Wireshark-dev: Re: [Wireshark-dev] Heuristic dissector conflict
From: Bill Meier <[email protected]>
Date: Thu, 18 Oct 2007 21:41:22 -0400
Shah, Sachin wrote:
These two plugins have completely different signature, so they are very
easy to differentiate. Following is snippet from dissect_*** methods of

From packet-xxx.c
s1 = tvb_get_guint8(tvb, 0);
if (s1 != 0x01 && s1 != 0x02 && s1 != 0x03)

From packet-yyy.c
s1 = tvb_get_guint8(tvb, 0);
s2 = tvb_get_guint8(tvb, 1);
if(s1 != 0x55)
if(s2 != 0x55)

At the very least you need to:

     return FALSE;

if the heuristic fails.

(Note that packet-???  should have been defined as "static gboolean ..."

See (for example) packet-acn.c for an example of a heuristic dissector.