Wireshark-bugs: [Wireshark-bugs] [Bug 2103] TCP dissector fail to handle heuristic dissectors fo
Date: Fri, 14 Dec 2007 20:54:24 +0000 (GMT)

[email protected] changed:

           What    |Removed                     |Added
                 CC|                            |[email protected]

------- Comment #5 from [email protected]  2007-12-14 20:54 GMT -------
(In reply to comment #4)
> Interesting solution. I would like the TCP dissector specialists to have a good
> look at this one.
I wouldn't call myself an expert but:
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
Looks like a winner, it seems to work for me and it also closes bug 1124.

But I'm not sure about:
return length_remaining - fixed_len;
and the heuristic stuff because either there's not enough data for the
heuristic and it must reject the packet or it has already found it's a COT
stream and then the heuristic function shouldn't be called anymore.


  heur_dissector_add("tcp", dissect_foo_heur, proto_foo);
  foo_handle = create_dissector_handle(dissect_foo, proto_foo);
  dissector_add("tcp.port", 0, foo_handle);


static void dissect_foo()
  tcp_dissect_pdus(tvb, pinfo, tree);

static gboolean dissect_foo_heur()
    conversation_t *conv;

    if (!foo()) {
        /* not a foo packet */
        return FALSE;

    conv = find_conversation()

    if (NULL == conv) {
        conv = conversation_new();
        /* from here dissect_foo is called, TCP dissector should
           deal with port reused by creating a new conv */
        conversation_set_dissector(conv, foo_handle);
    return TRUE;

Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.