> On Jan 21, 2020, at 10:24 AM, Anders Broman via Wireshark-dev > <wireshark-dev@wireshark.org> wrote: > > > > -----Original Message----- > From: Wireshark-dev <wireshark-dev-boun...@wireshark.org> On Behalf Of João > Valverde > Sent: den 21 januari 2020 15:47 > To: wireshark-dev@wireshark.org > Subject: Re: [Wireshark-dev] q on catching error in sub-dissectors. > > > > On 21/01/20 14:33, Christian Hopps wrote: >> So I've got a payload of packets in a single frame. I'm calling >> dissector_try_uint_new() to dissect each payload (typically IPv4 packets). >> Some of these packets are considered "malformed" by wireshark (e.g., created >> by scapy/trex with some bogus values). >> >> The problem I'm hitting is that the first malformed inner packet fails all >> the way out of my parent dissector, so it doesn't dissect any of the other >> packets in the payload. >> >> Another problem I'm having is that the IP sub-dissector is overwriting my >> source and destination addresses in the pinfo/tree (not sure which doesn't >> really matter). >> >> Summary: >> >> - How can I "catch" errors in a subdissector so I can call other >> sub-dissectors? > > Use TRY/CATCH (in epan/exceptions.h).
Worked! > >> - How can I "block" sub-dissectors from overwriting my outer header >> information? > > I don't think you can. Maybe your IPTFS dissector can set it after the > sub-dissectors run. > > Not sure how you want it, there is col_set_fence() So I saved all the pinfo address and port info prior to calling sub-dissectors, then restored them, then I called col_fill_in(). This worked. Thanks, Chris. > >> >> Thanks, >> Chris. >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> Archives: https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >> >> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe