Hi Al, thanks for the quick reply. You are right, I repeatedly made a mistake in counting the fields.
I submitted a patch to the Wireshark guys and expect it to be incorporated soon. I'll send a notice when this is done. One more question: Are there more than one message type for BUNDLER messages? Best regards, Martin On 10/24/07, Stephens, Allan <[EMAIL PROTECTED]> wrote: > Hi Martin: > > Answers inline. > > -- Al > > > -----Original Message----- > > From: Martin Peylo [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, October 24, 2007 11:10 AM > > To: Stephens, Allan > > Cc: [email protected] > > Subject: Re: [tipc-discussion] Subdissectors for Wireshark Plug-in > > > > Hi Al, > > > > I'm nearly finished with the Wireshark dissector updates, > > I've just few small questions left. I removed everything of > > the previous mail which was clear to me. > > > > > > ROUTE_DISTRIBUTOR > > > "scope" is the normal TIPC scope indicator: > > > > > > - 1 (TIPC_ZONE_SCOPE) > > > - 2 (TIPC_CLUSTER_SCOPE) > > > - 3 (TIPC_NODE_SCOPE) > > > > Why is this field 4 bits instead of 2? > > I just wanted to leave some room for future expansion. (I've learned to > be paranoid about this sort of thing.) > > > > > - same question about "item size" as in NAME_DISTRIBUTOR. > > > > As I understand from the "Message Format Reference" document, > > it's 0 for pre-1.7 and 7 for 1.7. It might be >7 in later versions. > > > > Two questions: > > - Why is the word at offset 6 (dist,scope) not there (it's > > not 0, it's just not there) in the traces you sent me despite > > the item_size is 7? > > Is there a way this occures in the free wild (i.e. not a dev version)? > > - Is "0 < item_size < 7" somehow allowed? > > I don't see this problem. I'm viewing the trace using WireShark 0.99.6a > - SVN Rev 22276. Since the TIPC dissector doesn't understand the larger > item format it displays the first 5 fields, then 2 more fields, then > 'malformed packet: TIPC' -- but all 7 words of the item seem to be > there! > > > MSG_FRAGMENTER > > In the traces it looks like there is data in the words at > > offset 8+9 (where nothing should be) while there is an empy > > field not defined anywhere at offset 10? > > I don't see this problem, either. > > > MSG_BUNDLER > > I guess the traces are somehow produced during development - > > this would explain the bundling of a *single* message? > > Not quite. TIPC starts building message bundles when it detects link > congestion; however, if the congestion ends almost immediately it is > perfectly normal to see only a single bundle containing a single message > -- which is what we seem to have here. > > > Best regards, > > Martin > > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ tipc-discussion mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tipc-discussion
