Ops. As I was not subscribed to the alias I missed that the mail
actually went though and it even got answer from Guy:
>...which means, of course, that no outgoing IPv4 traffic *ever* has IP
>options.
>Otherwise, outgoing IPv4 packets would be undissectable unless the
>IPv4 header length is available elsewhere; you cannot dissect an IPv4
>header unless you know how big it is, as it's not fixed-length (it's a
>fixed-length 20-byte portion followed by 0 or more bytes of options).
I know how big IP packet is. tvb_length(tvb) tells me...
So shall I create new dissector which will do something like this?
if (!tvb_get_ntohs(tvb, 2)) /* ip packet length is zero */
{
length = (guint16*)tvb_get_ptr(tvb, 2, 2);
*length = (guint16)htons(tvb_length(tvb));
}
call_dissector(ip_handle, tvb, pinfo, tree);
return;
--
Thanks,
Petr
Dne 16.09.10 15:34, Petr Sumbera napsal(a):
Hi,
I'm evaluating the way how to add support into Wireshark for Solaris
snoop files with IP tunnel links data.
The data are basically RAW IP so I wouldn't have to write new dissector.
But the problem is that stored packets for *outgoing* traffic doesn't
contain "Header length" (it's zero as at layer where it was captured it
wasn't filled, the same case is for "Header checksum").
dissect_ip() for such packets will report just:
"Header length: %u bytes (bogus, must be at least %u)".
So we can either lighten this condition in dissect_ip() and continue
with the packet processing (e.g if length and check sum is zero).
Or I can create new dissector which will just add correct header length
and pass it along to dissect_ip().
Thanks for any comments/suggestions.
Petr
