Wireshark mailing list archives
Re: Is there a try ... finally structure for handling exceptions in dissectors?
From: Gilbert Ramirez <gram () alumni rice edu>
Date: Mon, 11 Jun 2012 08:38:41 -0700
You can certainly define any exception you want, and use it within your dissector. There is also proto_tree_add_debug_text() for adding arbitrary text to proto_tree, as debug info. Is that what you are looking for? Gilbert On Sun, Jun 10, 2012 at 9:06 PM, Richard Sharpe <realrichardsharpe () gmail com
wrote:
Hi, I have a capture that contains an SMB NT TRANS SET SEC DESCRIPTOR request. The SMB request is spread across multiple TCP segments (ethernet frames all), but because of heuristic dissector weirdness with respect to NetBIOS PDUs, the segments are not reassembled. (However, in the real world, we might not have captured some of the subsequent packets anyway.) This screws up the dissection of the SD because the self-relative SD format has a series of pointers to the various portions (Owner SID, Group SID, SACL and DACL), but the Owner SID and Group SID come last, typically with the DACL being first. Because it is logical to place the Owner SID and Group SID first in the tree, these are dissected first, but will throw exceptions because some or all of them is not available in this case. This causes the whole SD to be undissected and it shows up as "Unreassembled Packet: SMB" in the dissection. What I would rather do is wrap the dissection of each of the Owner and Group SIDs in a try ... finally block and insert messages about them not being available so we can try to dissect more of the information that is actually there (ie, the DACL.) Of course, I will also investigate why the whole SMB request has not been reassembled. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Is there a try ... finally structure for handling exceptions in dissectors? Richard Sharpe (Jun 10)
- Re: Is there a try ... finally structure for handling exceptions in dissectors? Gilbert Ramirez (Jun 11)
- Re: Is there a try ... finally structure for handling exceptions in dissectors? Richard Sharpe (Jun 11)
- Re: Is there a try ... finally structure for handling exceptions in dissectors? Gilbert Ramirez (Jun 11)