Wireshark-bugs: [Wireshark-bugs] [Bug 8490] Dissector for NASDAQ's OUCH 4.x protocol
Date: Mon, 18 Mar 2013 11:41:29 +0000

Comment # 4 on bug 8490 from
(In reply to comment #2)
> Thanks (again) for the feedback; much appreciated.
> 
> re: tvb_reported_length(), do I understand correctly that
> tvb->reported_length is what the packet headers have indicated, but
> tvb->length is what's actually in the buffer?

Not exactly what the packet headers have indicated, but what the capture
software sees on the wire. In normal use they're the same, but if you pass the
-s flag to tcpdump or wireshark then:
- reported_length is set to what was actually on the wire
- length = min(reported_length, snapshot_length) is the amount read in and
saved to disk (anything beyond the specified snapshot length is discarded)

http://www.tcpdump.org/tcpdump_man.html
https://www.wireshark.org/docs/man-pages/wireshark.html

If you try and access data beyond length but not beyond reported_length then
Wireshark already throws up a handy message to the user along the lines of
"Can't dissect further with a truncated packet, sorry" and moves on to the next
packet automatically.


You are receiving this mail because:
  • You are watching all bug changes.