Wireshark-dev: [Wireshark-dev] Heuristic dissector conflict
From: "Shah, Sachin" <[email protected]>
Date: Thu, 18 Oct 2007 18:19:14 -0700
I have two different ethereal plugins which are registered on top of
"tcp" by 

packet-xxx.c
...
heur_dissector_add("tcp", dissect_xxx, proto_xxx); /* in
proto_reg_handoff_xxx(void) method */
...

packet-yyy.c
...
heur_dissector_add("tcp", dissect_yyy, proto_yyy); /* in
proto_reg_handoff_yyy(void) method */
...

These two plugins have completely different signature, so they are very
easy to differentiate. Following is snippet from dissect_*** methods of
each:

>From packet-xxx.c
s1 = tvb_get_guint8(tvb, 0);
if (s1 != 0x01 && s1 != 0x02 && s1 != 0x03)
	return;

>From packet-yyy.c
s1 = tvb_get_guint8(tvb, 0);
s2 = tvb_get_guint8(tvb, 1);
if(s1 != 0x55)
	return;
if(s2 != 0x55)
	return;

Now my question is when I have both the plugins enabled in ethereal
(v0.10.12), I see that "xxx" packets are dissected correctly, but "yyy"
packets just show up as "TCP" packets only and there is no dissection in
effect?! Is there anything special needs to be done to capture this kind
of scenario?

I will appreciate your response.

Thanks,
Sachin