Wireshark · Wireshark-dev: Re: [Wireshark-dev] SVN revision 36640 and heuristic dissectors

Wireshark-dev: Re: [Wireshark-dev] SVN revision 36640 and heuristic dissectors

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Mon, 25 Oct 2010 11:12:42 -0400

Pascal Quantin wrote:

Hi,
since revision 34640, none of UDP heuristic dissectors I use (LTE-MAC,LTE-RLC or LTE-PDCP) work: all the frames are decoded as ADwinconfiguration protocol.
When looking at the code in function dissect_adwin_config() (filepacket-adwin-config.c), the heuristic seems a bit weak:
[...]
    length = tvb_reported_length(tvb);

    if (pinfo->ipproto == IP_PROTO_UDP &&
        ! (length == UDPStatusLENGTH
           || length == UDPExtStatusLENGTH
           || length == UDPMessageLENGTH
           || length == UDPMessageLENGTH_wrong
           || length == UDPInitAckLENGTH
           || length == UDPIXP425FlashUpdateLENGTH
           || length == UDPOutLENGTH))
        return (0);
[...]

Could it be possible to do something more robust ?


Oops, sorry.  We're discussing some stronger heuristics in bug 5324.

References:
- [Wireshark-dev] SVN revision 36640 and heuristic dissectors
  - From: Pascal Quantin

Prev by Date: [Wireshark-dev] SVN revision 36640 and heuristic dissectors
Next by Date: Re: [Wireshark-dev] SVN revision 34640 and heuristic dissectors
Previous by thread: [Wireshark-dev] SVN revision 36640 and heuristic dissectors
Next by thread: Re: [Wireshark-dev] SVN revision 36640 and heuristic dissectors
Index(es):
- Date
- Thread