Wireshark mailing list archives
Re: the Fragment offset field in IP packet should follow the Raw bitstream?
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Tue, 23 Jun 2020 09:59:42 +0200
Hi, Oh, wasn’t expecting that. Digging further in the 3.0 branch I found that the bitfield was re-introduced, in 2.4. commit 558fe23226b69665dd66ee15bed2f7492653aa09 Author: Anders Broman <anders.broman () ericsson com> Date: Thu Jul 20 16:02:54 2017 +0200 [IP] Simplify paring of flags field by using proto_tree_add_bitmask_with_flags(). which was changed again and subsequently fixed: commit 89beba7ea6c4e53c53349d2dc730db6ff4644979 Author: João Valverde <joao.valverde () tecnico ulisboa pt> Date: Thu Jan 23 02:13:40 2020 +0000 IPv4: Fix display of Fragment Offset field Based on bug 16344 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16344 <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16344>) Thanks, Jaap
On 21 Jun 2020, at 04:26, damker <damker () sina com> wrote: my version was 3.0.6. when i upgrade to 3.0.11, it shows like this "Fragment offset: 856". damker 发件人: Jaap Keuter <mailto:jaap.keuter () xs4all nl> 发送时间: 2020-06-19 23:10 收件人: Community support list for Wireshark <mailto:wireshark-users () wireshark org> 主题: Re: [Wireshark-users]the Fragment offset field in IP packet should follow the Raw bitstream? That was a nice bit of source code archeology, but I’ve found that this format was changed in commit 7f6d5c04a86 with the comment: commit 7f6d5c04a869525d31e8d6e260d5195857481031 Author: Martin Mathieson <martin.r.mathieson () googlemail com <mailto:martin.r.mathieson () googlemail com>> Date: Wed Aug 29 15:35:27 2007 +0000 Don't show fragment offset as a bit field, but note number of bits used in long text. svn path=/trunk/; revision=22727 Note the date, that was back in 2007, so this format disappeared before Wireshark 1.0. Where did you get this from? Thanks, JaapOn 19 Jun 2020, at 09:48, damker <damker () sina com <mailto:damker () sina com>> wrote: an IP packet decode As follows: ... Flags: 0x006b 0... .... .... .... = Reserved bit: Not set .0.. .... .... .... = Don't fragment: Not set ..0. .... .... .... = More fragments: Not set ...0 0011 0101 1000 = Fragment offset: 856 Time to live: 128 I know that it says "The fragment offset is measured in units of 8 octets (64 bits)" in RFC 791. my question is: Flags = 0x006b, the "...0 0011 0101 1000 = Fragment offset: 856" should be "...0 0000 0110 1011 = Fragment offset: 856"? I think the second one is more clear. damker
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Leverage wireshark dissection tree in a 3rd party program Matt (Jun 17)
- the Fragment offset field in IP packet should follow the Raw bitstream? damker (Jun 19)
- Re: the Fragment offset field in IP packet should follow the Raw bitstream? Jaap Keuter (Jun 19)
- Re: [Wireshark-users] the Fragment offset field in IP packet should follow the Raw bitstream? damker (Jun 20)
- Re: the Fragment offset field in IP packet should follow the Raw bitstream? Jaap Keuter (Jun 23)
- Re: the Fragment offset field in IP packet should follow the Raw bitstream? Jaap Keuter (Jun 19)
- the Fragment offset field in IP packet should follow the Raw bitstream? damker (Jun 19)