Wireshark mailing list archives

Re: Calling a dissector: Type for data parameter

From: João Valverde via Wireshark-dev <wireshark-dev () wireshark org>
Date: Sun, 30 May 2021 12:08:36 +0100

It would be nice to fix this in a way that could be used from Lua, tomake Lua dissectors first-class citizens and allow them to talk to Cdissectors (and vice-versa).


On 30/05/21 11:36, Graham Bloice wrote:

When I made that change to MQTT I failed to notice that it calledother dissectors with different data pointers, and althoughspecifically modified for SparkplugB, felt that passing the topic asdata was sufficiently general to be useful.

As others have noted, I guess the issue here is that to be morespecific about when to call a sub-dissector those sub-dissectors needto register with the "parent" dissector using arbitrary fields andarbitrary values to determine when and how the sub-dissector should becalled.

A more minimal solution could be for MQTT to declare an enum of "data"pointer types and a special registration routine and sub-dissectorsregister with that routine passing in one of the enum types and thenin MQTT before calling a sub-dissector check that "data pointer type"table.

On Sat, 29 May 2021 at 08:33, Anders Broman <a.broman58 () gmail com<mailto:a.broman58 () gmail com>> wrote:


    Hi,
    Yes the method is fragile. At the time of development I think it
    was proposed to pass a struct containing a string and the void
    pointer where the string could be used as a identifier. But that
    was voted down.
    Regards
    Anders

    Den lör 29 maj 2021 09:26Guy Harris <gharris () sonic net
    <mailto:gharris () sonic net>> skrev:

        On May 29, 2021, at 12:12 AM, Anders Broman
        <a.broman58 () gmail com <mailto:a.broman58 () gmail com>> wrote:

        > Shouldn't the caller be calling with the right data type or
        NULL? So a bug in the MQTT disector?

        How can the MQTT dissector determine what the right data type
        *is* - especially given that the dissectors aren't wired in,
        there's a UAT preference that lets the user configure it.

        This is where the current mechanism for passing data between
        dissectors goes crashing to the ground.

        MQTT passes a topic string, which is just a string, to the
        dissectors it calls.

        JSON expects to be passed a pointer to an http_message_info_t.

        JSON registers its non-heuristic dissector by name, and allows
        it to be used with Decode As... for UDP ports.

        It might *look* safe if you check the UDP dissector and the
        dissectors that use "media_type" and "grpc_message_type", but
        the "registers its non-heuristic dissector by name" mean there
        are no guarantees, given that another dissector that passes a
        pointer to something *other* than an http_message_info_t to
        dissectors that are specified by name in a UAT.
        ___________________________________________________________________________
        Sent via:    Wireshark-dev mailing list
        <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org>>
        Archives: https://www.wireshark.org/lists/wireshark-dev
        <https://www.wireshark.org/lists/wireshark-dev>
        Unsubscribe:
        https://www.wireshark.org/mailman/options/wireshark-dev
        <https://www.wireshark.org/mailman/options/wireshark-dev>
                     mailto:wireshark-dev-request () wireshark org
        <mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe

    ___________________________________________________________________________
    Sent via:    Wireshark-dev mailing list
    <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org>>
    Archives: https://www.wireshark.org/lists/wireshark-dev
    <https://www.wireshark.org/lists/wireshark-dev>
    Unsubscribe:
    https://www.wireshark.org/mailman/options/wireshark-dev
    <https://www.wireshark.org/mailman/options/wireshark-dev>
                 mailto:wireshark-dev-request () wireshark org
    <mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe



--
Graham Bloice
Software Developer
Trihedral UK Limited

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Calling a dissector: Type for data parameter Uli Heilmeier (May 29)
- Re: Calling a dissector: Type for data parameter Anders Broman (May 29)
  - Re: Calling a dissector: Type for data parameter Uli Heilmeier (May 29)
  - Re: Calling a dissector: Type for data parameter Guy Harris (May 29)
    - Re: Calling a dissector: Type for data parameter Anders Broman (May 29)
    - Re: Calling a dissector: Type for data parameter Graham Bloice (May 30)
    - Re: Calling a dissector: Type for data parameter João Valverde via Wireshark-dev (May 30)