Wireshark-dev: Re: [Wireshark-dev] Data (dissector) payload
Date Prev Thread Prev
From: Jeff Morriss <[email protected]>
Date: Fri, 31 May 2013 15:27:50 -0400
On 05/31/13 14:16, [email protected] wrote:
Bug 8741 contains the UDT dissector, which is a UDP protocol that may
carry its own payload.  The (new-style) dissector was explicitly calling
the data dissector and returning the full tvb length.  I thought one of
the benefits of the new-style dissectors was that the "parent" dissector
could see that the tvb wasn't fully dissected.  And if it wasn't fully
dissected, the parent could try to dissect the rest (which would
probably just end up in calling the data dissector).  This would lessen
the burder on the parent's payload dissector to make sure the full tvb
was dissected (if it didn't need to be).
That wasn't my impression.  I thought the purpose of "new style" 
dissectors was just to let the parent know if the dissector really 
claimed the packet (and how much of it was claimed; for example the 
dissector might say "yeah, I think this is mine!" but if it only decodes 
the first 42 bytes the parent might try another dissector to see if it 
claims more).
I would think that if a dissector thinks the payload belongs to it and 
it happens to have a payload of its own (which isn't sub-dissected yet) 
then the dissector should call the data dissector.  You see this a lot 
with dissectors that fail to find a subdissector for the particular payload.
(In the case when a dissector has a data payload I would think it should 
return the length of its header *plus* the length of its payload since 
it has effectively claimed all those bytes as belong to it.)