You can certainly define any exception you want, and use it within your dissector.
There is also proto_tree_add_debug_text() for adding arbitrary text to proto_tree, as debug info. Is that what you are looking for? Gilbert On Sun, Jun 10, 2012 at 9:06 PM, Richard Sharpe <[email protected] > wrote: > Hi, > > I have a capture that contains an SMB NT TRANS SET SEC DESCRIPTOR request. > > The SMB request is spread across multiple TCP segments (ethernet > frames all), but because of heuristic dissector weirdness with respect > to NetBIOS PDUs, the segments are not reassembled. (However, in the > real world, we might not have captured some of the subsequent packets > anyway.) > > This screws up the dissection of the SD because the self-relative SD > format has a series of pointers to the various portions (Owner SID, > Group SID, SACL and DACL), but the Owner SID and Group SID come last, > typically with the DACL being first. > > Because it is logical to place the Owner SID and Group SID first in > the tree, these are dissected first, but will throw exceptions because > some or all of them is not available in this case. This causes the > whole SD to be undissected and it shows up as "Unreassembled Packet: > SMB" in the dissection. > > What I would rather do is wrap the dissection of each of the Owner and > Group SIDs in a try ... finally block and insert messages about them > not being available so we can try to dissect more of the information > that is actually there (ie, the DACL.) > > Of course, I will also investigate why the whole SMB request has not > been reassembled. > > -- > Regards, > Richard Sharpe > (何以解憂?唯有杜康。--曹操) > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
