XML's dissector is called as an heuristic dissector for http, can't you do like it does?
Luis On 9/7/06, Bryant Eastham <[EMAIL PROTECTED]> wrote: > All- > > I have done several plugin dissectors in the past for internal > protocols, all TCP- and UDP-based. I am now trying to add a plugin for a > protocol that uses HTTP as the transport. Easy, I thought! Well, not so > easy it appears. > > I am confused by the logic in packet-http.c around line 1059: > > if (handle == NULL && headers.content_type != NULL) { > /* > * We didn't find any subdissector that > * registered for the port, and we have a > * Content-Type value. Is there any > subdissector > * for that content type? > */ > save_private_data = pinfo->private_data; > > if (headers.content_type_parameters) > pinfo->private_data = > ep_strdup(headers.content_type_parameters); > else > pinfo->private_data = NULL; > /* > * Calling the string handle for the media type > * dissector table will set pinfo->match_string > * to headers.content_type for us. > */ > pinfo->match_string = headers.content_type; > handle = dissector_get_string_handle( > media_type_subdissector_table, > headers.content_type); > /* > * Calling the default media handle otherwise > */ > if (handle == NULL) { > handle = media_handle; > } > } > > This seems to imply that if I have a content-type, then I cannot have a > heuristic subdissector. The reason is the last line, that forces the > handle to "media_handle". > > Here is my issue: our protocol uses content-type as > "application/octet-stream", the contents being binary. We identify our > packets (besides the URL) with a type modifier on the content-type that > is specific to our protocol. Unfortunately, the logic as I understand it > for handling content-type is too specific to handle this situation (no > one dissector should handle all "application/octet-stream" packets, > right?). > > This seems like a case for a heuristic subdissector, but that is > disabled by the forcing of handle to media_handle. > > I seem to remember that changes were made to resolve this issue a while > ago, but maybe I was dreaming... > > What am I missing? > > Bryant Eastham > Chief Architect > Panasonic Electric Works Laboratory of America, Inc. > Salt Lake City Lab > 4525 South Wasatch Blvd., Suite 100, Salt Lake City, Utah 84124 > Phone : 801.993.7124 Email: [EMAIL PROTECTED] > Fax: 801.993.7260 Web: http://slc.mew.com <http://slc.mew.com/> > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-dev > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev