On Wed, May 15, 2002 at 01:16:11PM +1000, Tim Potter wrote:
> This hidden field business got me thinking. I've made a small change to
> the dcerpc init routines which allows you to filter by string names for
> dcerpc subcommands.
>
> I've changed dcerpc_init_uuid() to take an extra value - a hf field
> which corresponds to the opnum for the subdissector with a value_string
> array associated with it. The dcerpc_try_handoff() routine inserts a
> hidden field with the value of the dcerpc.op for both the request and
> reply. For the spoolss dissector this now means you can do things like
> 'spoolss.opnum == addprinterdriver' rather than having to look up the
> hex value of the opnum for the subcommand.
I'd thought about the same thing a while ago; I forget whether I
mentioned it to ethereal-dev or not. (I *did* mention it in the comment
on line 1028 or so in "packet-dcerpc.c". :-))
I think it's the right thing to do.
However, you might, instead, want to *replace* the call *after* the
comment I mentioned with a call to add the subdissector's field as a
*non*-hidden field (and get rid of "hf_dcerpc_op"). That would let you
do a "Match Selected" on that entry in the protocol tree.
I think it's the right thing to do for ONC RPC as well (as stated in the
comment).