Wireshark mailing list archives
Re: Correct way of adding a HTTP subdissector on port 80 with no content type?
From: Tarjei Knapstad <tarjei.knapstad () gmail com>
Date: Tue, 20 Jul 2010 11:03:32 +0200
2010/7/19 Stig Bjørlykke <stig () bjorlykke org>:
On Mon, Jul 19, 2010 at 4:39 PM, Tarjei Knapstad <tarjei.knapstad () gmail com> wrote:However, my dissector (or heurisic dissector) never gets called in any of these cases.What happens if you disable the http dissector?
Disabling the HTTP dissector didn't work. I stepped through the code, and it seems like this is what happens: - The TCP dissector calls dissector_try_port() on port 80 which is the low port (packet-tcp.c:2858) - dissector_try_port_new() does a lookup in the dissector table and (presumably) finds the HTTP dissector - call_dissector_work() determines that the protocol isn't enabled and returns 0 - dissector_try_port_new() in turn returns false. the documentation here says (packet.c:913): /* If the packet was rejected, we return FALSE, so that * other dissectors might have a chance to dissect this * packet, otherwise we return TRUE. */ ...but I don't see where this is supposed to happen. The disabled protocol does not get removed from the subdissector table, and the TCP dissector makes no further attempts at calling subdissectors if the first call fails. Should this be considered a bug? I even tried calling dissector_reset("tcp.port", 80); before adding my own dissector in the handoff routine (and made sure the handoff for my protocol is called after all the others, see my earlier post on that issue: http://www.wireshark.org/lists/wireshark-dev/201007/msg00142.html)
Or remove port 80 from the http preferences?
This didn't work either. The dissector_add call from my dissector handoff function goes through fine (stepped through this in gdb again), but when the TCP dissector performs a lookup in the subdissector table later, a null pointer is returned (I verified that the subdissector table where my dissector gets added and the one where lookup is performed is the same). Why this lookup fails is still a mystery to me, looking into it now. Regards, Tarjei ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Correct way of adding a HTTP subdissector on port 80 with no content type? Tarjei Knapstad (Jul 19)
- Re: Correct way of adding a HTTP subdissector on port 80 with no content type? Tarjei Knapstad (Jul 19)
- Re: Correct way of adding a HTTP subdissector on port 80 with no content type? Guy Harris (Jul 20)
- Re: Correct way of adding a HTTP subdissector on port 80 with no content type? Tarjei Knapstad (Jul 20)
- Re: Correct way of adding a HTTP subdissector on port 80 with no content type? Guy Harris (Jul 20)
- Re: Correct way of adding a HTTP subdissector on port 80 with no content type? Stig Bjørlykke (Jul 19)
- Re: Correct way of adding a HTTP subdissector on port 80 with no content type? Tarjei Knapstad (Jul 20)
- Re: Correct way of adding a HTTP subdissector on port 80 with no content type? Tarjei Knapstad (Jul 20)
- Re: Correct way of adding a HTTP subdissector on port 80 with no content type? Tarjei Knapstad (Jul 20)
- Re: Correct way of adding a HTTP subdissector on port 80 with no content type? Tarjei Knapstad (Jul 19)