Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 26904: /trunk/plugins/unistim/ /trun
Log:
From Don Newton:
Set default port of Unistim back to 5000; The Unistim dissector is made a heuristic dissector.
Comment from the original code:
/* Don't set this to 5000 until this dissector is made a heuristic
one! static guint global_unistim_port = 5000;
It collides (at least) with tapa. */
It appears to me that, strictly speaking, the rev 26904 change does not
convert the unistim dissector to a heuristic dissector but to to a "new
style" dissector (with some heuristic tests).
In any case, since dissector_add is still used to register port 50000 on
udp.port, the collision with tapa (as well as some other dissectors)
still exists.
I could make the change to actually register the dissector as a
heuristic one instead (via heur_dissector_add).
However, the just added heuristic seems quite minimal:
Either [0,1] in the first byte or [2],[0-3,ff] in the first two bytes
seems to me to be a rather weak heuristic.
Would adding a check for port 5000 (or whatever from the pref) as part
of the heuristic make the heuristic "strong enough" ?
If it's not possible to strengthen the heuristic, I'm inclined to revert
this change given various previous EMails & etc on this subject.
Comments (or am I missing something) ??
