Thanks for your response. I am using ethereal 0.10.12 for these plugins
and the signature expected for "dissect_???" method is "static void
dissect_???(tvbuff_t*, packet_info*, proto_tree*)", so I don't think
"return FALSE" will work for me.
I looked at the packet-acn.c and it doesn't seem to use
"heur_dissector_add()", but it does call "find_dissector("ip")" to get
ip_handle, but it doesn't use the ip_handle anywhere. Am I missing
something there?
Thanks,
Sachin
Shah, Sachin wrote:
>
> These two plugins have completely different signature, so they are
very
> easy to differentiate. Following is snippet from dissect_*** methods
of
> each:
>
>>From packet-xxx.c
> s1 = tvb_get_guint8(tvb, 0);
> if (s1 != 0x01 && s1 != 0x02 && s1 != 0x03)
> return;
>
>>From packet-yyy.c
> s1 = tvb_get_guint8(tvb, 0);
> s2 = tvb_get_guint8(tvb, 1);
> if(s1 != 0x55)
> return;
> if(s2 != 0x55)
> return;
>
At the very least you need to:
return FALSE;
if the heuristic fails.
(Note that packet-??? should have been defined as "static gboolean ..."
See (for example) packet-acn.c for an example of a heuristic dissector.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev