Wireshark-dev: [Wireshark-dev] Problems with dissector order of execution
From: Tarjei Knapstad <[email protected]>
Date: Thu, 15 Jul 2010 10:35:07 +0200
Hi all,

I'm trying to write a dissector which should be invoked on certain XML
media types, but so far I'm having trouble invoking it. A shortened
version of my dissector code:

/************ START CODE **************/

    xml_handle = find_dissector("xml");

    something_handle = new_create_dissector_handle(dissect_something,

    dissector_add_string("media_type", "text/xml", something_handle);
    dissector_add_string("media_type", "application/something+xml",

static int
dissect_something(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
  /* nothing of interest, let dissector_try_string() know that it
should continue looking for a suitable dissector */
  if ( !xml_payload_of_interest(tvb) )  return 0;

  /* add stuff for my protocol here */

  /* call the XML dissector as a subdissector */
  call_dissector(xml_handle, tvb, pinfo, tree);

  /* return bytes_processed */

/************ END CODE **************/

The problem I'm facing is that I'm calling dissector_add_string for
two media types that is already registered with the packet-xml
dissector (the "application/something+xml" media type gets added
through a DTD I've written). When the dissector_try_string() function
in packet.c is called, the table lookup finds the XML dissector first
which means that my dissector never gets called (the XML dissector
doesn't call sub-dissectors and shouldn't need to either).

Is there any way I can make this work as I intend to? I need to
compute some metadata based on certain tags in the XML and would like
to customize the COL_INFO data, so simply adding a DTD isn't enough.
The only way I've gotten this half working so far is:

1. Call "dissector_delete_string" on my media types on the xml_handle
in proto_reg_handoff_something()

2. Edit the generated register.c so that proto_reg_handoff_something()
gets called after proto_reg_handoff_xml() so that the above step
actually has any effect.

The above steps gives me the results I want, but of course I've messed
things up in the cases where xml_payload_of_interest() returns false.