Thanks for your advises, I will check if I can find a way to do heuristic dissecting.
Holger ________________________________ Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Maynard, Chris Gesendet: Montag, 12. November 2007 23:13 An: Developer support list for Wireshark Betreff: RE: [Wireshark-dev] Register dissector to MAC address At first glance, packet-eth.c seems to have heuristic support, but it doesn't appear to work, at least not how I expected it to. For example, originally for the WOL dissector, I registered as I do for UDP, namely: heur_dissector_add("eth", dissect_wol, proto_wol); But registering it that way didn't work for me, so it's been changed to: dissector_add("ethertype", ETHERTYPE_WOL, wol_handle); I didn't dig too deeply into why it failed since I had a reasonable alternative, but I suppose I should have. It now seems to me to be a bug in packet-eth.c, but I'm not entirely sure, based on the comments in the code. First, compare the way a dissector like packet-udp.c tries the heuristic dissectors, using the "next_tvb": next_tvb = tvb_new_subset(tvb, offset, len, reported_len); if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree)) Now look at how packet-eth.c does it: if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, parent_tree)) goto end_of_eth; Notice that there's no "next_tvb". I assumed that this was intentional when I looked at it before, but now I'm not so sure. A bug? It now sure looks like it to me. I couldn't find any other dissectors that try to heuristically register to "eth" as I tried above. Perhaps because it doesn't work? If it is a bug, then once that's corrected, then that would be the better way to register both WOL and the original poster's dissector - heuristically. - Chris ________________________________ From: [EMAIL PROTECTED] on behalf of Stephen Fisher Sent: Mon 11/12/2007 12:50 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Register dissector to MAC address On Mon, Nov 12, 2007 at 12:37:10PM -0500, Maynard, Chris wrote: > Can anyone think of a reason NOT to add heuristic dissection support > to packet-eth.c? Or does anyone have a better/alternate way to solve > this? My first thought is that the original poster's dissector could be a heuristic that checks against the MAC address when deciding whether to acccept the packet or not. Does this need changes to packet-eth.c? I'm not sure, but could find out by researching the code a bit. Steve _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev Hilscher Gesellschaft fur Systemautomation mbH Rheinstr. 15, 65795 Hattersheim Sitz der Gesellschaft: Hattersheim Geschaftsfuhrer: Hans-Jurgen Hilscher Registergericht: Amtsgericht Frankfurt/Main Handelsregister: Frankfurt B 26873 www.hilscher.com
_______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
