Wireshark mailing list archives

Re: q on catching error in sub-dissectors.

From: Anders Broman via Wireshark-dev <wireshark-dev () wireshark org>
Date: Tue, 21 Jan 2020 15:24:26 +0000



-----Original Message-----
From: Wireshark-dev <wireshark-dev-bounces () wireshark org> On Behalf Of João Valverde
Sent: den 21 januari 2020 15:47
To: wireshark-dev () wireshark org
Subject: Re: [Wireshark-dev] q on catching error in sub-dissectors.



On 21/01/20 14:33, Christian Hopps wrote:

So I've got a payload of packets in a single frame. I'm calling dissector_try_uint_new() to dissect each payload 
(typically IPv4 packets). Some of these packets are considered "malformed" by wireshark (e.g., created by scapy/trex 
with some bogus values).

The problem I'm hitting is that the first malformed inner packet fails all the way out of my parent dissector, so it 
doesn't dissect any of the other packets in the payload.

Another problem I'm having is that the IP sub-dissector is overwriting my source and destination addresses in the 
pinfo/tree (not sure which doesn't really matter).

Summary:

- How can I "catch" errors in a subdissector so I can call other sub-dissectors?


Use TRY/CATCH (in epan/exceptions.h).

- How can I "block" sub-dissectors from overwriting my outer header information?


I don't think you can. Maybe your IPTFS dissector can set it after the sub-dissectors run.

Not sure how you want it, there is col_set_fence()


Thanks,
Chris.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
              
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Attachment: smime.p7s
Description:

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

q on catching error in sub-dissectors. Christian Hopps (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
  - Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
    - Re: q on catching error in sub-dissectors. Jeff Morriss (Jan 21)
    - Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
    - Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
    - Re: q on catching error in sub-dissectors. Christian Hopps (Jan 21)
    - Re: q on catching error in sub-dissectors. João Valverde (Jan 22)
    - Re: q on catching error in sub-dissectors. Christian Hopps (Jan 22)
    - Re: q on catching error in sub-dissectors. João Valverde (Jan 23)
  - Re: q on catching error in sub-dissectors. Anders Broman via Wireshark-dev (Jan 21)
    - Re: q on catching error in sub-dissectors. Christian Hopps (Jan 21)
  - Re: q on catching error in sub-dissectors. Christian Hopps (Jan 21)