Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Hierarchy of fields & offsets again, more potential offender

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Date: Thu, 10 Aug 2017 00:02:50 +0200


On Wed, Aug 9, 2017 at 7:05 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
Hi Stig (and Sake),

2017-08-02 22:24 GMT+02:00 Stig Bjørlykke <stig@xxxxxxxxxxxxx>:
On Wed, Aug 2, 2017 at 10:03 PM, Sultan, Hassan via Wireshark-dev
<wireshark-dev@xxxxxxxxxxxxx> wrote:
> Regarding tcp.payload, I don't think tcp.payload in itself has any problems. I think the issue lies in tcp showing a length of 32 only, even though it has tcp.payload as its child.

The tcp.payload field was recently added, have a look at
https://code.wireshark.org/review/22374

I do agree that this is displayed wrong and should be fixed.
Increasing the length of the TCP header would be wrong because the
payload is dissected by upper protocols and does belong with the TCP
header.  Putting it at top level would also be wrong because it's not
a protocol.

What about marking it as PROTO_ITEM_SET_GENERATED() as a first step? Tis value is inferred from the tvb length and not a real field.
tcp.payload is not really GENERATED... (for me)

Regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube