Wireshark · Wireshark-commits: [Wireshark-commits] rev 51356: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-tcp.c

Wireshark-commits: [Wireshark-commits] rev 51356: /trunk/epan/dissectors/ /trunk/epan/dissectors/:

Date: Wed, 14 Aug 2013 18:35:37 GMT

http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=51356

User: cmaynard
Date: 2013/08/14 11:35 AM

Log:
 Nowhere in the RFC's (793 or otherwise) does it indicate that if the URG bit is not set that the urgent pointer field must be zero.
 
 References:
 http://tools.ietf.org/html/rfc793, http://tools.ietf.org/html/rfc1122, ...
 http://www.wireshark.org/lists/ethereal-dev/200307/msg00297.html
 
 Similarly, nowhere does it say that the acknowledgment number field must be zero if the ACK bit is not set.
 
 This patch effectively reverts r37721.  If non-zero urgent pointers are of interest to you when the URG bit is not set, then a filter such as follows can be used:
 
     (tcp.flags.urg == 0) && !(tcp[18:2] == 00:00)
 
 Similarly, if non-zero acknowledgment numbers are of interest to you when the ACK bit is not set, then use this filter:
 
     (tcp.flags.ack == 0) && !(tcp.ack == 0)
 
 For consistency, should we avoid adding the ack field in this case as well?  The above filter would then change to:
 
     (tcp.flags.ack == 0) && !(tcp[8:4] == 00:00:00:00)
 
 This change was prompted by the following question on ask.wireshark.org:
 http://ask.wireshark.org/questions/23753/tcp-urgent-pointer-value-not-displayed

Directory: /trunk/epan/dissectors/
  Changes    Path            Action
  +12 -28    packet-tcp.c    Modified

Prev by Date: [Wireshark-commits] rev 51355: /trunk/epan/ /trunk/epan/: packet.c
Next by Date: [Wireshark-commits] rev 51357: /trunk-1.10/ /trunk-1.10/: ws_symbol_export.h
Previous by thread: [Wireshark-commits] rev 51355: /trunk/epan/ /trunk/epan/: packet.c
Next by thread: [Wireshark-commits] rev 51357: /trunk-1.10/ /trunk-1.10/: ws_symbol_export.h
Index(es):
- Date
- Thread