Wireshark · Wireshark-dev: Re: [Wireshark-dev] catching [Malformed Packet]

Wireshark-dev: Re: [Wireshark-dev] catching [Malformed Packet]

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Sat, 24 Sep 2011 12:09:12 -0700

On Sep 24, 2011, at 9:58 AM, Chris Maynard wrote:

> Roland Knall <rknall@...> writes:
> 
>> On a similar topic, how can you mark a package as malformed?
>> Especially generated packages often fail the openSAFETY dissector, and
>> marking them as malformed seems to make sense in such cases.
> 
> Many dissectors make use of the expert infos for this.

...which is the right way to do it.  Doing it by throwing an exception makes errors such as "malformed because field XXX is too short" indistinguishable from "malformed because the packet is missing data at the end", and also means you stop dissecting at that point.

Follow-Ups:
- Re: [Wireshark-dev] catching [Malformed Packet]
  - From: Roland Knall

References:
- [Wireshark-dev] catching [Malformed Packet]
  - From: mmann78
- Re: [Wireshark-dev] catching [Malformed Packet]
  - From: Chris Maynard
- Re: [Wireshark-dev] catching [Malformed Packet]
  - From: Roland Knall
- Re: [Wireshark-dev] catching [Malformed Packet]
  - From: Chris Maynard

Prev by Date: Re: [Wireshark-dev] catching [Malformed Packet]
Next by Date: Re: [Wireshark-dev] catching [Malformed Packet]
Previous by thread: Re: [Wireshark-dev] catching [Malformed Packet]
Next by thread: Re: [Wireshark-dev] catching [Malformed Packet]
Index(es):
- Date
- Thread