Hello all,
the attached patch adds a new preference to the tcp-dissector.
You can decide, if you want the tcp dissector looking for a matching
heuristic subdissector before looking for a registered port or the other
way round. Last one is default, so the actual mechanism won't change
without setting the new preference.
I created this preference, because I sometimes have q931-over-tpkt
packets running over a registered port of another protocol. I may
deactivate those protocols to get rid of mismatches , when I use
ethereal, but I also use tethereal for postprocessing large files, where
I cannot deactivate protocols.
This preference is a quite smart solution for my problem.
If this is OK, please check in.
Best regards,
Lars Roland
Index: ethereal/packet-tcp.c
===================================================================
RCS file: /cvsroot/ethereal/packet-tcp.c,v
retrieving revision 1.199
diff -u -r1.199 packet-tcp.c
--- ethereal/packet-tcp.c 16 Jul 2003 00:04:21 -0000 1.199
+++ ethereal/packet-tcp.c 17 Jul 2003 19:55:26 -0000
@@ -1995,6 +1995,8 @@
/* separated into a stand alone routine to other protocol dissectors */
/* can call to it, ie. socks */
+static gboolean try_heuristic_first = FALSE;
+
void
decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, int src_port, int dst_port, guint32 nxtseq)
@@ -2019,6 +2021,12 @@
src_port, dst_port, next_tvb, pinfo, tree))
goto end_decode_tcp_ports;
+ if (try_heuristic_first == TRUE) {
+ /* do lookup with the heuristic subdissector table */
+ if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree))
+ goto end_decode_tcp_ports;
+ }
+
/* Do lookups with the subdissector table.
We try the port number with the lower value first, followed by the
port number with the higher value. This means that, for packets
@@ -2049,10 +2057,11 @@
dissector_try_port(subdissector_table, high_port, next_tvb, pinfo, tree))
goto end_decode_tcp_ports;
- /* do lookup with the heuristic subdissector table */
- if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree))
- goto end_decode_tcp_ports;
-
+ if (try_heuristic_first == FALSE) {
+ /* do lookup with the heuristic subdissector table */
+ if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree))
+ goto end_decode_tcp_ports;
+ }
/* Oh, well, we don't know this; dissect it as data. */
call_dissector(data_handle,next_tvb, pinfo, tree);
@@ -2734,6 +2743,10 @@
"Use relative sequence numbers",
"Make the TCP dissector use relative sequence numbers instead of absolute ones. To use this option you must also enable \"Analyze TCP sequence numbers\".",
&tcp_relative_seq);
+ prefs_register_bool_preference(tcp_module, "try_heuristic_first",
+ "Try heuristic sub-dissectors first",
+ "Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port",
+ &try_heuristic_first);
register_init_routine(tcp_analyze_seq_init);
register_init_routine(tcp_desegment_init);
