Guy,
You're asking me a question I don't think I know how to answer (darned
amateurs :-).
The dissector in question is packet-wlccp.c.
Regarding heuristic or not, I still don't fully understand what the
difference is. I don't think this one is heuristic, and this should be the
top layer protocol, so I wouldn't need to hand it off to another recipient.
--kan--
--
Kevin A. Noll, KD4WOZ
CCIE, CCDP
Versatile, Inc.
Kevin.Noll@xxxxxxxxxxxxx
+1-717-796-1936
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Wednesday, May 09, 2007 3:06 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Check for end of packet?
Kevin A. Noll wrote:
>
> I know this should be easy to do, but I can't find it written down in
> anything I can readily find...
>
> I'm trying to decode a packet that has TLVs at the end of it. One of
> the possible TLVs is a "NULL" TLV, which is simply one or more bytes
> with the zero value. However, if it's any other kind of TLV, it is
> likely to start with a zero and then be followed by another value that
> indicates the actual type.
>
> How do I check for that second byte without reading past the end of
> the packet buffer?
How does the code that receives one of these packets check for it?
("It is likely" makes it sound as if this would be a heuristic. The actual
recipient of one of these packets doesn't have to use a heuristic, does it?)
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
