Re: Overriding a builtin dissector

[Dario Lombardo <lomato () gmail com>]

What about using proto_deregister_protocol? In your dissector (I guess it's
a plug in one) you first deregister the builtin one, then you register
yours with the same name. Would it work?

On Wed, Apr 25, 2018, 19:50 Roland Knall <rknall () gmail com> wrote:

> And I think this would be the case here, with new formats, if nothing else
> changes
>
> Regards
> Roland
>
> Am 25.04.2018 um 18:05 schrieb Graham Bloice <graham.bloice () trihedral com
> > :
>
>
>
> On 25 April 2018 at 16:51, Pascal Quantin <pascal.quantin () gmail com>
> wrote:
>
> > Hi Jason,
> >
> > 2018-04-25 17:40 GMT+02:00 Jason Cohen <kryojenik2 () gmail com>:
> >
> > > I've already asked some of this privately, but submitting to the full
> > > list for archival as well.
> > >
> > > Is there a way or any thoughts of being able to override an existing,
> > > built-in dissector?
> >
> > You can deactivate a builtin dissector via the Analyze -> Enabled
> > Protocols window if required.
> >
> >
> > > The specific case in point being the f5ethtrailer dissector recently was
> > > included as a built-in.  Would it be possible to offer a plugin that
> > > "replaced" the existing dissector to support the new formats?  What is
> > > Wiresharks policy on submitted updates to protocol dissectors?  Would
> > > changes go out in the next minor / maint release, or would they have to
> > > wait for a major relase?
> >
> > Once you have deactivated the builtin plugin, you can have a plugin doing
> > the dissection instead. It would probably require another protocol short
> > name and filter name though to avoid any collision.
> > Only bugfixes go in stable branches, per our policy
> > https://wiki.wireshark.org/Development/ReleasePolicy. So any addition
> > submitted would be part of the next major release.
> There is a bit of a grey area here, if the updated protocol is in active
> use in the wild, updates to the dissector could be done in the current
> release by squinting hard and calling them bugfixes.  This has been done in
> the past.
>
> --
> Graham Bloice
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
> <wireshark-dev-request () wireshark org?subject=unsubscribe>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe