Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Hierarchy of fields & offsets again, more potential offender

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Wed, 9 Aug 2017 19:05:52 +0200
Hi Stig (and Sake),

2017-08-02 22:24 GMT+02:00 Stig Bjørlykke <stig@xxxxxxxxxxxxx>:
On Wed, Aug 2, 2017 at 10:03 PM, Sultan, Hassan via Wireshark-dev
<wireshark-dev@xxxxxxxxxxxxx> wrote:
> Regarding tcp.payload, I don't think tcp.payload in itself has any problems. I think the issue lies in tcp showing a length of 32 only, even though it has tcp.payload as its child.

The tcp.payload field was recently added, have a look at
https://code.wireshark.org/review/22374

I do agree that this is displayed wrong and should be fixed.
Increasing the length of the TCP header would be wrong because the
payload is dissected by upper protocols and does belong with the TCP
header.  Putting it at top level would also be wrong because it's not
a protocol.

What about marking it as PROTO_ITEM_SET_GENERATED() as a first step? Tis value is inferred from the tvb length and not a real field.

Regards,
Pascal.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube