I uploaded a patch to Gerrit that allows enabling/disabling of any heuristic dissector (https://code.wireshark.org/review/9508/). Some comments about the patch (others are welcome to add more): 1. Not sure how to best express the relationship between the "name" of the heuristic dissector and its "parent"/table name. For example, the AD-win Config protocol has a heuristic dissector that goes on top of TCP and UDP. Each instance (TCP or UDP) can be enabled/disabled separately. Requiring an individual name for each heuristic dissector sounds like a bit too much to ask. Right now they are slash (/) delimited in the GUI and comma delimited in the "disabled_heuristics" file. 2. These "preferences" are read right after the enable/disable protocols are read/applied. This seemed like a logical place for it (since I added support for enable/disable heuristics in disabled_protos.c), but I'm not sure how that effects the "general" protocol preferences. Both manipulate the same heuristic dissector list, so "last one would win". 3. I'd like to remove any individual dissector preferences that enable/disable a heuristic dissector (future patch) using the same logic/justification as Decode As. Not sure how to handle heuristic dissectors that should be off by default. heur_dissector_set_enabled(..., FALSE) can be used, but that won't be "overridden" (enabled) by the fact that the heuristic dissector ISN'T in the disabled heuristics file. 4. I understand the "feature" of enabling/disabling a (heuristic dissector) preference from the context menu, and that could be justification/argument for keeping it (the preference). Maybe just "appending" the context menu preferences for any protocol that has a heuristic dissector would be a good compromise?
-----Original Message----- From: Hadriel Kaplan <hadri...@yahoo.com> To: Developer support list for Wireshark <wireshark-dev@wireshark.org> Cc: mmann78 <mman...@netscape.net> Sent: Sat, Jul 4, 2015 2:38 pm Subject: Enabling/disabling ANY heuristic dissector Howdy, as part of the discussion for several recent bugs and gerrit changes to add preference settings for various protocols to enable/disable heuristic dissection, Michael Mann suggested we just provide a way to enabled/disable *any* heuristic dissector (i.e., for all of them, automagically in code). For example, by providing a similar thing as currently available for Protocols with the 'Analyze->Enabled Protocols' dialog. (well... available in Wireshark-GTK, not Qt yet) That seems like a really good idea to me. The only issue with it, other than having to inspect and possibly change ~200 files, is whether to remove the existing heuristic enable/disable preference settings for those protocols that provide one already. Doing so would break backwards-compatibility of existing preference files if the user had changed the default for a heuristic, and break any user script that starts Wireshark/tshark with the '-o’ command-line option to set a heuristic preference, and of course it would likely change the C-code dynamic plugin API (though that changes all the time). On the other hand, we’d be doing this for version 2.0 so such changes are defendable. And keeping them would be very confusing. And we have removed preference settings in the past, though probably not in such a large number (~40 preference settings). Does anyone object to such a change? Or have a different idea? -hadriel
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
