Wireshark-bugs: [Wireshark-bugs] [Bug 8275] Basic dissector: FIPA/ACL Message protocol over TCP
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 29 Jun 2013 00:43:16 +0000

Comment # 18 on bug 8275 from 
> > - In some places (such as acl_get_bounds, though there may be others) it
> > probably makes sense to use tvb_reported_length() instead of just
> > tvb_length(), as this will behave better with captures that were truncated.
> OK?: I  am not sure I truly understand the difference between the two
> functions. 

When capturing packets, there is an option to only capture the first so many
bytes of each packet (if, for example, you're only interested in the TCP
headers and not the payloads, this can make capture much faster). In this case,
tvb_reported_length() will be the real size that was sent on the wire while
tvb_length() will be only what was captured. It's usually better to use
tvb_reported_length() because that way the packet *looks* like the right length
to the dissector, and if it runs past what was actually captured Wireshark
automatically stops and just says 'packet truncated at capture time'.

> Evan, thank you for your comments. I hope this version is closer to what you
> are expecting.

Very much nicer, thank you! Just a few more comments :)

- There is a function tvb_find_guint8() that I think you can use instead of
manually looping through the tvb looking for specific values (for example in
acl_get_bounds).

- There is now a new expert information API where you can register your expert
info items similar to how you register your hf items. Look for ei_ in
packet-bthfp.c for a good example how to use it.

- Please include your dissector in epan/CMakeLists.txt as well as
epan/dissectors/Makefile.common

- ./tools/checkhf.pl complains: Unused entry: epan/dissectors/packet-acl.c,
hf_acl_body

- ./tools/checkAPIs.pl complains: Error: Found C++ style comments in
epan/dissectors/packet-acl.c

- Are all of the default ports registered with the IANA? If not, it may be
better to not register on them by default to avoid conflicts with officially
registered ports.

You are receiving this mail because:
  • You are watching all bug changes.