Wireshark mailing list archives
Re: Heuristic Dissector Priority
From: Evan Huus <eapache () gmail com>
Date: Mon, 22 Apr 2013 12:22:18 -0400
On Mon, Apr 22, 2013 at 12:11 PM, Richard Maudsley < richard.maudsley () powwownow com> wrote:
My plugin registers a UDP heuristic dissector which handles several protocols multiplexed on the same port. This is working fine, except that one of the built-in Wireshark dissectors is picking up packets before I get a chance to see them and blocks my dissector from running, even though I would be able to return TRUE from the dissector procedure and handle the packet.****
If the dissector is incorrectly picking up the packet (ie it thinks it contains protocol X, but it doesn't) then file a bug against the heuristic used. If the dissector is correctly picking up the packet (ie the packet actually contains protocol X) then why does your plugin need to handle it? Presumably whatever you need to do can be done by improving the existing dissector or by using a tap.
At first I started looking for some sort of priority setting (a simple integer precedence on the dissector would have made sense), but it doesn’t look like such a thing exists. Then I started looking into more complicated solutions, such as disabling the offending dissector, allowing my dissector to run, and invoking it afterwards as a sub-dissector.****
I'm a bit confused by this - are you wrapping an existing protocol in some special header, but the existing heuristic is skipping the header and jumping straight to the payload? Cheers, Evan
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Heuristic Dissector Priority Richard Maudsley (Apr 22)
- Re: Heuristic Dissector Priority Evan Huus (Apr 22)
- Re: Heuristic Dissector Priority Richard Maudsley (Apr 22)
- Re: Heuristic Dissector Priority Evan Huus (Apr 22)
- Re: Heuristic Dissector Priority Richard Maudsley (Apr 22)
- Re: Heuristic Dissector Priority Evan Huus (Apr 22)