Wireshark-dev: Re: [Wireshark-dev] Heuristic dissector conflict
From: "Shah, Sachin" <[email protected]>
Date: Fri, 19 Oct 2007 11:14:25 -0700
Thanks for your response. I am using ethereal 0.10.12 for these plugins
and the signature expected for "dissect_???" method is "static void
dissect_???(tvbuff_t*, packet_info*, proto_tree*)", so I don't think
"return FALSE" will work for me.

I looked at the packet-acn.c and it doesn't seem to use
"heur_dissector_add()", but it does call "find_dissector("ip")" to get
ip_handle, but it doesn't use the ip_handle anywhere. Am I missing
something there?


Shah, Sachin wrote:
> These two plugins have completely different signature, so they are
> easy to differentiate. Following is snippet from dissect_*** methods
> each:
>>From packet-xxx.c
> s1 = tvb_get_guint8(tvb, 0);
> if (s1 != 0x01 && s1 != 0x02 && s1 != 0x03)
> 	return;
>>From packet-yyy.c
> s1 = tvb_get_guint8(tvb, 0);
> s2 = tvb_get_guint8(tvb, 1);
> if(s1 != 0x55)
> 	return;
> if(s2 != 0x55)
> 	return;

At the very least you need to:

      return FALSE;

if the heuristic fails.

(Note that packet-???  should have been defined as "static gboolean ..."

See (for example) packet-acn.c for an example of a heuristic dissector.

Wireshark-dev mailing list
[email protected]