Guy,
Just tested this and it works fine (much nicer than the "hack"). Patch to update sip to drop the registering and adding the heur_dissector_add attached.
Thanks,
RuudGuy Harris wrote:
On Friday, August 1, 2003, at 2:18 AM, Ruud Linders wrote:
Good point, currently we are using a hack in packet-sctp which checks for PPI=0 (=NOT_SPECIFIED_PROTOCOL_ID) and just calls the sip decoder. The src/dst port is both 1 which is also not very distinctive so that would leave a heuristic approach.
I've just checked in a change to give the SCTP dissector a heuristic subdissector list (named, in an extraordinary burst of creativity, "sctp"), so adding
heur_dissector_add( "sctp", dissect_sip_heur, proto_sip );
to "proto_reg_handoff_sip()" should register it as a heuristic subdissector of SCTP.
Try that, with the current CVS version of packet-sctp.c (without the hack checking for PPI=0), and see if that works. If it does, we should remove the registering of the SIP dissector, and replace it with the version that adds it as a heuristic subdissector of SCTP.
--- packet-sip.c.0804 Thu Jul 31 20:14:02 2003
+++ packet-sip.c Mon Aug 4 13:04:59 2003
@@ -956,8 +956,6 @@
proto_register_field_array(proto_sip, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
- /* Register the dissector so it can be called from other protocols */
- register_dissector("sip", dissect_sip, proto_sip);
}
void
@@ -971,6 +969,7 @@
heur_dissector_add( "udp", dissect_sip_heur, proto_sip );
heur_dissector_add( "tcp", dissect_sip_heur, proto_sip );
+ heur_dissector_add( "sctp", dissect_sip_heur, proto_sip );
/*
* Get a handle for the SDP dissector.
