Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SVN revision 34640 and heuristic dissectors

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Mon, 25 Oct 2010 19:05:37 +0200
Hi

2010/10/25 Pascal Quantin <pascal.quantin () gmail com>


Hi,

2010/10/25 Jeff Morriss <jeff.morriss.ws () gmail com>


Pascal Quantin wrote:

Hi,

since revision 34640, none of UDP heuristic dissectors I use (LTE-MAC,
LTE-RLC or LTE-PDCP) work: all the frames are decoded as ADwin
configuration protocol.

When looking at the code in function dissect_adwin_config() (file
packet-adwin-config.c), the heuristic seems a bit weak:
[...]
    length = tvb_reported_length(tvb);

    if (pinfo->ipproto == IP_PROTO_UDP &&
        ! (length == UDPStatusLENGTH
           || length == UDPExtStatusLENGTH
           || length == UDPMessageLENGTH
           || length == UDPMessageLENGTH_wrong
           || length == UDPInitAckLENGTH
           || length == UDPIXP425FlashUpdateLENGTH
           || length == UDPOutLENGTH))
        return (0);
[...]

Could it be possible to do something more robust ?


Oops, sorry.  We're discussing some stronger heuristics in bug 5324.



While you iterate on it, would it be possible to add a preference (off by
default) stating whether the ADwin heuristic dissectors are activated or not
(like what is done in packet-mac-lte.c for example) ?



Having a second look at the code, it's even worse than what I first thought.
Any pinfo->ipproto different from IP_PROTO_UDP or IP_PROTO_TCP will be
intercepted by the ADwin dissector.

Adding something like:

    if (pinfo->ipproto != IP_PROTO_UDP && pinfo->ipproto != IP_PROTO_TCP)
        return (0);

Solved the issue on my side.

Regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: