On Nov 24, 2011, at 11:44 AM, Andreas wrote:
> You can only use add your dissector for fields that are registered with register_dissector_table for this purpose.
...and they're not fields, they're just dissector tables; by *convention*, dissector tables are often given the same name as fields, if they happen to correspond exactly to one particular field, but that's not a requirement - there's no field named "ethertype", but there's a dissector table named "ethertype", which is used for several fields (the type field in Ethernet packets, the protocol ID field in SNAP packets with an OUI of 00:00:00, etc.), and most fields don't have dissector tables associated with them.
> I fear you can't register your dissector without changing packet-ipx.c.
...by adding a new dissector table and code to use it.
> I am not experienced with heuristic dissectors. Probably you can register your dissector with "spx" using heur_dissector_add().
No - you'd have to add a heuristic dissector table to the SPX dissector, so you can't even register it heuristically without changing packet-ipx.c.
