Home page logo
/

wireshark logo Wireshark mailing list archives

Re: [Wireshark-commits] master 04c39bb: Add Lua heuristic dissector support
From: Hadriel Kaplan <hadriel.kaplan () oracle com>
Date: Fri, 14 Mar 2014 18:03:11 -0400


On Mar 14, 2014, at 5:06 PM, Bill Meier <wmeier () newsguy com> wrote:


Re;

 doc/README.heuristic          |   10 +--


+     * but ONLY do this if your heuristic sits directly on top of UDP
       or TCP (ie, you did heur_dissector
+     * otherwise you'll be overriding the dissector that called your
       heuristic dissector.


I think this is not correct. There is at least one "transport" protocol other than TCP & UDP (i.e., DCCP) which 
currently has a heuristic table and calls 'try_conversation()' and thus heuristic sub-dissectors can use 
conversation_set_dissector().

Right - sorry, I was being too specific.


How about the something like following wording:

... but only do this if your heuristic sits directly on top of
   (was called by) a dissector which established a conversation
   for the protocol "port type". IOW: directly over TCP, UDP, ...


Sounds good. I'll submit it shortly if no one objects.

-hadriel

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault