https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4822
Michael Mann <mmann78@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mmann78@xxxxxxxxxxxx
--- Comment #3 from Michael Mann <mmann78@xxxxxxxxxxxx> 2012-08-20 11:31:07 PDT ---
I understand the Foundation Fieldbus being an "old style" dissector, but isn't
it being a bit aggresive with the "conversation setting" within dissect_ff_udp?
Isn't that functionality handled within the UDP dissector (with the rules from
comment #1) and gives other protocols at least "some" chance at dissection
without disabling the FF protocol or using Decode As?
Would it be okay to add simple checks like length field in header must match
packet (tvb) length? There are probably a good handful of protocols that have
a 32-bit length at offset byte 8 into the message, but it would allow at least
some other protocols the opportunity at dissection.
I ran into this same problem, but with another protocol so I was looking to
strengthen the "heuristics" of the FF dissector to not always take port 1089 if
a packet doesn't roughly fit the FF format.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
