Hi Stephen,
On 6/13/07, Stephen Fisher <stephentfisher@xxxxxxxxx> wrote:
On Mon, Jun 11, 2007 at 01:31:21PM +0200, Martin Peylo wrote:
> I'm searching for a way to unregister a dissector.
I don't think there is a way. See below.
Thanks for the reply, this validates what I expected.
> My problem is that we need a specially hacked version of a protocol
> dissector which is already built into Wireshark (lives in
> libwireshark.so). In order not to distribute a hacked version of
> Wireshark (for Linux, Solaris and Windows) to everybody -- each time
> we have to change it -- it would be nice to be able to overwrite the
> inbuilt dissector with a plugin.
Any chance of contributing your changes to the Wireshark code base for
all to enjoy? :-)
Sadly that's not possible for some reasons. The biggest problem would
be that one needs a precompiled library in order for the hacked
dissector to work. This library has a license which is not really
compatible. It does all the work, the dissector code only calls it. If
there would be a way to publish it I'd really do it as I did before.
:-)
> If I just call register_dissector(), Wireshark complains that there is
> already a dissector registered with that name and does not start. Is
> there any way to circumvent this? I didn't manage to find one so far.
How about registering your dissector with a slightly different name, but
the same port? Then going into Wireshark and disabling the built-in
dissector through the Analyasis -> Enabled protocols menu?
Thanks for that suggestion - I'll investigate if we could do that.
Best regards,
Martin
