Andy Howell wrote:
My dissector gets part way through a packet and then shows [ Malformed
Packet: mypacket ]
I tried doing a printf of the tvb_get_remaining()
Which failed, because there's no such routine as "tvb_get_remaining()".
You presumably either meant "tvb_length_remaining()" or
"tvb_reported_length_remaining()"; which of the two did you use?
just after the last
item that was added. It reports I have 48 bytes left. The next thing I
do is tvb_get_ntohs, but since it never reaches the following statement,
I assume its generating an exception.
If "tvb_length_remaining(tvb, offset)" returns 48, then
"tvb_get_ntohs(tvb, offset)" should not generate an exception, and
neither should "tvb_get_ntohs(tvb, offset+46)" or any "tvb_get_ntohs()"
call with an offset in the range "offset" through "offset+46". A
"tvb_get_ntohs()" call with an offset larger than "offset+46" will, and
*should*, throw an exception.
If "tvb_reported_length_remaining(tvb, offset)" returns 48, then
"tvb_get_ntohs(tvb, offset)" can throw an exception - and, if it does,
it's because it *should* throw an exception. However, the exception it
throws should get the packet reported as a "Short frame", not a
"Malformed packet", because the problem it's reporting is that the
packet was captured with a snapshot length that didn't allow all of the
packet's data to be captured. (The fact that it causes an exception to
be thrown does *NOT* mean the dissector should use
"tvb_length_remaining()", so that no exception is thrown; the exception
here is a feature, not a bug, as it makes it clear to the user that they
do *NOT* have all of the data in the packet, and that if they need all
of the data in the packet they need a capture with a larger snapshot
length, so it means that the dissector should be using
"tvb_reported_length_remaining()".)