Wireshark mailing list archives
Heuristic ethernet payloads
From: Evan Huus <eapache () gmail com>
Date: Wed, 27 Mar 2013 08:15:46 -0400
The ethernet dissector currently has a heuristic table called "eth" that passes off the entire packet (including the ethernet header, if any) which is a bit confusing. As per bug #8522 we seem to have need of a heuristic table for the general ethernet payload (without the ethernet header bytes), however ethernet payload dissection seems to be fairly hard-coded at the moment; the dissector handles are called directly in most cases. Do we want to just stick another heuristic table into the middle of the current code or is there a better way of handling everything that's currently there? Should the existing table be perhaps named "pre-eth" or something slightly more indicative of what it is? I would kind of want to call the payload heuristic table "eth"... Thanks, Evan https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8522 ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Heuristic ethernet payloads Evan Huus (Mar 27)
- Re: Heuristic ethernet payloads Guy Harris (Mar 27)