Wireshark-dev: Re: [Wireshark-dev] Stop dissection in get_pdu_len
From: Bill Meier <[email protected]>
Date: Thu, 24 May 2012 12:34:28 -0400
On 5/24/2012 12:24 PM, Bill Meier wrote:
On 5/24/2012 12:02 PM, Jakub Zawadzki wrote:

On Thu, May 24, 2012 at 11:35:34AM -0400, Tobias Weiss wrote:
I'm using tcp_dissect_pdus() to reassemble packets in my dissector.
One of
my functions will calculate the length of the real message based on a
header with a fixed length (get_pdu_len function pointer). But what
is the
best way to stop the dissection in get_pdu_len if I figured out that the
header is invalid? I could just return 0 which would result in a call to
show_reported_bounds_error(), but is that the best way to report the
You can't. But you can check header before calling tcp_dissect_pdus().
But it'd be good to have some tcp_dissect_pdus_heur(), feel free to
write one :-)


Just return 0 from the get_pdu_len() function.

AFAIK your dissector will then be called with a TVB containing (at
least) the header and you can then do an "expert" (or whatever) ....

Oops: You are correct: returning 0 causes a "reported_bounds_error".

A quick look at the code suggests that returning the "fixed length" (i.e., the header length) should result in the dissector being called with just the header.