Awesome, thanks ! So shall I assume that whenever I detect something of the kind, it's an issue that needs resolved ?
If that's the case I'll be more than happy to add detection for this in my code and run a bunch of captures through it to detect them all (or at least as many as the captures allow me to detect). Also, is the smb2 case a bug as well ? Thx, Hassan -----Original Message----- From: Guy Harris [mailto:[email protected]] Sent: Tuesday, July 25, 2017 3:45 PM To: Developer support list for Wireshark <[email protected]> Cc: Sultan, Hassan <[email protected]> Subject: "[UNVERIFIED SENDER]Re: [Wireshark-dev] Hierarchy of fields & offsets On Jul 25, 2017, at 3:26 PM, Sultan, Hassan via Wireshark-dev <[email protected]> wrote: > Any reason why this is done in this way? I don't know, but, whatever it is, it's not a *good* reason. Perhaps they didn't know how to handle a request whose length isn't known until you finish dissecting it. The answer is "give it an initial length of -1, to cover the rest of the data, and then set the length at the end"; I've changed the MySQL dissector in the master and 2.4 branches to do that. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
