Re: How to avoid dissection based on port defined by a different dissector?

[Christopher Maynard <Chris.Maynard () gtech com>]

Stephen Fisher <steve@...> writes:

> > In addition to Christopher Maynard's suggestions, the surest way to 
> > fix it is to make both dissectors "new-style" so that they verify that 
> > the traffic on the port they're registered on (3503) is the right 
> > traffic they're expecting and kick it back to Wireshark so that 
> > another dissector can be tried....
>
> I forgot to write:
>
> ... if it isn't the right protocol for that dissector

The problem I have with this is that 3503 is registered to MPLS Echo so that
dissector shouldn't have to be changed to essentially become a heuristic one to
accommodate this port-stealing protocol.  It's essentially the same situation as
for bug 1946.  (See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1946) 
We ought to be able to rely on registered ports being reserved for data
applicable to the protocols intended to run atop those ports.  Granted 3503 is
not a so-called "well-known" port, so it differs a little bit from the DNS
situation, but it's basically the same thing.  If we accept this situation, then
potentially we have a lot of dissectors to convert to new-style, and that might
be a lot of work, depending on how extensive the heuristics get.  And then you
can always run into the case when the heuristics fail anyway.  (I say
potentially because I haven't tried to count how many dissectors would be
affected.  I suspect a lot though.)

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe