Wireshark mailing list archives
Re: SVN revision 34640 and heuristic dissectors
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Mon, 25 Oct 2010 13:18:15 -0400
Pascal Quantin wrote:
Hi 2010/10/25 Pascal Quantin <pascal.quantin () gmail com <mailto:pascal.quantin () gmail com>> Hi, 2010/10/25 Jeff Morriss <jeff.morriss.ws <http://jeff.morriss.ws>@gmail.com <http://gmail.com>> Pascal Quantin wrote: > Hi, > > since revision 34640, none of UDP heuristic dissectors I use (LTE-MAC, > LTE-RLC or LTE-PDCP) work: all the frames are decoded as ADwin > configuration protocol. > > When looking at the code in function dissect_adwin_config() (file > packet-adwin-config.c), the heuristic seems a bit weak: > [...] > length = tvb_reported_length(tvb); > > if (pinfo->ipproto == IP_PROTO_UDP && > ! (length == UDPStatusLENGTH > || length == UDPExtStatusLENGTH > || length == UDPMessageLENGTH > || length == UDPMessageLENGTH_wrong > || length == UDPInitAckLENGTH > || length == UDPIXP425FlashUpdateLENGTH > || length == UDPOutLENGTH)) > return (0); > [...] > > Could it be possible to do something more robust ? Oops, sorry. We're discussing some stronger heuristics in bug 5324. While you iterate on it, would it be possible to add a preference (off by default) stating whether the ADwin heuristic dissectors are activated or not (like what is done in packet-mac-lte.c for example) ? Having a second look at the code, it's even worse than what I first thought. Any pinfo->ipproto different from IP_PROTO_UDP or IP_PROTO_TCP will be intercepted by the ADwin dissector. Adding something like: if (pinfo->ipproto != IP_PROTO_UDP && pinfo->ipproto != IP_PROTO_TCP) return (0); Solved the issue on my side.
Checked in rev 34644, thanks! ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: SVN revision 34640 and heuristic dissectors Pascal Quantin (Oct 25)
- Re: SVN revision 34640 and heuristic dissectors Pascal Quantin (Oct 25)
- Re: SVN revision 34640 and heuristic dissectors Jeff Morriss (Oct 25)
- Re: SVN revision 34640 and heuristic dissectors Pascal Quantin (Oct 25)