On 5/24/2012 12:24 PM, Bill Meier wrote:
On 5/24/2012 12:02 PM, Jakub Zawadzki wrote:
Hi,
On Thu, May 24, 2012 at 11:35:34AM -0400, Tobias Weiss wrote:
I'm using tcp_dissect_pdus() to reassemble packets in my dissector.
One of
my functions will calculate the length of the real message based on a
header with a fixed length (get_pdu_len function pointer). But what
is the
best way to stop the dissection in get_pdu_len if I figured out that the
header is invalid? I could just return 0 which would result in a call to
show_reported_bounds_error(), but is that the best way to report the
error?
You can't. But you can check header before calling tcp_dissect_pdus().
But it'd be good to have some tcp_dissect_pdus_heur(), feel free to
write one :-)
Or:
Just return 0 from the get_pdu_len() function.
AFAIK your dissector will then be called with a TVB containing (at
least) the header and you can then do an "expert" (or whatever) ....
Oops: You are correct: returning 0 causes a "reported_bounds_error".
A quick look at the code suggests that returning the "fixed length"
(i.e., the header length) should result in the dissector being called
with just the header.
