Wireshark mailing list archives

Re: How to stop dissection in middle of malformed packet?

From: Dmitry Lazurkin <dilaz03 () gmail com>
Date: Wed, 16 Nov 2016 23:51:18 +0300

Thank you for reply.

After return dissection function continue parsing rest of packet. Ithink this is not good.


PS. Question about dissection of kafka strings, bytes and arrays.


On 11/16/2016 11:29 PM, Alexis La Goutte wrote:

Hi,

You need to add a expert info and return

There is already check on proto_tree_add_* function to detectmalformed value (and automally return)


Cheers

On Wed, Nov 16, 2016 at 5:57 PM, Dmitry Lazurkin <dilaz03 () gmail com<mailto:dilaz03 () gmail com>> wrote:


    Hello.

    I read packet header and try to read string length and string
    data. But
    string length field has illegal value. I add expert info. But how to
    stop dissection after adding expert info? I can not dissect rest of
    packet at this point. I can return error code from this function, but
    calling tree may be too big. May be exists more graceful solution?
    Something like exceptions in C++.

    PS. I found DISSECTOR_VERIFY_DATA in mailing lists, but it is not
    implemented in source code.


    ___________________________________________________________________________
    Sent via:    Wireshark-dev mailing list
    <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org>>
    Archives: https://www.wireshark.org/lists/wireshark-dev
    <https://www.wireshark.org/lists/wireshark-dev>
    Unsubscribe:
    https://www.wireshark.org/mailman/options/wireshark-dev
    <https://www.wireshark.org/mailman/options/wireshark-dev>
                 mailto:wireshark-dev-request () wireshark org
    <mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

How to stop dissection in middle of malformed packet? Dmitry Lazurkin (Nov 16)
- Re: How to stop dissection in middle of malformed packet? Alexis La Goutte (Nov 16)
  - Re: How to stop dissection in middle of malformed packet? Dmitry Lazurkin (Nov 16)
    - Re: How to stop dissection in middle of malformed packet? Pascal Quantin (Nov 16)
    - Re: How to stop dissection in middle of malformed packet? Dmitry Lazurkin (Nov 16)