Re: Stop dissection in get_pdu_len

[Jakub Zawadzki <darkjames-ws () darkjames pl>]

On Thu, May 24, 2012 at 12:29:58PM -0400, Tobias Weiss wrote:
> Jakub Zawadzki wrote on 05/24/2012 12:02:50 PM:
> > You can't. But you can check header before calling tcp_dissect_pdus().
> > But it'd be good to have some tcp_dissect_pdus_heur(), feel free to
> > write one :-)
>
> Ok, but it's not always possible to verify the header before
> tcp_dissect_pdus(), 

tcp_dissect_pdus() splits one big tvb into smaller ones. No big magic.
So it should be possible to write something like:

bool dissect_heur(tvb, pinfo, tree)
{
  offset = 0;
  while (tvb_reported_length_remaining(tvb, offset) > minimal_packet_len) {
     if (!valid_header)
           return FALSE;

     offset += your_proto_get_pdu_len(pinfo, tvb, offset);
  }
  tcp_dissect_pdus(tvb, pinfo, tree, ..., your_proto_get_pdu_len, your_proto_dissect_pdu)
  return TRUE;
}

It's better to copy whole tcp_dissect_pdus() semantic, that's why I proposed you to write 
new function.

> but what should I do if I can? Currently  I'm calling expert_add_info_* and return without doing anything. 
> But in this case the user does not even see a warning as long as he does not open the Expert
> Info window.

Well if it's heurestic dissector just return, if it's not you probably don't need to test it :)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe