Hi
Jaap Keuter wrote:
The solution is to improve the heuristics until they can figure out
which dissector is the correct one.
I need to ensure that my RPC/NFS dissector runs before the default one.
The problem is, even if I get the heuristics right(..which is, basically
asking for all NFS traffic..), there no guarantee that my heuristic
dissector will get the packets before the default one.
I was thinking of writing a small preferences based override inside
dissect_rpc_tcp_heur(..) in packet-rpc.c which calls my dissector if the
preference is set. This check would be done before the:
switch (dissect_rpc_tcp_common(tvb, pinfo, tree, TRUE)) {
.....
.....
}
Is that a way to go?
Thanks
Shehjar
I am writing a RPC over TCP heuristic dissector but the RPC
dissector(in packet-rpc.c) also registers a heuristic RPC over TCP
dissector.
It is possible that the packet my heuristic dissector needs, gets
routed to the existing dissector.
From the list archives I see discussions about overriding regular
dissectors with heuristic dissectors( using
tcp.try_heuristic_first) but how can I override an existing
heuristic dissector with another one.
