https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4743
--- Comment #4 from fabien <fabien.markart@xxxxxxxxx> 2010-05-05 11:32:05 PDT ---
Hi,
sorry, I might not have been clear enough.
127/128 pdu octets is about sabp initial message size (I suppose more largely
any sabp-pdu, initial, successful/unsuccessful outcome)
I removed 1 octet from message content (last octet of the frame, corresponding
of last octet from write-replace message content)
itu X691 (http://www.itu.int/ITU-T/studygroups/com17/languages/X.691-0207.pdf)
says that length is coded like this :
- less or equals to 127 : 1 octet (10.9.3.6)
- more than 127 and less than 16K : 2 octet with most significant bit to 1 and
size coded on 14 bits (10.9.3.7)
- more than 16K (see 10.9.3.8 not really interesting in our case)
you can see encoded size on offset 45.
that why when I remove 1 octet from message content, TCP PDU is 2 octets
smaller.
the issue seems to be that when SABP-PDU is less than 128 bytes, wireshark is
not able to find the correct format.
cf. hf_index == -1 in packet_per.c function dissect_per_length_determinant,
section /*
10.9.3.6 */
hope I'm clear enough and we agree :-)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
