On Sat, Sep 24, 2011 at 9:09 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Sep 24, 2011, at 9:58 AM, Chris Maynard wrote:
>
>> Roland Knall <rknall@...> writes:
>>
>>> On a similar topic, how can you mark a package as malformed?
>>> Especially generated packages often fail the openSAFETY dissector, and
>>> marking them as malformed seems to make sense in such cases.
>>
>> Many dissectors make use of the expert infos for this.
>
> ...which is the right way to do it. Doing it by throwing an exception makes errors such as "malformed because field XXX is too short" indistinguishable from "malformed because the packet is missing data at the end", and also means you stop dissecting at that point.
That is the reason I am asking. I have quite a few assertions in my
code now, and although they do the trick, the right way should be
malformed in any of these cases.
I will update my code now, and provide a patch for the opensafety
dissector, as soon as I am done.
Roland
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
