Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Dropping tcp.pdu.size? (was: Re: Buildbot test failures - wslua)

From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Thu, 12 Mar 2015 03:32:56 +0100
Hi,

On Wed, Mar 11, 2015 at 05:25:17PM +0100, Pascal Quantin wrote:
[..]
> yes I was about to denounce me but Alexis beat me :). This is a side effect
> of the fix for bug 11007 where the addition of the PDU size item was broken
> since some time.
> I know that Peter is debating the usefulness of this field. In the meantime
> we should fix the test suite to pacify the buildbot.
> I can give it a try tonight but if someone is courageous enough to fix it
> earlier, feel free.

I was indeed questioning the usefulness of this field in bug 11007[1].

For a background, the tcp.pdu.size field was added by Ronnie while a
user was having a different problem with a HTTP Content-Length field[2].
Since the addition, tcp_dissect_pdus has been advertised in the
developer documentation for reassembling arbitrary messages.

Now, most protocols will have a field where you can read the length of
the PDU making the tcp.pdu.size field superfluous.

When the protocol is not on top of TCP, it now still shows up in the TCP
tree since Pascals change. If it is on top of TLS, the length is not
related to TCP at all.

What is the usefulness of tcp.pdu.len when you cannot select the bytes
themselves for export in tshark?

So, what about removing tcp.pdu.size? Are there any objections? Most
users seem to encounter it, but not use it (see bug report).
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl

 [1]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11007
 [2]: https://www.wireshark.org/lists/wireshark-users/200611/msg00167.html