Wireshark-bugs: [Wireshark-bugs] [Bug 2103] TCP dissector fail to handle heuristic dissectors fo
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2103
did447@xxxxxxxxx changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |did447@xxxxxxxxx
------- Comment #5 from did447@xxxxxxxxx 2007-12-14 20:54 GMT -------
(In reply to comment #4)
> Interesting solution. I would like the TCP dissector specialists to have a good
> look at this one.
>
I
I wouldn't call myself an expert but:
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
Looks like a winner, it seems to work for me and it also closes bug 1124.
But I'm not sure about:
return length_remaining - fixed_len;
and the heuristic stuff because either there's not enough data for the
heuristic and it must reject the packet or it has already found it's a COT
stream and then the heuristic function shouldn't be called anymore.
I.e.:
void
proto_reg_handoff_foo(void)
{
heur_dissector_add("tcp", dissect_foo_heur, proto_foo);
foo_handle = create_dissector_handle(dissect_foo, proto_foo);
dissector_add("tcp.port", 0, foo_handle);
}
With:
static void dissect_foo()
{
tcp_dissect_pdus(tvb, pinfo, tree);
}
static gboolean dissect_foo_heur()
{
conversation_t *conv;
if (!foo()) {
/* not a foo packet */
return FALSE;
}
conv = find_conversation()
if (NULL == conv) {
conv = conversation_new();
/* from here dissect_foo is called, TCP dissector should
deal with port reused by creating a new conv */
conversation_set_dissector(conv, foo_handle);
}
dissect_foo(tvb);
return TRUE;
}
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.