On Fri, Oct 11, 2002 at 08:30:02AM -0600, Greg Morris wrote:
> The following logic within the dissect_ping_req function processes the
> ping request packet. It evalutates the length of the packet to determine
> if it is an NDS version 9 or version 10 request. The reply packet has
> conditional return values based upon the flags in the NDS 10 request.
> NDS 9 always returns a fixed length field in the reply packet.
>
> case NCP_SERVICE_REQUEST:
> proto_tree_add_uint_format(ncp_tree, hf_ncp_func, tvb, 6,
> 1,
> func, "Function: %d (0x%02X), %s",
> func, func, ncp_rec ? ncp_rec->name : "Unknown");
>
> proto_tree_add_uint_format(ncp_tree, hf_ncp_subfunc, tvb, 7, 1,
> subfunc, "SubFunction: %d (0x%02x)",
> subfunc, subfunc);
>
> proto_tree_add_uint_format(ncp_tree, hf_nds_version, tvb, 8, 4,
> nds_version, "NDS Version: (0x%x)",
> nds_version);
Unfortunately, in at least one capture I have, there *is* no version
number field in the ping request; the code
proto_tree_add_uint_format(ncp_tree, hf_nds_version, tvb, 8, 4,
nds_version, "NDS Version: (0x%x)",
nds_version);
causes a version of 0 to be put in, as "nds_version" is never actually
set, but, in the packet in question, if you click on it it highlights
stuff in the hex dump pane past the end of the packet. If you fix that
call to do
proto_tree_add_item(ncp_tree, hf_nds_version, tvb, 8, 4,
FALSE);
(or TRUE if the field is little-endian), it reports a "Malformed Packet"
error for the packet.