|
Guy,
The following logic within the dissect_ping_req function
processes the ping request packet. It evalutates the length of the packet to
determine if it is an NDS version 9 or version 10 request. The reply packet has
conditional return values based upon the flags in the NDS 10 request. NDS 9
always returns a fixed length field in the reply packet.
case
NCP_SERVICE_REQUEST:
proto_tree_add_uint_format(ncp_tree, hf_ncp_func, tvb,
6, 1,
func, "Function: %d (0x%02X),
%s",
func,
func, ncp_rec ? ncp_rec->name :
"Unknown");
proto_tree_add_uint_format(ncp_tree, hf_ncp_subfunc,
tvb, 7, 1,
subfunc, "SubFunction: %d
(0x%02x)",
subfunc,
subfunc);
proto_tree_add_uint_format(ncp_tree, hf_nds_version,
tvb, 8, 4,
nds_version, "NDS Version:
(0x%x)",
nds_version);
length_remaining =
tvb_length_remaining(tvb,
8);
if (length_remaining > 6) <--NDS 10 packet
Greg Morris gmorris@xxxxxxxxxxNovell Technical
Support (WSS/GRT Client) Novell, Inc., the leading provider of Net services
software >>> Guy Harris <gharris@xxxxxxxxx> 10/10/02 02:16PM
>>> On Thu, Oct 10, 2002 at 09:26:33AM -0600, Greg Morris
wrote: > Unfortunately this was acurate until NDS version 10. In the case
of NDS > version 10 there are additional flags in the request packet.
These flags > have to be trapped in order to correctly dissect the reply
packet. This > was the reason for the additional decodes after the func,
subfunc > disection for NDS ping packets. Then you need to modify
the dissector to determine the NDS version - either by looking at a field in
the packet, or by seeing how long the packet is - and skip all the additional
dissection for pre-V10
packets. _______________________________________________ Ethereal-dev
mailing list Ethereal-dev@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-dev | 
