Wireshark · Ethereal-dev: Re: [Ethereal-dev] Re: DNP3 Dissector Additions

Ethereal-dev: Re: [Ethereal-dev] Re: DNP3 Dissector Additions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Chris Bontje <chrisbontje@xxxxxxx>

Date: Tue, 21 Jun 2005 06:32:28 -0600

Ronnie,

The code should be up-to-date with the latest changes checked into svn, but I don't have the utility to actually sync up to it.  I believe the latest changes applied to it were the addition of *frag_tree_item; to proto_items @ line 1432 of the diff & the usage of this in the 'show_fragment_seq_tree' @ line 1663.  I can try and get it synced up tonight if it is required.  

As far as the usage of proto_item_append_text(), I wasn't aware this function existed.  :)  I'll modify the code this evening to use this instead if it is prefered.

Thanks for the comments,

Chris

----- Original Message -----
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Tuesday, June 21, 2005 4:12 am
Subject: [Ethereal-dev] Re: DNP3 Dissector Additions

> the patch does not apply to current svn
> 
> functions such as flags_to_str16() does not check for writing beyond
> the end of the str buffer.
> Since flags_to_str16() are only used to populate the expansion line
> for the flag bits,
> can you not remove it and insert a
> if(flags&FLAG_VALUE)
> 	proto_item_append_text()
> after each of the proto_tree_add_boolean() call instead
> and avoid any potential buffer overflow?
> 
> 
> 
> 
> 
> On 6/21/05, Chris Bontje <chrisbontje@xxxxxxx> wrote:
> > All,
> > 
> > Here are the additions to the DNP3 dissector as promised.  I 
> would like to
> > submit this patch for the next version of Ethereal.  These 
> modifications> should be considered preliminary, here is a brief 
> summary of what was
> > added:
> > 
> > - Added Application Layer Object Decoding.  Supports IIN bits 
> and most of
> > the common objects & variations (Binary Inputs, Binary Outputs, 
> Control> Relay O/P Block, Binary Counters, Analog Inputs, Class 
> Data, Time Formats). 
> > Support will be added for other objects/vars as captures with 
> examples of
> > them can be provided.
> > 
> > - Added support for more Application Layer function codes.  
> Support for
> > remaining codes will be added in as captures can be provided.
> > 
> > - Added UDP/IP port 20000 as a default DNP3 port (in addition to 
> TCP/IP port
> > 20000), as registered with regulatory bodies.
> > 
> > - Started re-write to support fragments with multiple DNP3-
> frames and frames
> > seperated between multiple fragments (both UDP & TCP).
> > 
> > This dissector has been tested w/ a wide varity of DNP3 SCADA 
> captures, if
> > there is a capture that generates errors or invalid output, 
> please provide
> > it so appropriate fixes can be made! :)  The same goes for any 
> suggestions> or comments regarding the output formatting - just 
> because I like this
> > output doesn't mean someone else is expected to!
> > 
> > This diff file was created using the 'diff' util with the -u 
> command-line
> > switch, let me know if it is not acceptable for submission.  The 
> testing has
> > primarily been done on the VC6 platform, please let me know if 
> issues are
> > encountered w/ any *nix builds.
> > 
> > Thanks goes out to Graham Bloice for his invaluable assistance 
> w/ the whole
> > process of adding this support.
> > 
> > Regards,
> > 
> > Chris Bontje
> > Calgary, Alberta, Canada
> > 
> > ----- Original Message -----
> > From: Chris Bontje <chrisbontje@xxxxxxx>
> > Date: Saturday, June 4, 2005 8:01 pm
> > Subject: DNP3 Dissector Additions
> > 
> > > All,
> > > 
> > > I have recently been tinkering w/ the DNP3 dissector included 
> in 
> > > the latest public source release of Ethereal.
> > > 
> > > I've successfully added in Application Layer Decoding support 
> for 
> > > several objects and am planning on adding a mostly complete 
> > > library.  So far I have added in some of the most common 
> object 
> > > variations for Binary Inputs, Outputs, Analog Inputs (16-bit & 
> 32-
> > > bit) and Binary Counters.
> > > 
> > > I have several Ethereal captures from various SCADA networks 
> w/ 
> > > DNP3 traffic and have been punishment-testing my work to the 
> best 
> > > of my abilities...  so far so good!
> > > 
> > > When I'm satisified w/ my code, I'll be certain to post my 
> changes 
> > > to the source tree so that they can (hopefully) be included in 
> the 
> > > official release.
> > > 
> > > Here's hoping my intermediate-level coding is clean enough to 
> make 
> > > it into an excellent project like Ethereal!
> > > 
> > > Regards,
> > > 
> > > Chris Bontje
> > > Calgary, Alberta, Canada
> > > 
> > 
> >
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

Prev by Date: [Ethereal-dev] Buildbot crash output
Next by Date: [Ethereal-dev] My plugin worked with 0.10.10 but not with 0.10.11 (Windows dll)
Previous by thread: [Ethereal-dev] Re: DNP3 Dissector Additions
Next by thread: Re: [Ethereal-dev] Re: DNP3 Dissector Additions
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$