Wireshark-dev: Re: [Wireshark-dev] Heuristic dissector conflict

From: "Shah, Sachin" <sachins@xxxxxxxxxxxx>
Date: Fri, 19 Oct 2007 11:14:25 -0700
Thanks for your response. I am using ethereal 0.10.12 for these plugins
and the signature expected for "dissect_???" method is "static void
dissect_???(tvbuff_t*, packet_info*, proto_tree*)", so I don't think
"return FALSE" will work for me.

I looked at the packet-acn.c and it doesn't seem to use
"heur_dissector_add()", but it does call "find_dissector("ip")" to get
ip_handle, but it doesn't use the ip_handle anywhere. Am I missing
something there?

Thanks,
Sachin

Shah, Sachin wrote:
> 
> These two plugins have completely different signature, so they are
very
> easy to differentiate. Following is snippet from dissect_*** methods
of
> each:
> 
>>From packet-xxx.c
> s1 = tvb_get_guint8(tvb, 0);
> if (s1 != 0x01 && s1 != 0x02 && s1 != 0x03)
> 	return;
> 
>>From packet-yyy.c
> s1 = tvb_get_guint8(tvb, 0);
> s2 = tvb_get_guint8(tvb, 1);
> if(s1 != 0x55)
> 	return;
> if(s2 != 0x55)
> 	return;
> 

At the very least you need to:

      return FALSE;

if the heuristic fails.

(Note that packet-???  should have been defined as "static gboolean ..."

See (for example) packet-acn.c for an example of a heuristic dissector.









_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev