Wireshark-bugs: [Wireshark-bugs] [Bug 9749] Fields TCP.len and UDP.length behave different in te
Comment # 3
on bug 9749
from Guy Harris
The TCP header has no length field; the payload length is the total length of
the TCP PDU (which is calculated from the value of a field in the *IP* header)
minus the length of the TCP header. The TCP dissector adds a calculated
"tcp.len" field giving the length of the TCP payload. See RFC 791:
http://tools.ietf.org/html/rfc791
The UDP header, for some not entirely obvious reason, *does* have a length
field, whose value is the length of the UDP payload *plus* the length of the
UDP header, even though, in an OS networking stack, presumably the UDP
implementation can be given the same "here's how big your part of the packet
is" value that the TCP implementation is. The UDP dissector adds a
"udp.length" field giving the value of the UDP header's length field. See RFC
768:
http://tools.ietf.org/html/rfc768
The UDP-Lite header is similar, but has no length field; instead, it has a
field that indicates how many bytes of the UDP-Lite packet, including the bytes
of the header, are covered by the checksum. The UDP-Lite dissector (which
mostly uses the same code path as the UDP dissector) adds a "udp.length" field
giving the UDP PDU length as determined by the size of the packet handed to it.
See RFC 3828:
http://tools.ietf.org/html/rfc3828
Perhaps the TCP dissector should rename the "tcp.len" field "tcp.payload_len",
and the UDP and UDP-Lite dissectors should add a "udp.payload_len" field, with
those fields having, as a value, the payload length.
You are receiving this mail because:
- You are watching all bug changes.