Wireshark-dev: Re: [Wireshark-dev] Is there a try ... finally structure for handling exceptions
You can certainly define any exception you want, and use it within your dissector.
There is also proto_tree_add_debug_text() for adding arbitrary text to proto_tree, as debug info.
Is that what you are looking for?
Gilbert
On Sun, Jun 10, 2012 at 9:06 PM, Richard Sharpe
<realrichardsharpe@xxxxxxxxx> wrote:
Hi,
I have a capture that contains an SMB NT TRANS SET SEC DESCRIPTOR request.
The SMB request is spread across multiple TCP segments (ethernet
frames all), but because of heuristic dissector weirdness with respect
to NetBIOS PDUs, the segments are not reassembled. (However, in the
real world, we might not have captured some of the subsequent packets
anyway.)
This screws up the dissection of the SD because the self-relative SD
format has a series of pointers to the various portions (Owner SID,
Group SID, SACL and DACL), but the Owner SID and Group SID come last,
typically with the DACL being first.
Because it is logical to place the Owner SID and Group SID first in
the tree, these are dissected first, but will throw exceptions because
some or all of them is not available in this case. This causes the
whole SD to be undissected and it shows up as "Unreassembled Packet:
SMB" in the dissection.
What I would rather do is wrap the dissection of each of the Owner and
Group SIDs in a try ... finally block and insert messages about them
not being available so we can try to dissect more of the information
that is actually there (ie, the DACL.)
Of course, I will also investigate why the whole SMB request has not
been reassembled.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe