XML's dissector is called as an heuristic dissector for http, can't
you do like it does?
Luis
On 9/7/06, Bryant Eastham <[EMAIL PROTECTED]> wrote:
> All-
>
> I have done several plugin dissectors in the past for internal
> protocols, all TCP- and UDP-based. I am now trying to add a plugin for a
> protocol that uses HTTP as the transport. Easy, I thought! Well, not so
> easy it appears.
>
> I am confused by the logic in packet-http.c around line 1059:
>
> if (handle == NULL && headers.content_type != NULL) {
> /*
> * We didn't find any subdissector that
> * registered for the port, and we have a
> * Content-Type value. Is there any
> subdissector
> * for that content type?
> */
> save_private_data = pinfo->private_data;
>
> if (headers.content_type_parameters)
> pinfo->private_data =
> ep_strdup(headers.content_type_parameters);
> else
> pinfo->private_data = NULL;
> /*
> * Calling the string handle for the media type
> * dissector table will set pinfo->match_string
> * to headers.content_type for us.
> */
> pinfo->match_string = headers.content_type;
> handle = dissector_get_string_handle(
> media_type_subdissector_table,
> headers.content_type);
> /*
> * Calling the default media handle otherwise
> */
> if (handle == NULL) {
> handle = media_handle;
> }
> }
>
> This seems to imply that if I have a content-type, then I cannot have a
> heuristic subdissector. The reason is the last line, that forces the
> handle to "media_handle".
>
> Here is my issue: our protocol uses content-type as
> "application/octet-stream", the contents being binary. We identify our
> packets (besides the URL) with a type modifier on the content-type that
> is specific to our protocol. Unfortunately, the logic as I understand it
> for handling content-type is too specific to handle this situation (no
> one dissector should handle all "application/octet-stream" packets,
> right?).
>
> This seems like a case for a heuristic subdissector, but that is
> disabled by the forcing of handle to media_handle.
>
> I seem to remember that changes were made to resolve this issue a while
> ago, but maybe I was dreaming...
>
> What am I missing?
>
> Bryant Eastham
> Chief Architect
> Panasonic Electric Works Laboratory of America, Inc.
> Salt Lake City Lab
> 4525 South Wasatch Blvd., Suite 100, Salt Lake City, Utah 84124
> Phone : 801.993.7124 Email: [EMAIL PROTECTED]
> Fax: 801.993.7260 Web: http://slc.mew.com <http://slc.mew.com/>
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
