Wireshark-dev: Re: [Wireshark-dev] Warn Dissector bug, protocol CPFI, in packet 167: packet-cpf
From: Jeff Morriss <[email protected]>
Date: Tue, 02 Oct 2007 10:49:03 -0400

Toralf Förster wrote:
I got that msg with current svn version with the packet attached at this mail.
[I'd suggest opening bugs for this kind of thing so they don't get lost.]

CPFI registers for UDP ports 5000 and 5001 which aren't IANA registered for that protocol. I changed the CPFI dissector to be a "new style" dissector to try to avoid false positives.
With that change this packet still shows up as a CPFI packet.  It fails 
the assertion because it's a Linux Cooked Capture which does not contain 
the Ethernet addresses (but the dissector requires them).  So I further 
changed the dissector so if there are no MAC addresses, it assumes it 
can't be CPFI and returns 0.  (I'm not sure that's the best way to do 
it, but...)