Wireshark-dev: Re: [Wireshark-dev] Calling a dissector: Type for data parameter

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Date: Sun, 30 May 2021 11:36:22 +0100
When I made that change to MQTT I failed to notice that it called other dissectors with different data pointers, and although specifically modified for SparkplugB, felt that passing the topic as data was sufficiently general to be useful.

As others have noted, I guess the issue here is that to be more specific about when to call a sub-dissector those sub-dissectors need to register with the "parent" dissector using arbitrary fields and arbitrary values to determine when and how the sub-dissector should be called.

A more minimal solution could be for MQTT to declare an enum of "data" pointer types and a special registration routine and sub-dissectors register with that routine passing in one of the enum types and then in MQTT before calling a sub-dissector check that "data pointer type" table.

On Sat, 29 May 2021 at 08:33, Anders Broman <a.broman58@xxxxxxxxx> wrote:
Hi,
Yes the method is fragile. At the time of development I think it was proposed to pass a struct containing a string and the void pointer where the string could be used as a identifier. But that was voted down.
Regards
Anders

Den lör 29 maj 2021 09:26Guy Harris <gharris@xxxxxxxxx> skrev:
On May 29, 2021, at 12:12 AM, Anders Broman <a.broman58@xxxxxxxxx> wrote:

> Shouldn't the caller be calling with the right data type or NULL? So a bug in the MQTT disector?

How can the MQTT dissector determine what the right data type *is* - especially given that the dissectors aren't wired in, there's a UAT preference that lets the user configure it.

This is where the current mechanism for passing data between dissectors goes crashing to the ground.

MQTT passes a topic string, which is just a string, to the dissectors it calls.

JSON expects to be passed a pointer to an http_message_info_t.

JSON registers its non-heuristic dissector by name, and allows it to be used with Decode As... for UDP ports.

It might *look* safe if you check the UDP dissector and the dissectors that use "media_type" and "grpc_message_type", but the "registers its non-heuristic dissector by name" mean there are no guarantees, given that another dissector that passes a pointer to something *other* than an http_message_info_t to dissectors that are specified by name in a UAT.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


--
Graham Bloice
Software Developer
Trihedral UK Limited