-----Original Message----- From: Wireshark-dev <wireshark-dev-boun...@wireshark.org> On Behalf Of João Valverde Sent: den 21 januari 2020 15:47 To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] q on catching error in sub-dissectors.
On 21/01/20 14:33, Christian Hopps wrote: > So I've got a payload of packets in a single frame. I'm calling > dissector_try_uint_new() to dissect each payload (typically IPv4 packets). > Some of these packets are considered "malformed" by wireshark (e.g., created > by scapy/trex with some bogus values). > > The problem I'm hitting is that the first malformed inner packet fails all > the way out of my parent dissector, so it doesn't dissect any of the other > packets in the payload. > > Another problem I'm having is that the IP sub-dissector is overwriting my > source and destination addresses in the pinfo/tree (not sure which doesn't > really matter). > > Summary: > > - How can I "catch" errors in a subdissector so I can call other > sub-dissectors? Use TRY/CATCH (in epan/exceptions.h). > - How can I "block" sub-dissectors from overwriting my outer header > information? I don't think you can. Maybe your IPTFS dissector can set it after the sub-dissectors run. Not sure how you want it, there is col_set_fence() > > Thanks, > Chris. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
smime.p7s
Description: S/MIME cryptographic signature
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
