On Thu, May 24, 2012 at 12:29:58PM -0400, Tobias Weiss wrote:
> Jakub Zawadzki wrote on 05/24/2012 12:02:50 PM:
> > You can't. But you can check header before calling tcp_dissect_pdus().
> > But it'd be good to have some tcp_dissect_pdus_heur(), feel free to
> > write one :-)
>
> Ok, but it's not always possible to verify the header before
> tcp_dissect_pdus(),
tcp_dissect_pdus() splits one big tvb into smaller ones. No big magic.
So it should be possible to write something like:
bool dissect_heur(tvb, pinfo, tree)
{
offset = 0;
while (tvb_reported_length_remaining(tvb, offset) > minimal_packet_len) {
if (!valid_header)
return FALSE;
offset += your_proto_get_pdu_len(pinfo, tvb, offset);
}
tcp_dissect_pdus(tvb, pinfo, tree, ..., your_proto_get_pdu_len, your_proto_dissect_pdu)
return TRUE;
}
It's better to copy whole tcp_dissect_pdus() semantic, that's why I proposed you to write
new function.
> but what should I do if I can? Currently I'm calling expert_add_info_* and return without doing anything.
> But in this case the user does not even see a warning as long as he does not open the Expert
> Info window.
Well if it's heurestic dissector just return, if it's not you probably don't need to test it :)
