Wireshark-dev: Re: [Wireshark-dev] Stop dissection in get_pdu_len
From: Bill Meier <[email protected]>
Date: Thu, 24 May 2012 12:24:15 -0400
On 5/24/2012 12:02 PM, Jakub Zawadzki wrote:

On Thu, May 24, 2012 at 11:35:34AM -0400, Tobias Weiss wrote:
I'm using tcp_dissect_pdus() to reassemble packets in my dissector. One of
my functions will calculate the length of the real message based on a
header with a fixed length (get_pdu_len function pointer). But what is the
best way to stop the dissection in get_pdu_len if I figured out that the
header is invalid? I could just return 0 which would result in a call to
show_reported_bounds_error(), but is that the best way to report the error?
You can't. But you can check header before calling tcp_dissect_pdus().
But it'd be good to have some tcp_dissect_pdus_heur(), feel free to write one :-)


Just return 0 from the get_pdu_len() function.

AFAIK your dissector will then be called with a TVB containing (at least) the header and you can then do an "expert" (or whatever) ....