Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Hierarchy of fields & offsets again, more potential offender

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Thu, 10 Aug 2017 08:50:04 +0200


Le 10 août 2017 00:03, "Alexis La Goutte" <alexis.lagoutte@xxxxxxxxx> a écrit :


On Wed, Aug 9, 2017 at 7:05 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
Hi Stig (and Sake),

2017-08-02 22:24 GMT+02:00 Stig Bjørlykke <stig@xxxxxxxxxxxxx>:
On Wed, Aug 2, 2017 at 10:03 PM, Sultan, Hassan via Wireshark-dev
<wireshark-dev@xxxxxxxxxxxxx> wrote:
> Regarding tcp.payload, I don't think tcp.payload in itself has any problems. I think the issue lies in tcp showing a length of 32 only, even though it has tcp.payload as its child.

The tcp.payload field was recently added, have a look at
https://code.wireshark.org/review/22374

I do agree that this is displayed wrong and should be fixed.
Increasing the length of the TCP header would be wrong because the
payload is dissected by upper protocols and does belong with the TCP
header.  Putting it at top level would also be wrong because it's not
a protocol.

What about marking it as PROTO_ITEM_SET_GENERATED() as a first step? Tis value is inferred from the tvb length and not a real field.
tcp.payload is not really GENERATED... (for me)

It is inferred from the remaining length and not explicitly transmitted in the header. This matches rather well the PROTO_ITEM_SET_GENERATED definition.
I'm not sure if this could be of any help for Hassan's parser or not.


Regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe