Wireshark mailing list archives
Re: q on catching error in sub-dissectors.
From: João Valverde <joao.valverde () tecnico ulisboa pt>
Date: Tue, 21 Jan 2020 20:47:03 +0000
On 21/01/20 16:06, João Valverde wrote:
On 21/01/20 16:01, Jeff Morriss wrote:We've been having fun with multiple PDUs in a single IP frame with SCTP for years. While there's room for improvement it's worked pretty well.Maybe I didn't explain well, but that's completely different to multiple IP packets encapsulated in a single frame. L4 multiplexing is nothing new, I agree.
How would this protocol stack even look in the packet list? Surely it can only display the outer IP header with ESP/IPTFS protocol? We already have some issues to iron out with the much simpler case of IP over GRE (bug 3791 for example).
One idea, and it's just that, I haven't studied the issue in depth, would be using an IPTFS Cooked Capture DLT type.
On Tue, Jan 21, 2020 at 9:58 AM João Valverde <joao.valverde () tecnico ulisboa pt <mailto:joao.valverde () tecnico ulisboa pt>> wrote:By the way usually a tunnel encapsulates a single packet. I'm not aware of any other protocol multiplexing at the IP level. I would assume Wireshark requires some replumbing to handle that. Something like TFS being treated as a framing layer. Just food for thought. On 21/01/20 14:46, João Valverde wrote: > > > On 21/01/20 14:33, Christian Hopps wrote: >> So I've got a payload of packets in a single frame. I'm calling >> dissector_try_uint_new() to dissect each payload (typically IPv4 >> packets). Some of these packets are considered "malformed" by >> wireshark (e.g., created by scapy/trex with some bogus values). >> >> The problem I'm hitting is that the first malformed inner packet >> fails all the way out of my parent dissector, so it doesn't dissect >> any of the other packets in the payload. >> >> Another problem I'm having is that the IP sub-dissector is >> overwriting my source and destination addresses in the pinfo/tree >> (not sure which doesn't really matter). >> >> Summary: >> >> - How can I "catch" errors in a subdissector so I can call other >> sub-dissectors? > > Use TRY/CATCH (in epan/exceptions.h). > >> - How can I "block" sub-dissectors from overwriting my outer header >> information? > > I don't think you can. Maybe your IPTFS dissector can set it after the > sub-dissectors run. > >> >> Thanks, >> Chris. >> ___________________________________________________________________________ >> >> Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org>> >> Archives: https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-request () wireshark org <mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org>> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-request () wireshark org <mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org>> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org <mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list<wireshark-dev () wireshark org> Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe:https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- q on catching error in sub-dissectors. Christian Hopps (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. Jeff Morriss (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. Christian Hopps (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 22)
- Re: q on catching error in sub-dissectors. Christian Hopps (Jan 22)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 23)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. João Valverde (Jan 21)
- Re: q on catching error in sub-dissectors. Christian Hopps (Jan 21)