Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Problems with dissector order of execution

From: Tarjei Knapstad <tarjei.knapstad@xxxxxxxxx>
Date: Thu, 15 Jul 2010 10:35:07 +0200
Hi all,

I'm trying to write a dissector which should be invoked on certain XML
media types, but so far I'm having trouble invoking it. A shortened
version of my dissector code:

/************ START CODE **************/

void
proto_reg_handoff_something(void)
{
    xml_handle = find_dissector("xml");

    something_handle = new_create_dissector_handle(dissect_something,
proto_something);

    dissector_add_string("media_type", "text/xml", something_handle);
    dissector_add_string("media_type", "application/something+xml",
something_handle);
}

static int
dissect_something(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
  /* nothing of interest, let dissector_try_string() know that it
should continue looking for a suitable dissector */
  if ( !xml_payload_of_interest(tvb) )  return 0;

  /* add stuff for my protocol here */

  /* call the XML dissector as a subdissector */
  call_dissector(xml_handle, tvb, pinfo, tree);

  /* return bytes_processed */
}


/************ END CODE **************/


The problem I'm facing is that I'm calling dissector_add_string for
two media types that is already registered with the packet-xml
dissector (the "application/something+xml" media type gets added
through a DTD I've written). When the dissector_try_string() function
in packet.c is called, the table lookup finds the XML dissector first
which means that my dissector never gets called (the XML dissector
doesn't call sub-dissectors and shouldn't need to either).

Is there any way I can make this work as I intend to? I need to
compute some metadata based on certain tags in the XML and would like
to customize the COL_INFO data, so simply adding a DTD isn't enough.
The only way I've gotten this half working so far is:

1. Call "dissector_delete_string" on my media types on the xml_handle
in proto_reg_handoff_something()

2. Edit the generated register.c so that proto_reg_handoff_something()
gets called after proto_reg_handoff_xml() so that the above step
actually has any effect.

The above steps gives me the results I want, but of course I've messed
things up in the cases where xml_payload_of_interest() returns false.

Regards,
Tarjei