This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello,

I'm writing a dissector right now, and I want it to verify that incoming packets are the right length. Is there a way I can throw a malformed packet exception once I find out that the packet isn't the right size? I already have code that checks if the size is correct, I just don't know how to throw the exception, and Google has only brought me to people with questions about why their packets are being marked as malformed.

I was looking at the THROW() function but there was nothing for malformed packet exceptions. Any advice?

asked 06 Jul '15, 06:37

broccollirob's gravatar image

broccollirob
754411
accept rate: 0%

edited 06 Jul '15, 06:38


If you encounter a situation which cannot be handled by the dissector, you could use the DISSECTOR_ASSERT family of macros which are defined in epan/proto.h:

DISSECTOR_ASSERT(size >= 4);

Most of the time however you want to dissect as much as possible and let the proto_tree_* functions (such as proto_tree_add_item) throw exceptions if the bounds are violated. This reduces clutter in your code.

If you can fully dissect a packet, but would like to notify the user of protocol violations, then it is recommended to use Expert Info. See https://wiki.wireshark.org/Development/ExpertInfo for more information and the doc/packet-PROTOABBREV.c file for an example.

permanent link

answered 06 Jul '15, 08:37

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×637
×47
×7

question asked: 06 Jul '15, 06:37

question was seen: 1,997 times

last updated: 06 Jul '15, 08:37

p​o​w​e​r​e​d by O​S​Q​A