Wireshark-commits: [Wireshark-commits] rev 48201: /trunk/epan/dissectors/ /trunk/epan/dissectors/:
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=48201
User: guy
Date: 2013/03/08 11:56 AM
Log:
Dissect the DCCP header by stepping through it a field at a time and
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
Directory: /trunk/epan/dissectors/
Changes Path Action
+162 -170 packet-dccp.c Modified