This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

CRC16-TVB checksum custom dissector CRC

0

Hi Iam developing custom dissector using wieshark 1.113 , iam trying for CRC tree uusing crc16_ccitt_tvb() (my polynominal is (x16 + x12 + x5 + 1))and i can able to see results correctly.

But its showing reverse (eg. my 2 byte CRC is 52 AC my wireshark shows as CRC 0X52AC [CORRECT] but actually i suppose to get CRC 0XAC52 [CORRECT] here below my code.

checksum_offset = reported_length - 2;
checksum = tvb_get_ntohs(tvb, checksum_offset);
checksum_calculated = crc16_ccitt_tvb(tvb, checksum_offset);
checksum_calculated = g_htons(checksum_calculated);
  /* Note: g_htons() macro may eval arg multiple times */

if (checksum == checksum_calculated) {
checksum_ti = proto_tree_add_uint_format_value(PARENT_tree, hf_PARENT_CRC, tvb, checksum_offset, 2, 0, "0x%04x [correct]", checksum, ENC_LITTLE_ENDIAN);
checksum_tree = proto_item_add_subtree(checksum_ti, ett_PARENT_CRC);
proto_tree_add_boolean(checksum_tree, hf_PARENT_cksum_gd, tvb,checksum_offset, 2, TRUE);
proto_tree_add_boolean(checksum_tree, hf_PARENT_cksum_bd, tvb, checksum_offset, 2, FALSE);
} else {
checksum_ti = proto_tree_add_uint_format_value(PARENT_tree, hf_PARENT_CRC, tvb, checksum_offset, 2, 0, "0x%04x [incorrect, should be 0x%04x]", checksum, checksum_calculated, ENC_LITTLE_ENDIAN);
checksum_tree = proto_item_add_subtree(checksum_ti, ett_PARENT_CRC);
proto_tree_add_boolean(checksum_tree, hf_PARENT_cksum_gd, tvb, checksum_offset, 2, FALSE);
proto_tree_add_boolean(checksum_tree, hf_PARENT_cksum_bd, tvb, checksum_offset, 2, TRUE);
}

asked 27 May ‘14, 01:31

umar's gravatar image

umar
26222427
accept rate: 0%

edited 27 May ‘14, 02:55

grahamb's gravatar image

grahamb ♦
19.8k330206

@mrajsekar I’ve already fixed the formatting once, if you edit it again please use the “code” button to format code correctly (or use code tags around the code).

(27 May ‘14, 02:54) grahamb ♦

2 Answers:

0

Just a wild guess: Please try ENC_BIG_ENDIAN instead of ENC_LITTLE_ENDIAN.

Regards
Kurt

answered 27 May '14, 12:43

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

proto_tree_add_uint_format_value() takes, as the value argument and as arguments to the format string, values in the host byte order, so don't do

checksum_calculated = g_htons(checksum_calculated);

Also, all arguments to proto_tree_add_uint_format_value() after the format string are arguments to the format string, and proto_tree_add_uint_format_value() doesn't fetch any values, so leave the ENC_LITTLE_ENDIAN argument out.

answered 27 May '14, 12:47

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Hi

Thanks for the reply

Found the issue from checksum = tvb_get_ntohs(tvb, checksum_offset);

This FETCH value in BIG Endian

I hve used checksum = tvb_get_letohs(tvb, checksum_offset);

Issue settled. Thanks!:)

(27 May '14, 21:02) umar