Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hierarchy of fields & offsets again, more potential offenders

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Thu, 10 Aug 2017 08:50:04 +0200
Le 10 août 2017 00:03, "Alexis La Goutte" <alexis.lagoutte () gmail com> a
écrit :



On Wed, Aug 9, 2017 at 7:05 PM, Pascal Quantin <pascal.quantin () gmail com>
wrote:


Hi Stig (and Sake),

2017-08-02 22:24 GMT+02:00 Stig Bjørlykke <stig () bjorlykke org>:


On Wed, Aug 2, 2017 at 10:03 PM, Sultan, Hassan via Wireshark-dev
<wireshark-dev () wireshark org> wrote:

Regarding tcp.payload, I don't think tcp.payload in itself has any

problems. I think the issue lies in tcp showing a length of 32 only, even
though it has tcp.payload as its child.

The tcp.payload field was recently added, have a look at
https://code.wireshark.org/review/22374

I do agree that this is displayed wrong and should be fixed.
Increasing the length of the TCP header would be wrong because the
payload is dissected by upper protocols and does belong with the TCP
header.  Putting it at top level would also be wrong because it's not
a protocol.



What about marking it as PROTO_ITEM_SET_GENERATED() as a first step? Tis
value is inferred from the tvb length and not a real field.


tcp.payload is not really GENERATED... (for me)


It is inferred from the remaining length and not explicitly transmitted in
the header. This matches rather well the PROTO_ITEM_SET_GENERATED
definition.
I'm not sure if this could be of any help for Hassan's parser or not.



Regards,
Pascal.

____________________________________________________________
_______________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscr
ibe




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: