Wireshark-dev: Re: [Wireshark-dev] Catch called dissector error....

From: Evan Huus <eapache@xxxxxxxxx>
Date: Sat, 30 Mar 2013 08:14:31 -0400
On Sat, Mar 30, 2013 at 8:09 AM, Sebastiano Di Paola
<sebastiano.dipaola@xxxxxxxxx> wrote:
> Hi all,
> I would like to know if there is a way to call a dissector and check it's
> return value..I mean the behavior I would like to achieve is the
> following...
> I have a blob of data that usually is json, but I don't have any chance to
> know it without trying to parse it...
> So I would like to do...
>
> <snip>
> decode other part of the packet and create the subtree where to append the
> maybe json data...
>
> try {
>     decode the blob
> }
> catch {
>     cannot decode...maybe it's not json..or wrongly formatted
>     and then append to the current "subtree" as a blob
> }
>
> Is it possible to do it ? I mean trap the json dissector error/execption and
> then append the undecode/unkonw data as unknown to the same subtree?

It sounds like what you want is for JSON to register a heuristic
dissector. Then you can make a 'decode' call that will return a
boolean which is true only if decoding was successful - if not you can
append it as a blob. However, the JSON dissector doesn't do this (it
hasn't historically needed to) and making it do this is not
immediately trivial.

One 'workaround' would be to register a preference for your protocol
controlling whether the payloads are decoded as json or not. This
would probably be the least work to achieve approximately the desired
effect.

Cheers,
Evan