Wireshark · Wireshark-dev: Re: [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector

Wireshark-dev: Re: [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector

From: "Bill Florac" <bill.florac@xxxxxxxxxxxxxx>

Date: Fri, 27 Oct 2006 03:09:16 -0500

The ACN protocol is not port specific so it must rely on heuristics to determine if the packet is an ACN packet or not which it already does.
 
Here is the proto_register_handoff_acn function:  I change the create_dissector_handle to the new_ variant but that is all (so far)
 
proto_reg_handoff_acn(void)
{
  static guint Initialized = FALSE;
  static dissector_handle_t acn_handle;
  if (!Initialized) {
    acn_handle = new_create_dissector_handle(dissect_acn, proto_acn);
    Initialized = TRUE;
  }
  heur_dissector_add("udp", dissect_acn_heur, proto_acn);
  dissector_add("udp.port", global_acn_port, acn_handle);
}

The dissect_acn() function does NOT have code to determine if it is ACN. I had assumed once you enable heuristic, the function dissect_acn() would not be called but rather dissect_acn_heur(). Which, in turn, calls dissect_acn().  Is this the correct setup?
 
Bill
 

________________________________

From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Jeff Morriss
Sent: Wed 10/25/2006 5:00 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector




> We do suffer in wireshark from port collissions due to the number of
> protocols we support.
> So a port number is not really enough for us to identify a protocol.
> Can you make dissect_acn() do some heuristics and return FALSE if it
> didnt really look like ACN in the first place?
> This would reduce the probability for false ACN dissection for those
> users that have set an ACN port and forgotten about it.
> I.e. make dissect_acn() a new style dissector that can refuse the
> packet by returning FALSE and return TRUE meaning : yes this was one
> of mine and i did dissect it.

I did this once a while ago and found figuring out how to actually make
a dissector into a "new style" dissector wasn't all that easy, mainly
because I couldn't find which (of the hundreds) of dissectors did it
already so I didn't know where to look for an example and the
README.developer didn't contain any info about it.

So, for your reference, grep for "new_create_dissector_handle" to find
such a dissector and copy from there.

One day if I have more than a few seconds of spare time I'll submit a
patch against README.developer, but no luck so far...

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

<<winmail.dat>>

Follow-Ups:
- Re: [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector
  - From: Bill Florac

References:
- [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector
  - From: Bill Florac
- Re: [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector
  - From: ronnie sahlberg
- Re: [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector
  - From: Bill Florac
- Re: [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector
  - From: ronnie sahlberg
- Re: [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector
  - From: Jeff Morriss

Prev by Date: Re: [Wireshark-dev] Pending stuff for 0.99.4
Next by Date: [Wireshark-dev] [PATCH] IEEE 802.11e support
Previous by thread: Re: [Wireshark-dev] new style dissectors (Was: Source code for ACN (ANSI BSR E1.17) Dissector)
Next by thread: Re: [Wireshark-dev] Source code for ACN (ANSI BSR E1.17) Dissector
Index(es):
- Date
- Thread