That worked. Sorry for the newbie question, I just started working on this new ethereal plugin and one of them was already implemented by someone else and I just took that one as a template. Looks like packet-acn.c is a good template for a heuristic dissector.
Thanks again. Sachin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris Sent: Friday, October 19, 2007 11:39 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Heuristic dissector conflict Shah, Sachin wrote: > Thanks for your response. I am using ethereal 0.10.12 for these plugins You should probably update to a later release; the current release of the application formerly known as Ethereal and now known as Wireshark is 0.99.6. > and the signature expected for "dissect_???" method is "static void > dissect_???(tvbuff_t*, packet_info*, proto_tree*)", The signature expected for *non-heuristic* dissectors is the signature you describe. The signature expected for *heuristic* dissectors has a return value of gboolean, and that has been the case since the very first release that supported heuristic dissectors (which happened so long ago that I forgot whether I was the person who added the heuristic dissector mechanism or not :-)). > so I don't think "return FALSE" will work for me. A dissector that doesn't return a Boolean value is not a heuristic dissector (and a dissector that always returns TRUE is a heuristic dissector with no heuristic :-)), so if you want your dissectors to be heuristic, *NOT* doing "return FALSE" in at least one place in the dissector will not work for you. > I looked at the packet-acn.c and it doesn't seem to use > "heur_dissector_add()", but it does call "find_dissector("ip")" to get > ip_handle, but it doesn't use the ip_handle anywhere. Am I missing > something there? Yes, you're missing the latest version of Ethereal/Wireshark. Try looking at the packet-acn.c in 0.99.6. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
