Wireshark · Ethereal-users: Re: [Ethereal-users] Query

Ethereal-users: Re: [Ethereal-users] Query - Bug reports go where?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Thu, 28 Aug 2003 22:22:31 -0700


On Thursday, August 28, 2003, at 9:34 AM, Paul Thrower wrote:

Having just downloaded Ethereal 0.9.14 for Win32 to test a SNMPutility I'm writing, I'm convinced I've come across a bug withEthereal's SNMP protocol decode, and I'd like to report it....but towhom do I address bug reports?

ethereal-dev. This is mentioned in the README file that's part of theWin32 installation package; I don't know whether we mention it anywhereelse, though. A number of packages, when installed, pop up a windowshowing release notes or a README file or something such as that;perhaps we should, if possible, have NSIS do that with the README filewhen you install Ethereal.

If anyone is interested, here's what I've noticed :-
When sending an SNMP datagram containing a SET PDU, and the PDUcontains a NEGATIVE integer, Ethereal's GUI decode tells me it's aPOSITIVE number. E.G. Object is set to -2, but Ethereal displays 254.The object *is* encoded correctly, E.G 0x02 01 FE, meaning'Integer','Short Definite Length of 1 octet' and the 2's complimentversion of -2. ASN1 BER rules state since the MS bit is set, this is anegative integer....

I think I know what might be causing this (in"asn1_int32_value_decode()", the


	*integer = (gint) ch;

doesn't, I think, sign-extend enything - "ch" is a "guchar", so it's anumber from 0 to 255, and, as that value can be represented in a"gint32" ("integer" is a "gint32 *"), its value is directly assigned.


If, however, it were

	*integer = (gchar) ch;

the conversion is, according to ANSI C89, implementation-defined forvalues from 128 to 255. However:

1) there's no easy "right" way to do it ("asn1_octet_decode()" takes,as its second argument, a "guchar *", so you're cheating if you pass apointer to a "gchar")

and

2) on two's complement implementations, the conversion is probably theresult of just assigning the bits, which is what we want


so that's probably the best answer.

I don't know for certain that's the problem, though, so:

Capture file in libcap format and screenshot available on request.


...a copy of the capture file would be helpful, for testing.

References:
- [Ethereal-users] Query - Bug reports go where?
  - From: Paul Thrower

Prev by Date: Re: [Ethereal-users] How do I decode RTP ?
Next by Date: [Ethereal-users] Log to Mysql
Previous by thread: [Ethereal-users] Query - Bug reports go where?
Next by thread: [Ethereal-users] Log to Mysql
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$