Wireshark-dev: Re: [Wireshark-dev] DISSECTOR_ASSERT vs. expert_add_info vs. MALFORMED packets
From: Jaap Keuter <[email protected]>
Date: Tue, 10 Jun 2008 23:30:16 +0200

The intention is to have Wireshark accept and process every network packet it gets tossed. Still it's software written by humans, so certain cases aren't handled. To cover these problems an exception mechanism was created. The DISSECTOR_ASSERT() and MALFORMED clauses are really for exceptions.
The proper way to guide users to detected problems is the expert info system.
Using the correct severity level, group and text gives the user the right amount of hints (color coded packet detail line, indicator in status bar [development version] and entry in expert info overview|details).
If you must, you can always add text to the tree_item, or in the info column.


[email protected] wrote:
In order to better help the end user reading captures, I'm trying to set hints, when decoding problems arise, due to packet data.

My first attempt was using DISSECTOR_ASSERT(), but this causes a 'bug in dissector'. After reading a thread the dev-archive, this is apparently by design, but about 50% of the DISSECTOR_ASSERT() code lines I came across are to catch somewhat expected data errors.
As suggested there, I switched to expert_add_info, but with the result, that my packets are not marked MALFORMED, which I think is a pity.

And the suggested Macro DISSECTOR_VERIFY_DATA is not written yet.

The other suggested workaround to ask for a silly amount of data, does not really sound the way I'd like to go.

- Is there a 'best practice' to MALFORMED PACKETS without 'bug in dissector'?

- In case nobody is working on 'DISSECTOR_VERIFY_DATA' yet, I'm willing to contribute code, but so far only worked on a dissector for a while. In addition I am not really an exception handler specialist, and I guess, this is pretty core code. A rough hint of what would need to be done could maybe get me started.