Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 26904: /trunk/plugins/unistim/ /trunk/plugins/unistim/: packet-unistim.c

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 4 Dec 2008 00:20:25 +0100

Don,

Care to comment on this one?

Frankly I'm getting tired of going back and forth with this thing. Can't we sort it out once and for all?

Thanx,
Jaap

On 3 dec 2008, at 22:35, Bill Meier <wmeier@xxxxxxxxxxx> wrote:

Log:
From Don Newton:

Set default port of Unistim back to 5000; The Unistim dissector is made a heuristic dissector.

Comment from the original code:
/* Don't set this to 5000 until this dissector is made a heuristic
one!     static guint global_unistim_port = 5000;
       It collides (at least) with tapa. */

It appears to me that, strictly speaking, the rev 26904 change does not convert the unistim dissector to a heuristic dissector but to to a "new

style" dissector (with some heuristic tests).

In any case, since dissector_add is still used to register port 50000 on

udp.port, the collision with tapa (as well as some other dissectors)
still exists.


I could make the change to actually register the dissector as a
heuristic one instead (via heur_dissector_add).

However, the just added heuristic seems quite minimal:

 Either [0,1] in the first byte or [2],[0-3,ff] in the first two bytes
 seems to me to be a rather weak heuristic.

Would adding a check for port 5000 (or whatever from the pref) as part
of the heuristic make the heuristic "strong enough" ?

If it's not possible to strengthen the heuristic, I'm inclined to revert

this change given various previous EMails & etc on this subject.

Comments (or am I missing something) ??


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev