Re: SPX protocol subdissector

[Guy Harris <guy () alum mit edu>]

On Nov 24, 2011, at 11:44 AM, Andreas wrote:

> You can only use add your dissector for fields that are registered with register_dissector_table for this purpose.

...and they're not fields, they're just dissector tables; by *convention*, dissector tables are often given the same 
name as fields, if they happen to correspond exactly to one particular field, but that's not a requirement - there's no 
field named "ethertype", but there's a dissector table named "ethertype", which is used for several fields (the type 
field in Ethernet packets, the protocol ID field in SNAP packets with an OUI of 00:00:00, etc.), and most fields don't 
have dissector tables associated with them.

> I fear you can't register your dissector without changing packet-ipx.c.

...by adding a new dissector table and code to use it.

> I am not experienced with heuristic dissectors. Probably you can register your dissector with "spx" using 
> heur_dissector_add().

No - you'd have to add a heuristic dissector table to the SPX dissector, so you can't even register it heuristically 
without changing packet-ipx.c.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe