Wireshark mailing list archives
Re: q on catching error in sub-dissectors.
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Tue, 21 Jan 2020 11:01:15 -0500
We've been having fun with multiple PDUs in a single IP frame with SCTP for years. While there's room for improvement it's worked pretty well. On Tue, Jan 21, 2020 at 9:58 AM João Valverde < joao.valverde () tecnico ulisboa pt> wrote:
By the way usually a tunnel encapsulates a single packet. I'm not aware of any other protocol multiplexing at the IP level. I would assume Wireshark requires some replumbing to handle that. Something like TFS being treated as a framing layer. Just food for thought. On 21/01/20 14:46, João Valverde wrote:On 21/01/20 14:33, Christian Hopps wrote:So I've got a payload of packets in a single frame. I'm calling dissector_try_uint_new() to dissect each payload (typically IPv4 packets). Some of these packets are considered "malformed" by wireshark (e.g., created by scapy/trex with some bogus values). The problem I'm hitting is that the first malformed inner packet fails all the way out of my parent dissector, so it doesn't dissect any of the other packets in the payload. Another problem I'm having is that the IP sub-dissector is overwriting my source and destination addresses in the pinfo/tree (not sure which doesn't really matter). Summary: - How can I "catch" errors in a subdissector so I can call other sub-dissectors?Use TRY/CATCH (in epan/exceptions.h).- How can I "block" sub-dissectors from overwriting my outer header information?I don't think you can. Maybe your IPTFS dissector can set it after the sub-dissectors run.Thanks, Chris.___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- q on catching error in sub-dissectors. Christian Hopps (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. Jeff Morriss (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. Christian Hopps (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 22)
- Re: q on catching error in sub-dissectors. Christian Hopps (Jan 22)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 23)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. Christian Hopps (Jan 21)