https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7061
--- Comment #16 from patrick.white@xxxxxxxxxxxxx 2012-04-18 15:39:06 PDT ---
(In reply to comment #15)
> Hi,
>
> This hunk seems suspicious:
> - if (first_byte != 0x20)
> + if (first_byte != 0x20 && first_byte != 0x30 )
> return FALSE;
>
Ya, it isn't elegant, but in the updated BFCP rfc the 4th bit is the "I" or
transaction-initiator. So now the options for the first byte are either 0x20 or
0x30. I was hacking to get this working.
> If hf_bfcp_payload is no more used, simply remove it:
> +// proto_tree_add_item(bfcp_tree, hf_bfcp_payload, tvb,
> +// BFCP_OFFSET_PAYLOAD, bfcp_payload_length,
> +// ENC_NA);
> Or should it be used to display the remaining bytes of the payload after
> analyzing the 2/3 first bytes?
That's a good idea. I can try to add that.
>
> If the protocol can run on UDP also, it's probably time to rename the
> dissection function:
> + heur_dissector_add ("udp", dissect_bfcp_tcp, proto_bfcp);
Ya, that makes sense. This is my first wireshark plugin dev, and was hacking
this pretty quick ( as I am at the IMTC SuperOp! right now doing a lot of bfcp
testing ). What do you recommend for the name?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
