ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online

Wireshark-dev: [Wireshark-dev] dissect_ip() and check for header length

From: Petr Sumbera <Petr.Sumbera@xxxxxxx>
Date: Wed, 08 Sep 2010 17:47:20 +0200
Hi,

I'm evaluating the way how to add support into Wireshark for Solaris snoop files with IP tunnel links data.

The data are basically RAW IP so I wouldn't have to write new dissector.

But the problem is that stored packets for *outgoing* traffic doesn't contain "Header length" (it's zero as at layer where it was captured it wasn't filled, the same case is for "Header checksum").

dissect_ip() for such packets will report just:
"Header length: %u bytes (bogus, must be at least %u)".

So we can either lighten this condition in dissect_ip() and continue with the packet processing (e.g if length and check sum is zero).

Or I can create new dissector which will just add correct header length and pass it along to dissect_ip().

Thanks for any comments/suggestions.

Petr