Thanks for your advises, I will check if I can find a way to do heuristic dissecting.
[mailto:[email protected]] Im
Auftrag von Maynard, Chris
At first glance, packet-eth.c seems to have heuristic support, but it doesn't appear to work, at least not how I expected it to. For example, originally for the WOL dissector, I registered as I do for UDP, namely:
heur_dissector_add("eth", dissect_wol, proto_wol);
But registering it that way didn't work for me, so it's been changed to:
dissector_add("ethertype", ETHERTYPE_WOL, wol_handle);
I didn't dig too deeply into why it failed since I had a reasonable alternative, but I suppose I should have. It now seems to me to be a bug in packet-eth.c, but I'm not entirely sure, based on the comments in the code.
First, compare the way a dissector like packet-udp.c tries the heuristic dissectors, using the "next_tvb":
next_tvb = tvb_new_subset(tvb, offset, len, reported_len);
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree))
Now look at how packet-eth.c does it:
(dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, parent_tree))
Notice that there's no "next_tvb". I assumed that this was intentional when I looked at it before, but now I'm not so sure. A bug? It now sure looks like it to me. I couldn't find any other dissectors that try to heuristically register to "eth" as I tried above. Perhaps because it doesn't work? If it is a bug, then once that's corrected, then that would be the better way to register both WOL and the original poster's dissector - heuristically.
[email protected] on behalf of Stephen Fisher
Nov 12, 2007 at 12:37:10PM -0500, Maynard, Chris wrote:
Hilscher Gesellschaft fur Systemautomation mbH
- Prev by Date: Re: [Wireshark-dev] Is there a good way of handling "per pdu" info ?
- Next by Date: Re: [Wireshark-dev] PortableApps Wireshark feedback
- Previous by thread: Re: [Wireshark-dev] Register dissector to MAC address
- Next by thread: [Wireshark-dev] SQL-interface