Re: overriding built-in dissector

[Roland Knall <rknall () gmail com>]

As far as I know, overriding a default dissector is not possible, or more
precise not necessarily very easy. But what you could do is, to implement a
generic heuristic entry point in the dis dissector, which then in turn you
could use to let your custom plugin take over the dissection from the dis
dissector. Take a look at the eth dissector and the heuristic dissector
entry point.

I did it this way in the beginning of the openSAFETY dissector with the epl
dissector, and it works just fine.

If you should keep a separate plugin and not implement the same features in
the main dis dissector is a different discussion.

regards,
Roland

On Tue, Dec 1, 2015 at 5:14 AM, Alan Partis <alpartis () thundernet com> wrote:

> I need some direction from some folks smarter than me:
>
> I need to understand, and possibly make some customizations to, the DIS
> dissector (packet-dis.c).  I understand that I can make those changes and
> run the full wireshark build, but that can be a very laborious and
> time-consuming task.  Consequently, I'm thinking that I'd like to build
> packet-dis.c as a shared library plugin and have wireshark pick up my
> customized version and use that instead of the built-in version.
>
> 1. is that possible?
>
> 2. Can I do the special plugin build of packet-dis.c right from the
> ./epan/dissectors/ subdirectory where it currently resides?  Or should I
> put a copy of it off in my own working directory/sandbox and build it from
> there?
>
> And lastly:
>
> 3. Is there anywhere I can find clear instructions on how best to achieve
> this?  All the plugin dev docs I find go through the very lengthy
> discussion of how to write a plugin and use the available API, but at
> least for the moment, I am mostly only interested in the build process.
>
> Thanks.
>
> _______________________________________________________
> Alan Partis
> thundernet development group
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe