Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] SVN revision 34640 and heuristic dissectors

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Mon, 25 Oct 2010 17:19:13 +0200
Hi,

2010/10/25 Jeff Morriss <jeff.morriss.ws@gmail.com>
Pascal Quantin wrote:
> Hi,
>
> since revision 34640, none of UDP heuristic dissectors I use (LTE-MAC,
> LTE-RLC or LTE-PDCP) work: all the frames are decoded as ADwin
> configuration protocol.
>
> When looking at the code in function dissect_adwin_config() (file
> packet-adwin-config.c), the heuristic seems a bit weak:
> [...]
>     length = tvb_reported_length(tvb);
>
>     if (pinfo->ipproto == IP_PROTO_UDP &&
>         ! (length == UDPStatusLENGTH
>            || length == UDPExtStatusLENGTH
>            || length == UDPMessageLENGTH
>            || length == UDPMessageLENGTH_wrong
>            || length == UDPInitAckLENGTH
>            || length == UDPIXP425FlashUpdateLENGTH
>            || length == UDPOutLENGTH))
>         return (0);
> [...]
>
> Could it be possible to do something more robust ?

Oops, sorry.  We're discussing some stronger heuristics in bug 5324.

While you iterate on it, would it be possible to add a preference (off by default) stating whether the ADwin heuristic dissectors are activated or not (like what is done in packet-mac-lte.c for example) ?

Regards,
Pascal.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube