Wireshark-dev: Re: [Wireshark-dev] Is there a try ... finally structure for handling exceptions
On Mon, Jun 11, 2012 at 8:38 AM, Gilbert Ramirez <gram@xxxxxxxxxxxxxxx> wrote:
> You can certainly define any exception you want, and use it within your
> dissector.
>
> There is also proto_tree_add_debug_text() for adding arbitrary text to
> proto_tree, as debug info.
>
> Is that what you are looking for?
Actually, I found the TRY, CATCH, ENDTRY etc stuff, which is
essentially what I want.
There are two problems I am trying to deal with:
1. If an SMB PDU cannot be reassembled (for whatever reason) and it
contains an SD that extends beyond the reassembled bytes, packet-smb.c
and packet-windows-common simply punt. This is because, for very
logical reasons it wants to put the Owner and Group SIDs in the tree
first, but these are at the end of the SD area on the wire.
I have managed to teach dissect_nt_sec_desc and friends how to handle
exceptions and thus try to put as much as they have into the tree,
however, I still do not yet see the (incomplete) Security Descriptor
show up in the tree. It looks like there might be another exception
happening that is unwinding/removing the stuff I thought was going
into the tree. What I see is an "Unreassembled Packet (Exception
occurred)" entry, which gives me a hint now that I think about it.
2. The way in which a TCP segment that is also part of an SMB PDU is
handled at the SMB/NetBIOS level is sometimes problematic. I have seen
this at times in the past. I have a capture where nothing has been
dropped in the region of interest but the first tcp segment is
correctly dissected as an SMB packet, while the very next TCP segment
(sequence number is correct an immediately after last sequence number
of the previous segment) is treated as an NetBIOS Session Service
request because the first four bytes look like of an NBSS packet.
This problem will require some thinking about to solve ...
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)