Hi,
While working on refactoring the SSL dissector[1], I noticed that
expert_add_info_format(pinfo, NULL, ...) does not add an expert item to the
tree view. In the case of the SSL dissector, the NULL should be replaced by
the proto item to which the message is related, but with pi = NULL, an item
should still be added somewhere, right? See attached capture. It should add
an expert warning with "Cipher suite length (1) must be a multiple of 2".
Note that in the current implementation, a text label is also added.
This is probably a bug, but the documentation says this:
/** Add an expert info.
Add an expert info tree to a protocol item, using registered expert info
item,
but with a formatted message.
@param pinfo Packet info of the currently processed packet. May be NULL if
pi is supplied
@param pi Current protocol item (or NULL)
@param eiindex The registered expert info item
@param format Printf-style format string for additional arguments
*/
WS_DLL_PUBLIC void
expert_add_info_format(packet_info *pinfo, proto_item *pi, expert_field
*eiindex,
const char *format, ...) G_GNUC_PRINTF(4, 5);
I have confirmed (via a gdb breakpoint) that pinfo is never NULL. Any idea
what is going on here?
Kind regards,
Peter
https://lekensteyn.nl
[1]: https://code.wireshark.org/review/3021/Attachment:
bad.pcapng
Description: Binary data
