Re: Correct way of adding a HTTP subdissector on port 80 with no content type?

[Tarjei Knapstad <tarjei.knapstad () gmail com>]

On 19 July 2010 16:39, Tarjei Knapstad <tarjei.knapstad () gmail com> wrote:
> I'm having problems getting my subdissector to run on HTTP packets on
> port 80 that does not include a content type in the HTTP header. I've
> tried:
>
> 1. dissector_add_string("media_type", "Internet media type", xxx_handle);
>
> 2. heur_dissector_add("http", dissect_xxx_heur, proto_xxx);
>
> 3. dissector_add("tcp.port", 80, xxx_handle);
>
> 4. dissector_add("http", 80, xxx_handle);
>
> However, my dissector (or heurisic dissector) never gets called in any
> of these cases. What is the correct way of adding a subdissector to
> HTTP traffic on port 80 when I don't have a content type?
> Specifically I'm trying to extract info from HTTP GET requests.

After some more digging I found that the HTTP dissector does not
search for and call subdissectors if there are no unprocessed bytes
left in the packet. Does this mean that it's impossible to do any
custom processing of HTTP GET requests in a subdissector, or am I
missing something?

Regards,
Tarjei
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe