On 19 July 2010 16:39, Tarjei Knapstad <tarjei.knapstad@xxxxxxxxx> wrote:
> I'm having problems getting my subdissector to run on HTTP packets on
> port 80 that does not include a content type in the HTTP header. I've
> tried:
>
> 1. dissector_add_string("media_type", "Internet media type", xxx_handle);
>
> 2. heur_dissector_add("http", dissect_xxx_heur, proto_xxx);
>
> 3. dissector_add("tcp.port", 80, xxx_handle);
>
> 4. dissector_add("http", 80, xxx_handle);
>
> However, my dissector (or heurisic dissector) never gets called in any
> of these cases. What is the correct way of adding a subdissector to
> HTTP traffic on port 80 when I don't have a content type?
> Specifically I'm trying to extract info from HTTP GET requests.
>
After some more digging I found that the HTTP dissector does not
search for and call subdissectors if there are no unprocessed bytes
left in the packet. Does this mean that it's impossible to do any
custom processing of HTTP GET requests in a subdissector, or am I
missing something?
Regards,
Tarjei
