Wireshark · Wireshark-dev: Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dissector

Wireshark-dev: Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dis

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 24 Apr 2009 09:42:14 -0700


On Apr 24, 2009, at 8:31 AM, Armin Zimmermann wrote:

The reason I want to know this is that tvb_reported_length() givesme the length of the data without the TCP-Header but in case of anUDP package it gives me the length of the data included the UDPHeader.

Not if you have a heuristics UDP dissector, it doesn't. Heuristic UDPdissectors - i.e., dissectors registered withheur_dissector_add("udp", dissect_XXX, proto_XXX) - get passed atvbuff containing the UDP *payload*, not including the header, sotvb_reported_length() will not include the size of the UDP header.

The same is true for heuristic TCP dissectors - you get a tvbuffcontaining the TCP segment's contents, not including the TCP header.

References:
- [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dissector_add()
  - From: Eddie . 1
- Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dissector_add()
  - From: Guy Harris
- Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dissector_add()
  - From: Armin Zimmermann
- Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dissector_add()
  - From: Armin Zimmermann

Prev by Date: [Wireshark-dev] Re : dissector_add(tcp.proto... / where to find parameter for dissector_add()
Next by Date: Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dissector_add()
Previous by thread: Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dissector_add()
Next by thread: Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dissector_add()
Index(es):
- Date
- Thread