Wireshark-bugs: [Wireshark-bugs] [Bug 11007] New: Missing field "tcp.pdu.size" in TCP stack
Date: Wed, 25 Feb 2015 13:04:00 +0000
Bug ID 11007
Summary Missing field "tcp.pdu.size" in TCP stack
Product Wireshark
Version 1.99.x (Experimental)
Hardware All
OS Red Hat
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter tibensky233@gmail.com

Created attachment 13474 [details]
pcap that should display "PDU Size: 880" in TCP tree

Build Information:
wireshark 1.12.3 (281652b from master)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.12.2, with Cairo 1.14.0, with Pango 1.36.8, with
GLib 2.42.1, with libpcap, with libz 1.2.3, without POSIX capabilities, without
libnl, without SMI, without c-ares, without ADNS, without Lua, without Python,
with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP, with
PortAudio V19-devel (built Feb 24 2015 11:32:09), with AirPcap.

Running on Linux 2.6.32-220.7.1.el6.x86_64, with locale en_US.UTF-8, with
libpcap version 1.4.0, with libz 1.2.3, GnuTLS 2.8.5, Gcrypt 1.4.5, without
AirPcap.
Intel(R) Xeon(R) CPU           X3440  @ 2.53GHz

Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-3).

--
According to documentation "The field is populated if the protocol runing atop
of TCP uses tcp_dissect_pdus()", which is our case.

https://ask.wireshark.org/questions/23868/what-is-the-purpose-of-tcppdusize-filter

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=doc/README.dissector

function tcp_dissect_pdus() from epan/dissectors/packet-tcp.c is called

            item=proto_tree_add_uint((proto_tree
*)p_get_proto_data(pinfo->pool, pinfo, proto_tcp, pinfo->curr_layer_num),
                                     hf_tcp_pdu_size,
                                     tvb, offset, plen, plen);

but p_get_proto_data returns nil, that is why this field is not populated.

This worked correctly in wireshark version 1.10.3


You are receiving this mail because:
  • You are watching all bug changes.