This is our old Q&A Site. Please post any new questions and answers at


I'm writing a dissector right now, and I want it to verify that incoming packets are the right length. Is there a way I can throw a malformed packet exception once I find out that the packet isn't the right size? I already have code that checks if the size is correct, I just don't know how to throw the exception, and Google has only brought me to people with questions about why their packets are being marked as malformed.

I was looking at the THROW() function but there was nothing for malformed packet exceptions. Any advice?

asked 06 Jul '15, 06:37

broccollirob's gravatar image

accept rate: 0%

edited 06 Jul '15, 06:38

If you encounter a situation which cannot be handled by the dissector, you could use the DISSECTOR_ASSERT family of macros which are defined in epan/proto.h:


Most of the time however you want to dissect as much as possible and let the proto_tree_* functions (such as proto_tree_add_item) throw exceptions if the bounds are violated. This reduces clutter in your code.

If you can fully dissect a packet, but would like to notify the user of protocol violations, then it is recommended to use Expert Info. See for more information and the doc/packet-PROTOABBREV.c file for an example.

permanent link

answered 06 Jul '15, 08:37

Lekensteyn's gravatar image

accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 06 Jul '15, 06:37

question was seen: 2,264 times

last updated: 06 Jul '15, 08:37

p​o​w​e​r​e​d by O​S​Q​A