Re: Plugin Dissector vs Builtin Dissector

["John Dill" <John.Dill () greenfieldeng com>]

> Message: 4
> Date: Wed, 23 Apr 2014 13:19:43 -0400
> From: Kevin Cox <kevincox () kevincox ca>
> To: wireshark-dev () wireshark org
> Subject: [Wireshark-dev] Plugin Dissector vs Builtin Dissector
> Message-ID: <5357F62F.5080707 () kevincox ca>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
>
> Forgive me if this has been asked before but I can't find any resources
> about the advantages/disadvantages of plugin dissectors and the ideal
> cases for each.
>
> So far I have gathered that plugin dissectors are "easiest to write
> initially"[0] while builtin dissectors load slightly faster.
>
> [0] https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html
>
> I have read the README.{developer,dissector,plugin} and a number of
> others but can't find a resource to help me decide which to write.
>
> For the curious I will be working on a dissector for the Ceph[1]
> protocol as a gsoc project this summer and am trying to make the
> decision whether a builtin or plugin dissector would be preferred.
>
> [1] https://ceph.com/
>
> Cheers,
> Kevin

One factor to consider is whether the contents of the packet is
considered proprietary.  In that sense, developing and releasing
the protocol dissector as a plugin allows to one to control the
code distribution without the need to maintain a fork of Wireshark.

For development purposes, either is fine, but Wireshark appears
to prefer to release dissectors as built-in when feasible.

Best regards,
John Dill

<<winmail.dat>>

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe