45
Favicon

buildbot failure in Wireshark (development) on Solaris-10-SPARC

The Buildbot has detected a new failure of Solaris-10-SPARC on Wireshark (development).
Full details are available at:
 http://buildbot.wireshark.org/trunk/builders/Solaris-10-SPARC/builds/290

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: solaris-10-sparc

Build Reason: 
Build Source Stamp: 33042
Blamelist: gerald

BUILD FAILED: failed test.sh

sincerely,
 -The Buildbot

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Ian Schorr | 2 Jun 2010 06:01
Picon

Sprintf weirdness

Hello list,

This isn't exactly a Wireshark-specific question, but it's coming up
while I'm working on a dissector, and I'm sure someone here will know
the answer, so...  =)

I'm trying to use sprintf() to append to an existing string with some
formatted text.  Obviously there's several ways to do this, but
sprintf() seemed to be most efficient for the way I'm doing things.  I
end up appending this string to the Info Column later, but that seems
irrelevant.

For example, I have 4 variables:
- string mystring, with value "LOCK"
- guint32 last_fh_hash, with value "2056735708"
- guint64 file_offset, with value 0
- guint64 lock_length, with value 10

The weird thing is that when I do this:

sprintf (mystring, "%s FH: 0x%08x Offset: %lu Length: %lu",
mystring,last_fh_hash,file_offset,lock_length);

...then "mystring" becomes "LOCK FH: 0x7a974bdc Offset: 0 Length: 0".
Length is WRONG.  It is wrong in a very consistent way.

But if I do this:

sprintf (mystring, "%s FH: 0x%08x", mystring,last_fh_hash);
sprintf (mystring, "%s Offset: %u", mystring,file_offset);
sprintf (mystring, "%s Length: %u", mystring,lock_length);

Then the resulting value of mystring is correct.  "LOCK FH: 0x7a974bdc
Offset: 0 Length: 10".  In fact, if I flip the positions of
"file_offset" and "lock_length" then things are fine, regardless of
their values.

It's difficult to reproduce or debug.  I have a number of similar
statements scattered throughout code and each has varying degrees of
strangeness.  Some work properly.  In some cases the values are
actually flipped (one variable printed one place, the other in
another).  In some cases the values are actually empty.  I can't
imagine it has anything to do with the way the string was declared or
memory allocated in the first place, it looks like sprintf() is simply
writing out the wrong values to memory for some reason.

Anybody have any thoughts on why that might be?  I'm assuming I've
done something silly, though having a tough time guessing where.

I haven't tested yet to see if this is something specific to the dev
platform I'm using.  At the moment that's Windows.

Thanks,
Ian
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 10 comments |
headers
Eloy Paris | 2 Jun 2010 06:31

Re: Sprintf weirdness

Hi Ian,

On 06/02/2010 12:01 AM, Ian Schorr wrote:

> Hello list,
>
> This isn't exactly a Wireshark-specific question, but it's coming up
> while I'm working on a dissector, and I'm sure someone here will know
> the answer, so...  =)
>
> I'm trying to use sprintf() to append to an existing string with some
> formatted text.  Obviously there's several ways to do this, but
> sprintf() seemed to be most efficient for the way I'm doing things.  I
> end up appending this string to the Info Column later, but that seems
> irrelevant.
>
> For example, I have 4 variables:
> - string mystring, with value "LOCK"
> - guint32 last_fh_hash, with value "2056735708"
> - guint64 file_offset, with value 0
> - guint64 lock_length, with value 10
>
> The weird thing is that when I do this:
>
> sprintf (mystring, "%s FH: 0x%08x Offset: %lu Length: %lu",
> mystring,last_fh_hash,file_offset,lock_length);
>
> ...then "mystring" becomes "LOCK FH: 0x7a974bdc Offset: 0 Length: 0".
> Length is WRONG.  It is wrong in a very consistent way.
>
> But if I do this:
>
> sprintf (mystring, "%s FH: 0x%08x", mystring,last_fh_hash);
> sprintf (mystring, "%s Offset: %u", mystring,file_offset);
> sprintf (mystring, "%s Length: %u", mystring,lock_length);
>
> Then the resulting value of mystring is correct.  "LOCK FH: 0x7a974bdc
> Offset: 0 Length: 10".  In fact, if I flip the positions of
> "file_offset" and "lock_length" then things are fine, regardless of
> their values.
>
> It's difficult to reproduce or debug.  I have a number of similar
> statements scattered throughout code and each has varying degrees of
> strangeness.  Some work properly.  In some cases the values are
> actually flipped (one variable printed one place, the other in
> another).  In some cases the values are actually empty.  I can't
> imagine it has anything to do with the way the string was declared or
> memory allocated in the first place, it looks like sprintf() is simply
> writing out the wrong values to memory for some reason.
>
> Anybody have any thoughts on why that might be?  I'm assuming I've
> done something silly, though having a tough time guessing where.
>
> I haven't tested yet to see if this is something specific to the dev
> platform I'm using.  At the moment that's Windows.

Just a suggestion: why don't you try to use the PRIxxx macros defined in 
stdint.h? I believe they're pretty portable since they are specified by 
ISO C99.

To use them in the specific example you used, you'd do something like:

#include <stdint.h>

...

sprintf (mystring, "%s FH: 0x%08" PRIx32 " Offset: %" PRIu64 " Length: 
%" PRIu64, mystring,last_fh_hash,file_offset,lock_length);

I think these macros are the best portable way of handling these 
variables that are represented by different basic integer types 
depending on the platform. Worth giving it a try...

Cheers,

Eloy Paris.-
netexpect.org
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |
headers
Guy Harris | 2 Jun 2010 06:44
Picon
Favicon

Re: Sprintf weirdness


On Jun 1, 2010, at 9:01 PM, Ian Schorr wrote:

> The weird thing is that when I do this:
> 
> sprintf (mystring, "%s FH: 0x%08x Offset: %lu Length: %lu",
> mystring,last_fh_hash,file_offset,lock_length);

From ANSI(R) X3.159-1989, American National Standard for Information Systems -- Programming Language
-- C:

	4.9.6.5  The sprintf function

		...

	... If copying takes place between objects that overlap, the behavior is undefined.

Translation: don't do that.

> sprintf (mystring, "%s FH: 0x%08x", mystring,last_fh_hash);
> sprintf (mystring, "%s Offset: %u", mystring,file_offset);
> sprintf (mystring, "%s Length: %u", mystring,lock_length);

Don't do that, either, even if you happen to be lucky enough, on a particular platform, that it happens to do
what you want to do; that's an accident of the sprintf() implementation on the OS/compiler combination
you're using.

If you want to append to a string, make the target of the sprintf the location of the trailing '\0'.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |

Gmane