Am 24.11.2011 19:41, schrieb Sergey Glebov:
I'm trying to make a dissector for the protocol, that works inside SPX.
So I register my protocol, register a dissector with dissect_XXX function,
etc - all pretty much like in samples.
Tricky thing is, that if I call, say, dissector_add("udp.port", 6771,
XXX_handle);
my dissect function gets called, and everything goes alright. I tried tcp,
udp, ipx - it works.
But not for SPX - whatever field I've tried.
Theoretically, the string should look like dissector_add_uint("spx.dst",
7200, XXX_handle);
>
> - but this does not work for some reason.
You can only use add your dissector for fields that are registered with
register_dissector_table for this purpose.
You can do it for "udp.port" because the UDP dissector called
udp_dissector_table = register_dissector_table("udp.port",
"UDP port", FT_UINT16, BASE_DEC);
The IPX dissector registers some dissector tables for this fields:
ipx.packet_type
ipx.socket
spx.socket
(see packet-ipx.c, line 1498..1502)
I fear you can't register your dissector without changing packet-ipx.c.
I am not experienced with heuristic dissectors. Probably you can
register your dissector with "spx" using heur_dissector_add().
--
Andy
