I have a dissector written with ASN1. At some point in the packet I have a D-BL-ACK element with the following structure:
D-BL-ACK ::= SEQUENCE
{
nr INTEGER(0..1),
tl-sdu D-MLE-PDU
}
In a frame there can be many PDUs.
The problem is that the D-BL-ACK doesn’t always have a tl-sdu. So the packets that does have a tl-sdu the dissector is decoding well and in the packets that don’t have a tl-sdu, it crashes as it is expecting that field and says Malformed Packet in the tree (The tvb of the PDU is overflowing). After crashing, it stops decoding that packet even if there are more PDUs to decode in that packet.
The only way to know if there is or not a tl-sdu is to see if there are any more bits in the PDU.
I would like to know if there is any way I can tell it to keep on decoding the next PDU in the frame even if it crashes in the previous one.
The D-BL-ACK element is not modified yet in the CNF file.
The autogenerated code of the dissector is:
static const per_sequence_t D_BL_ACK_sequence[] = {
{ &hf_tetra_nr , ASN1_NO_EXTENSIONS , ASN1_NOT_OPTIONAL, dissect_tetra_INTEGER_0_1 },
{ &hf_tetra_tl_sdu_01, ASN1_NO_EXTENSIONS , ASN1_NOT_OPTIONAL, dissect_tetra_D_MLE_PDU },
{ NULL, 0, 0, NULL }
};
static int
dissect_tetra_D_BL_ACK(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
ett_tetra_D_BL_ACK, D_BL_ACK_sequence);
return offset;
}
Thanks in advance
D-BL-ACK ::= SEQUENCE
{
nr INTEGER(0..1),
tl-sdu D-MLE-PDU OPTIONAL
}
So even before modifying Wireshark, the real question is: how do you know that this field is present or not? Is there a typo error in the ASN.1 definition used to generate the dissector (missing OPTIONAL argument), or is there a trick allowing to skip this field (even if this would be a not valid ASN.1 encoding)?
- References:
- [Wireshark-dev] Keep decoding malformed packet
- From: Victor Xiang
- [Wireshark-dev] Keep decoding malformed packet
- Prev by Date: [Wireshark-dev] Keep decoding malformed packet
- Next by Date: [Wireshark-dev] Usage of make-version.pl
- Previous by thread: [Wireshark-dev] Keep decoding malformed packet
- Next by thread: [Wireshark-dev] Usage of make-version.pl
- Index(es):