Wireshark · Wireshark-dev: Re: [Wireshark-dev] proto_tree_add_item() calls where length doesn't match type of hf item

Wireshark-dev: Re: [Wireshark-dev] proto_tree_add_item() calls where length doesn't match type

From: Guy Harris <gharris@xxxxxxxxx>

Date: Fri, 16 Oct 2020 15:14:46 -0700

On Oct 16, 2020, at 2:54 PM, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> wrote:

> There might be some protocols where there was (say) a 7 byte integer field, so the dissector writer had to round it up to the nearest supported size, but again I didn't see that.

That's because the nearest supported size is FT_{U}INT56, so no rounding up would have been necessary unless there was a time after we introduced FT_{U}INT64 but before we introduced FT_{U}INT{40,48,56}.

> Another clue is the amount by which 'offset' might be added to in the very next line (i.e. which size does it match?), but that would be hard to reliably parse.

Sadly, C is far from being a good packet description language.

Follow-Ups:
- Re: [Wireshark-dev] proto_tree_add_item() calls where length doesn't match type of hf item
  - From: Martin Mathieson

References:
- [Wireshark-dev] proto_tree_add_item() calls where length doesn't match type of hf item
  - From: Martin Mathieson
- Re: [Wireshark-dev] proto_tree_add_item() calls where length doesn't match type of hf item
  - From: Guy Harris
- Re: [Wireshark-dev] proto_tree_add_item() calls where length doesn't match type of hf item
  - From: Martin Mathieson

Prev by Date: Re: [Wireshark-dev] proto_tree_add_item() calls where length doesn't match type of hf item
Next by Date: [Wireshark-dev] Do Lua Postdissectors still work with the most recent versions of Wireshark
Previous by thread: Re: [Wireshark-dev] proto_tree_add_item() calls where length doesn't match type of hf item
Next by thread: Re: [Wireshark-dev] proto_tree_add_item() calls where length doesn't match type of hf item
Index(es):
- Date
- Thread