Wireshark mailing list archives

Re: Overriding a builtin dissector

From: Roland Knall <rknall () gmail com>
Date: Wed, 25 Apr 2018 19:49:30 +0200

And I think this would be the case here, with new formats, if nothing else changes

Regards
Roland

Am 25.04.2018 um 18:05 schrieb Graham Bloice <graham.bloice () trihedral com>:

On 25 April 2018 at 16:51, Pascal Quantin <pascal.quantin () gmail com> wrote:
Hi Jason,

2018-04-25 17:40 GMT+02:00 Jason Cohen <kryojenik2 () gmail com>:

I've already asked some of this privately, but submitting to the full list for archival as well.

Is there a way or any thoughts of being able to override an existing, built-in dissector?


You can deactivate a builtin dissector via the Analyze -> Enabled Protocols window if required.


The specific case in point being the f5ethtrailer dissector recently was included as a built-in.  Would it be 
possible to offer a plugin that "replaced" the existing dissector to support the new formats?  What is Wiresharks 
policy on submitted updates to protocol dissectors?  Would changes go out in the next minor / maint release, or 
would they have to wait for a major relase?


Once you have deactivated the builtin plugin, you can have a plugin doing the dissection instead. It would probably 
require another protocol short name and filter name though to avoid any collision.
Only bugfixes go in stable branches, per our policy https://wiki.wireshark.org/Development/ReleasePolicy. So any 
addition submitted would be part of the next major release.


There is a bit of a grey area here, if the updated protocol is in active use in the wild, updates to the dissector 
could be done in the current release by squinting hard and calling them bugfixes.  This has been done in the past.

-- 
Graham Bloice
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Overriding a builtin dissector Jason Cohen (Apr 25)
- Re: Overriding a builtin dissector Pascal Quantin (Apr 25)
  - Re: Overriding a builtin dissector Graham Bloice (Apr 25)
    - Re: Overriding a builtin dissector Roland Knall (Apr 25)
    - Re: Overriding a builtin dissector Dario Lombardo (Apr 26)
    - Re: Overriding a builtin dissector Stig Bjørlykke (Apr 26)