On Nov 9, 2009, at 1:24 PM, J.C. Wren wrote:
My protocol payloads consists of one or more TLV (Type-Length-
Values) sequences. The dissector decodes the various TLVs. Values
represent various parameters to a commands. Right now if a value is
out of range, I use DISSECTOR_ASSERT() for the test. I know this
isn't the best way to do it, but I don't know what it is.
Put an "expert info" entry in, indicating that something's wrong with
the packet.
I do want to stop decoding the packet at this point, since it's
likely everything following it is munged.
Or not.
I would continue dissection, as you don't *know* that everything
following it is munged - it might just be a TLV for which you haven't
updated the dissector yet. That's what most dissectors do - whether
the add an "expert info" entry or not, they don't just stop
dissecting; generally, they only stop dissecting if it's *impossible*
to continue dissecting. If the T is invalid, you still have an L, so
just dissect the appropriate number of bytes as an opaque blob for an
unknown TLV and skip to what would be the next TLV. If the V is
invalid, just skip to the next TLV, again.
