Re: "[UNVERIFIED SENDER]Re: Hierarchy of fields & offsets

["Sultan, Hassan via Wireshark-dev" <wireshark-dev () wireshark org>]

Awesome, thanks !

So shall I assume that whenever I detect something of the kind, it's an issue that needs resolved ?

If that's the case I'll be more than happy to add detection for this in my code and run a bunch of captures through it 
to detect them all (or at least as many as the captures allow me to detect).

Also, is the smb2 case a bug as well ?

Thx,

Hassan

-----Original Message-----
From: Guy Harris [mailto:guy () alum mit edu] 
Sent: Tuesday, July 25, 2017 3:45 PM
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Cc: Sultan, Hassan <sultah () amazon com>
Subject: "[UNVERIFIED SENDER]Re: [Wireshark-dev] Hierarchy of fields & offsets

On Jul 25, 2017, at 3:26 PM, Sultan, Hassan via Wireshark-dev <wireshark-dev () wireshark org> wrote:

> Any reason why this is done in this way?

I don't know, but, whatever it is, it's not a *good* reason.

Perhaps they didn't know how to handle a request whose length isn't known until you finish dissecting it.  The answer 
is "give it an initial length of -1, to cover the rest of the data, and then set the length at the end"; I've changed 
the MySQL dissector in the master and 2.4 branches to do that.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe