wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: [Wireshark-dev] SVN revision 36640 and heuristic

[Wireshark-dev] SVN revision 36640 and heuristic dissectors

From: Pascal Quantin <pascal.quantin_at_nospam>
Date: Mon Oct 25 2010 - 15:05:51 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>, TBoehne@adwin.de

Hi,

since revision 34640, none of UDP heuristic dissectors I use (LTE-MAC,
LTE-RLC or LTE-PDCP) work: all the frames are decoded as ADwin configuration
protocol.

When looking at the code in function dissect_adwin_config() (file
packet-adwin-config.c), the heuristic seems a bit weak:
[...]
    length = tvb_reported_length(tvb);

    if (pinfo->ipproto == IP_PROTO_UDP &&
        ! (length == UDPStatusLENGTH
           || length == UDPExtStatusLENGTH
           || length == UDPMessageLENGTH
           || length == UDPMessageLENGTH_wrong
           || length == UDPInitAckLENGTH
           || length == UDPIXP425FlashUpdateLENGTH
           || length == UDPOutLENGTH))
        return (0);
[...]

Could it be possible to do something more robust ?

Regards,
Pascal.

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe