Wireshark-bugs: [Wireshark-bugs] [Bug 11007] New: Missing field "tcp.pdu.size" in TCP stack
Bug ID |
11007
|
Summary |
Missing field "tcp.pdu.size" in TCP stack
|
Product |
Wireshark
|
Version |
1.99.x (Experimental)
|
Hardware |
All
|
OS |
Red Hat
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
tibensky233@gmail.com
|
Created attachment 13474 [details]
pcap that should display "PDU Size: 880" in TCP tree
Build Information:
wireshark 1.12.3 (281652b from master)
Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 3.12.2, with Cairo 1.14.0, with Pango 1.36.8, with
GLib 2.42.1, with libpcap, with libz 1.2.3, without POSIX capabilities, without
libnl, without SMI, without c-ares, without ADNS, without Lua, without Python,
with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP, with
PortAudio V19-devel (built Feb 24 2015 11:32:09), with AirPcap.
Running on Linux 2.6.32-220.7.1.el6.x86_64, with locale en_US.UTF-8, with
libpcap version 1.4.0, with libz 1.2.3, GnuTLS 2.8.5, Gcrypt 1.4.5, without
AirPcap.
Intel(R) Xeon(R) CPU X3440 @ 2.53GHz
Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-3).
--
According to documentation "The field is populated if the protocol runing atop
of TCP uses tcp_dissect_pdus()", which is our case.
https://ask.wireshark.org/questions/23868/what-is-the-purpose-of-tcppdusize-filter
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=doc/README.dissector
function tcp_dissect_pdus() from epan/dissectors/packet-tcp.c is called
item=proto_tree_add_uint((proto_tree
*)p_get_proto_data(pinfo->pool, pinfo, proto_tcp, pinfo->curr_layer_num),
hf_tcp_pdu_size,
tvb, offset, plen, plen);
but p_get_proto_data returns nil, that is why this field is not populated.
This worked correctly in wireshark version 1.10.3
You are receiving this mail because:
- You are watching all bug changes.