Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Stop dissection in get_pdu_len

From: Tobias Weiss <tweiss@xxxxxxxxxxxxxxx>
Date: Thu, 24 May 2012 15:09:15 -0400
Ok, I'm damned to use tcp_dissect_pdus() and I found an incorrect comment
in packet.h:

/*
 * Dissector that returns:
 *
 *	The amount of data in the protocol's PDU, if it was able to
 *	dissect all the data;
 *
 *	0, if the tvbuff doesn't contain a PDU for that protocol;
 *
 *	The negative of the amount of additional data needed, if
 *	we need more data (e.g., from subsequent TCP segments) to
 *	dissect the entire PDU.
 */
typedef int (*new_dissector_t)(tvbuff_t *, packet_info *, proto_tree *);

The third clause is just wrong as the lower layers do not care about
negative values! This should be fixed as it is completely misleading...

Tobi

Tobias Weiss wrote on 05/24/2012 02:18:36 PM:
> I just read about heuristic dissectors after you mentioned them. While
> reading the README.heuristig I figured out that instead of using
> create_dissector_handle() I would be better off with
> new_create_dissector_handle(). The only reason I'm using tcp_dissect_pdus
()
> is because sometimes my messages are split over 2 or more TCP frames. I
> guess using new_create_dissector_handle() and returning a negative value
in
> that case would be 1) much easier and 2) a bit faster, right??