Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4299] New: SocketCAN dissector patch

Date: Mon, 7 Dec 2009 02:23:41 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4299

--- Comment #9 from Felix Obenhuber <felix@xxxxxxxxxxxx> 2009-12-07 02:23:32 PST ---
>From the libpcap point of view, there are always 16 bytes captured, cause of
the size of struct can_frame. There is no truncation of the packet cause of
it's content. Would be possible to do so, but I think libpcap should pass
exactly what it receives.

In the dissector, the length of the frame on the wire (also shown in can.len),
is used, when the data dissector is called. This is done to hide
uninitialized/zero bytes and avoid confusion.

Maybe we should call the data dissector once again with the remaining bytes? 

Another possibility would be to call it twice:

* with the length reported in the frame
* 8 bytes, the maximum length.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.