This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can’t read 64-bit SNMP values

0

I can read only until 63 bits (0x7FFFFFFFFFFFFFFF)

With full 64-bit values I got this error:

[Dissector bug, protocol SNMP: proto.c:1317: failed assertion "length <= 8 && length >= 1"]

Can you help me?

asked 30 Aug '11, 03:24

Jbit's gravatar image

Jbit
1111
accept rate: 0%


2 Answers:

2

It's a signed/unsigned BER encoding thing. You try to set a Counter64 [APPLICATION 6], which is an unsigned 64 bit integer. That, in BER encoding, results in an extra zero octet prefixed to the value so that it has no sign bit set. That whole value is feed into the presentation routines found in proto.c, but these are fixed size, so a zero octet prefix breaks the size check, as you've seen.

So there you have it, a mismatch between TLV encoded values (BER) and fixed size values (typed values). The SNMP dissector should convert between these worlds, obviously it doesn't do a well enough job here. You can file a bug report on this, with a sample capture, at bugs.wireshark.org.

answered 30 Aug '11, 05:32

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

0

I haven't done dissector coding myself, but in programming environments that kind of problem usually points to an off-by-one error, meaning that you started counting at 1 to n instead of 0 to n-1.

answered 30 Aug '11, 04:15

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%