wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] SVN revision 36640 and heuris

Re: [Wireshark-dev] SVN revision 36640 and heuristic dissectors

From: Thomas Boehne <TBoehne_at_nospam>
Date: Tue Oct 26 2010 - 06:31:13 GMT
To: Pascal Quantin <pascal.quantin@gmail.com>

On 10/25/2010 05:05 PM, Pascal Quantin wrote:
> since revision 34640, none of UDP heuristic dissectors I use (LTE-MAC,
> LTE-RLC or LTE-PDCP) work: all the frames are decoded as ADwin
> configuration protocol.
>
> When looking at the code in function dissect_adwin_config() (file
> packet-adwin-config.c), the heuristic seems a bit weak:
> [...]
> length = tvb_reported_length(tvb);
>
> if (pinfo->ipproto == IP_PROTO_UDP &&
> ! (length == UDPStatusLENGTH
> || length == UDPExtStatusLENGTH
> || length == UDPMessageLENGTH
> || length == UDPMessageLENGTH_wrong
> || length == UDPInitAckLENGTH
> || length == UDPIXP425FlashUpdateLENGTH
> || length == UDPOutLENGTH))
> return (0);
> [...]
>
> Could it be possible to do something more robust ?

As discussed in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5324
I will improve the heuristic using MAC address filtering (the protocol
is almost exclusively used with the embedded device we built, and we
have two MAC address ranges used for those devices).

Can/should regressions like this one be automatically detected using
test.sh?

Best regards
Thomas Böhne

-- ************************************************************************** * Jäger Computergesteuerte Messtechnik GmbH * Thomas Böhne * Rheinstraße 2-4 * 64653 Lorsch, Germany * http://www.ADwin.de * Phone: +49 (6251) 9632-0 Fax: +49 (6251) 56819 ************************************************************************** * Responsible: C.E.O. Hubert Morgenstern * Commercial Register: Amtsgericht Bensheim, Register no.: B24717 ************************************************************************** ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe