Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] DISSECTOR_ASSERT vs. expert_add_info vs. MALFORMED packets

Date: Tue, 10 Jun 2008 22:07:56 +0200
In order to better help the end user reading captures, I'm trying to set hints, when decoding problems arise, due to packet data.

My first attempt was using DISSECTOR_ASSERT(), but this causes a 'bug in dissector'. After reading a thread the dev-archive, this is apparently by design, but about 50% of the DISSECTOR_ASSERT() code lines I came across are to catch somewhat expected data errors. 

As suggested there, I switched to expert_add_info, but with the result, that my packets are not marked MALFORMED, which I think is a pity.

And the suggested Macro DISSECTOR_VERIFY_DATA is not written yet.

The other suggested workaround to ask for a silly amount of data, does not really sound the way I'd like to go.


- Is there a 'best practice' to MALFORMED PACKETS without 'bug in dissector'?

- In case nobody is working on 'DISSECTOR_VERIFY_DATA' yet, I'm willing to contribute code, but so far only worked on a dissector for a while. In addition I am not really an exception handler specialist, and I guess, this is pretty core code. A rough hint of what would need to be done could maybe get me started.

Regards
David