Ethereal-dev: Re: [Ethereal-dev] RX/AFS dissectors updated

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 27 May 2001 01:05:51 -0700
On Sat, May 26, 2001 at 09:14:00PM -0500, Nathan Neulinger wrote:
> 
> > On frame 65 of "afs.cap", the old dissector listed a bunch of arguments
> > to the give-up-callbacks information, but the new dissector doesn't;
> > does that operation take any arguments, or is the stuff after the opcode
> > just junk?
> 
> Yes, it is supposed to have arguments:
> 
> GiveUpCallBacks(
>   IN  AFSCBFids *Fids_Array,
>   AFSCBs *CallBacks_Array
> ) = 147;
> 
> 
> Should have a file id array, followed by a callback array.

So are the lengths of those arrays 1 byte long, or 4 bytes long?

In the version of "packet-afs-macros.h" before Ronnie Sahlberg's
changes, "OUT_FS_AFSCBFids()" and "OUT_FS_AFSCBs()" did:

                unsigned int j,i; \
                TRUNC(1); \
                j = pntohl(&pd[curoffset]); \
                curoffset += 1; \

which fetches a 4-byte length field, but only bumps the offset by 1
byte.

In Ronnie's version, it does

                j = tvb_get_guint8(tvb, offset); \
                offset += 1; \

which fetches a 1-byte length field, and bumps the offset by 1 byte -
but that doesn't look correct for frame 65.

If, however, we do

                j = tvb_get_ntohl(tvb, offset); \
                offset += 4; \

i.e., fetching a 4-byte length field and bumping the offset by 4 bytes,
that appears to do the right thing, although the "version" value in the
callback is a large number (3309083628) and the "expires" value in the
callback is 1 second after the UNIX Epoch, which seems a bit wrong.

If the lengths are 4 bytes long, "OUT_FS_ViceIds()", "OUT_FS_IPAddrs()",
and "OUT_FS_AFSBulkStats()" might need to be fixed to fetch 4-byte
lengths.