diff options
author | Gerald Combs <gerald@wireshark.org> | 2005-04-11 01:57:00 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2005-04-11 01:57:00 +0000 |
commit | c9be421b16d2b981b6f2ad010c81387b1a72bac0 (patch) | |
tree | dc74e1393e69e1e49af0a1f31d32db0470cad422 | |
parent | 018cde2a41c5780baf759e372d3cc6787fd0449d (diff) |
Add a note about testing to the "Robustness" section.
svn path=/trunk/; revision=14050
-rw-r--r-- | doc/README.developer | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/README.developer b/doc/README.developer index 29419a2e0e..02db4f4266 100644 --- a/doc/README.developer +++ b/doc/README.developer @@ -424,6 +424,21 @@ intended for. This function is one of the main causes of security problems like buffer exploits and many other bugs that are very hard to find. It's much better to use the g_snprintf() function declared by <glib.h> instead. +You should test your dissector against incorrectly-formed packets. This +can be done using the randpkt and editcap utilities that come with the +Ethereal distribution. Testing using randpkt can be done by generating +output at the same layer as your protocol, and forcing Ethereal/Tethereal +to decode it as your protocol, e.g. if your protocol sits on top of UDP: + + randpkt -c 50000 -t dns randpkt.pcap + tethereal -nVr randpkt.pcap -d udp.port==53,<myproto> + +Testing using editcap can be done using preexisting capture files and the +"-E" flag, which introduces errors in a capture file. E.g.: + + editcap -E 0.03 infile.pcap outfile.pcap + tethereal -nVr outfile.pcap + 1.1.3 Name convention. Ethereal uses the underscore_convention rather than the InterCapConvention for |