Wireshark-dev: Re: [Wireshark-dev] Stop dissection in get_pdu_len
From: Tobias Weiss <[email protected]>
Date: Thu, 24 May 2012 15:09:15 -0400
Ok, I'm damned to use tcp_dissect_pdus() and I found an incorrect comment
in packet.h:

 * Dissector that returns:
 *	The amount of data in the protocol's PDU, if it was able to
 *	dissect all the data;
 *	0, if the tvbuff doesn't contain a PDU for that protocol;
 *	The negative of the amount of additional data needed, if
 *	we need more data (e.g., from subsequent TCP segments) to
 *	dissect the entire PDU.
typedef int (*new_dissector_t)(tvbuff_t *, packet_info *, proto_tree *);

The third clause is just wrong as the lower layers do not care about
negative values! This should be fixed as it is completely misleading...


Tobias Weiss wrote on 05/24/2012 02:18:36 PM:
> I just read about heuristic dissectors after you mentioned them. While
> reading the README.heuristig I figured out that instead of using
> create_dissector_handle() I would be better off with
> new_create_dissector_handle(). The only reason I'm using tcp_dissect_pdus
> is because sometimes my messages are split over 2 or more TCP frames. I
> guess using new_create_dissector_handle() and returning a negative value
> that case would be 1) much easier and 2) a bit faster, right??