On 02/22/14 19:15, Thomas Wiens wrote:
Hi,
I've written a wireshark dissector for communication between industrial
control systems, which come as payload of cotp packets.
But the packets are displayed as T.125 protocol, until I disable this
protocol in wireshark settings to get my own dissector working.
[...]
So the second check (reminescence to Douglas Adams?) with the magical 42
comes in:
(choice_index <=42)
The check is marked with a comment:
/* is this strong enough ? */
And I would answer: No, it is not.
I've taken a look into the relevant source file "packet-per.c", where
"choice_index" is the function parameter "val".
But "val" is several times calculated, shifted and so on, that I don't
know what value comes out.
Is there a possibilitiy to make the heuristic check of the T.125
protocol stronger?
Without knowing the protocol, I'd say there's almost always room for
improvement. Open a bug with a sample capture and see if someone can
figure out how to strengthen the check.
ps. you mentioned your dissector is hosted on sourceforge; would you
consider submitting it to Wireshark?
