Wireshark-bugs: [Wireshark-bugs] [Bug 12826] usage http-tcp dissector from lua dissector lead to

Date: Fri, 09 Sep 2016 19:13:42 +0000

changed bug 12826


What Removed Added
CC   [email protected], [email protected], [email protected]

Comment # 8 on bug 12826 from
Comment 5 uses an approach that seems quite common for Lua dissectors (I think
it is also documented in an example Lua dissector): obtain old handle, override
dissectors, call old dissector and act on it.

I think that https://code.wireshark.org/review/16176 is sufficient for
correctness (i.e. not crash on missing data), but unfortunately loses the
possibility to propagate the end-of-stream flag from the TCP layer to HTTP.

In C dissectors, we rely on code review and conventions to avoid illegal "data"
parameters (though we do have type confusion problems at times).

We cannot rely on the Lua dissector not to pass garbage. Currently it always
passes a NULL data parameter which is handled gracefully by at least:
modbus (mbtcp), ethertype, wlan (ieee80211). (Searched for
call_dissector_with_data and looked at a random sample).

Maybe we should drop this data parameter and use p_add_proto_data:
 - as provider: the tcp dissector can provide "tcpinfo" to the interested
subdissectors.
 - as consumer: the mbtcp dissector requires a "packet_type" parameter from
"consumers" that invoke this dissector (cip, ecmp).

The type is more explicit in this case (defined by the protocol ID and the
protocol-specific key).


You are receiving this mail because:
  • You are watching all bug changes.