Wireshark-dev: Re: [Wireshark-dev] Overriding existing RPC-TCP heuristic dissector with another
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Shehjar Tikoo <shehjart@xxxxxxxxxxxxxxx>
Date: Fri, 02 Feb 2007 10:31:09 +1100
Hi

Jaap Keuter wrote:

The solution is to improve the heuristics until they can figure out
which dissector is the correct one.


I need to ensure that my RPC/NFS dissector runs before the default one.
The problem is, even if I get the heuristics right(..which is, basically
asking for all NFS traffic..), there no guarantee that my heuristic dissector will get the packets before the default one. 

I was thinking of writing a small preferences based override inside
dissect_rpc_tcp_heur(..) in packet-rpc.c which calls my dissector if the preference is set. This check would be done before the: 
	
	switch (dissect_rpc_tcp_common(tvb, pinfo, tree, TRUE)) {

		.....
		.....
	}

Is that a way to go?



Thanks
Shehjar



I am writing a RPC over TCP heuristic dissector but the RPC
dissector(in packet-rpc.c) also registers a heuristic RPC over TCP
dissector.

It is possible that the packet my heuristic dissector needs, gets
routed to the existing dissector.
From the list archives I see discussions about overriding regular dissectors with heuristic dissectors( using 
tcp.try_heuristic_first) but how can I override an existing
heuristic dissector with another one.