Wireshark-bugs: [Wireshark-bugs] [Bug 5767] Create a BitTorrent DHT dissector for wireshark
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5767
--- Comment #31 from Xiao Xiangquan <xiaoxiangquan@xxxxxxxxx> 2011-11-15 21:14:31 PST ---
Hi,
I've submitted a new patch here at[1]. It solves some of these problems. But
the heuristic is still simple. I'll go on fixing it.
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5767
(In reply to comment #30)
> Some comments:
>
> packet-bt-dht:
>
> In the following code:
>
> if( tvb_get_guint8(tvb,0)=='d' )
> {
> conversation = find_or_create_conversation(pinfo);
> conversation_set_dissector(conversation, bt_dht_handle);
>
> ...
> }
>
> a. The heuristic is much too simple:
> Please add some additional checks;
>
> b. bt_dht_handle value is NULL (i.e.: never set) so the call to
> conversation_set_dissector() won't do as intended.
>
> I'm guessing that the handle should be initialized to reference
> dissect_bt_dht() but I'll let you confirm and fix.
>
> Note: I see the exact same issues in packet-bt-utp.c
>
> ==============
>
> > BT-DHT and BT-uTP always share the same UDP port, and their default port are
> > the same, too. It seems that BT-uTP is at front of BT-DHT in the dissectors
> > list.
>
> The order of dissectors in the dissector list is *NOT* guaranteed.
>
> > We should use "Decode as..." to force it to dissect as BT-DHT, or some
> > modifications should be applied to BT-uTP to let it give up dissection in some
> > conditions.
>
> Using the exact same simple heuristic for both dissectors should be fixed.
> Is there not some way to improve the heuristic to differentiate between the two
> (and to make the heuristic stronger to reduce "false positives" ?.
> .
> Note that "give up dissection" is not an appropraite strategy since the order
> of calling the heuristic dissectors is not guaranteed.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.