Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 26904: /trunk/plugins/unistim/ /trunk/plugins/unistim/: packet-unistim.c
From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Wed, 03 Dec 2008 16:35:53 -0500
Log: From Don Newton: Set default port of Unistim back to 5000; The Unistim dissector is made a heuristic dissector.
Comment from the original code:/* Don't set this to 5000 until this dissector is made a heuristic one! static guint global_unistim_port = 5000;
It collides (at least) with tapa. */It appears to me that, strictly speaking, the rev 26904 change does not convert the unistim dissector to a heuristic dissector but to to a "new style" dissector (with some heuristic tests).
In any case, since dissector_add is still used to register port 50000 on udp.port, the collision with tapa (as well as some other dissectors) still exists.
I could make the change to actually register the dissector as a heuristic one instead (via heur_dissector_add).
However, the just added heuristic seems quite minimal: Either [0,1] in the first byte or [2],[0-3,ff] in the first two bytes seems to me to be a rather weak heuristic.Would adding a check for port 5000 (or whatever from the pref) as part of the heuristic make the heuristic "strong enough" ?
If it's not possible to strengthen the heuristic, I'm inclined to revert this change given various previous EMails & etc on this subject.
Comments (or am I missing something) ??
- Follow-Ups:
- Prev by Date: Re: [Wireshark-dev] Crash on Edit > Preferences
- Next by Date: Re: [Wireshark-dev] Crash on Edit > Preferences
- Previous by thread: Re: [Wireshark-dev] Crash on Edit > Preferences
- Next by thread: Re: [Wireshark-dev] [Wireshark-commits] rev 26904: /trunk/plugins/unistim/ /trunk/plugins/unistim/: packet-unistim.c
- Index(es):