Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SVN revision 36640 and heuristic dissectors

From: Thomas Boehne <TBoehne () ADwin de>
Date: Tue, 26 Oct 2010 08:31:13 +0200
On 10/25/2010 05:05 PM, Pascal Quantin wrote:

since revision 34640, none of UDP heuristic dissectors I use (LTE-MAC,
LTE-RLC or LTE-PDCP) work: all the frames are decoded as ADwin
configuration protocol.

When looking at the code in function dissect_adwin_config() (file
packet-adwin-config.c), the heuristic seems a bit weak:
[...]
    length = tvb_reported_length(tvb);

    if (pinfo->ipproto == IP_PROTO_UDP &&
        ! (length == UDPStatusLENGTH
           || length == UDPExtStatusLENGTH
           || length == UDPMessageLENGTH
           || length == UDPMessageLENGTH_wrong
           || length == UDPInitAckLENGTH
           || length == UDPIXP425FlashUpdateLENGTH
           || length == UDPOutLENGTH))
        return (0);
[...]

Could it be possible to do something more robust ?


As discussed in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5324
I will improve the heuristic using MAC address filtering (the protocol
is almost exclusively used with the embedded device we built, and we
have two MAC address ranges used for those devices).

Can/should regressions like this one be automatically detected using
test.sh?

Best regards
Thomas Böhne

-- 
**************************************************************************
* Jäger Computergesteuerte Messtechnik GmbH
* Thomas Böhne
* Rheinstraße 2-4
* 64653 Lorsch, Germany
* http://www.ADwin.de
* Phone: +49 (6251) 9632-0                  Fax: +49 (6251) 56819
**************************************************************************
* Responsible: C.E.O. Hubert Morgenstern
* Commercial Register: Amtsgericht Bensheim, Register no.: B24717
**************************************************************************
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: