Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Heuristic dissector conflict

From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Thu, 18 Oct 2007 21:41:22 -0400
Shah, Sachin wrote:

These two plugins have completely different signature, so they are very
easy to differentiate. Following is snippet from dissect_*** methods of
each:

From packet-xxx.c
s1 = tvb_get_guint8(tvb, 0);
if (s1 != 0x01 && s1 != 0x02 && s1 != 0x03)
	return;

From packet-yyy.c
s1 = tvb_get_guint8(tvb, 0);
s2 = tvb_get_guint8(tvb, 1);
if(s1 != 0x55)
	return;
if(s2 != 0x55)
	return;


At the very least you need to:

     return FALSE;

if the heuristic fails.

(Note that packet-???  should have been defined as "static gboolean ..."

See (for example) packet-acn.c for an example of a heuristic dissector.