Re: Heuristic Dissector Priority

[Evan Huus <eapache () gmail com>]

On Mon, Apr 22, 2013 at 12:40 PM, Richard Maudsley <
richard.maudsley () powwownow com> wrote:

>  Hi Evan, thanks for your reply.****
>
> ** **
>
> I saw the functions register_postdissector and call_all_postdissectors in
> packet.h. I’m really looking for something that does the opposite
> (“predissector”?) for heuristic dissectors. Is there some way to achieve
> this?****

Not off the top of my head.


>  I don’t consider it to be a bug in the built-in dissector, it’s working
> just fine! My plugin handles a subset of the protocol that the built-in
> dissector implements – a missing feature, if you like – hence the need for
> a plugin.****

If this missing feature is a public standard then you're probably best off
simply improving the existing dissector directly; patches welcome :)

If, as I suspect, this is some proprietary extension that you don't want to
build into the existing dissector then you have a couple of options
depending on how significant the change is. A post-dissector may still work
if you are simply adding a few fields and the existing dissector ignores
those fields.

Otherwise I think you will have to do as you have already thought - use
heur_dissector_delete to unregister the problematic built-in dissector,
then find_dissector to get a direct handle, and manually call_dissector
with that handle.

I'm obviously a bit biased, but I would strongly recommend improving the
existing dissector unless there's a good reason not to :)

Cheers,
Evan

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe