Re: catching [Malformed Packet]

[Roland Knall <rknall () gmail com>]

On Sat, Sep 24, 2011 at 9:09 PM, Guy Harris <guy () alum mit edu> wrote:
> On Sep 24, 2011, at 9:58 AM, Chris Maynard wrote:
>
> > Roland Knall <rknall@...> writes:
> >
> > > On a similar topic, how can you mark a package as malformed?
> > > Especially generated packages often fail the openSAFETY dissector, and
> > > marking them as malformed seems to make sense in such cases.
> >
> > Many dissectors make use of the expert infos for this.
>
> ...which is the right way to do it.  Doing it by throwing an exception makes errors such as "malformed because field 
> XXX is too short" indistinguishable from "malformed because the packet is missing data at the end", and also means 
> you stop dissecting at that point.

That is the reason I am asking. I have quite a few assertions in my
code now, and although they do the trick, the right way should be
malformed in any of these cases.

I will update my code now, and provide a patch for the opensafety
dissector, as soon as I am done.

Roland

> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe