On Jul 17, 2009, at 5:15 AM, Sean wrote:
I have a question regarding the dissectors loading order,
Suppose several dissectors registered with the same UDP port or
Ethernet type to wireshark,
Which one would be the default decoder?
Currently, whichever one happens to be registered last and hasn't been
disabled.
Wireshark specifies neither the order in which dissectors get
registered nor whether the one that "sticks" is the one that's
registered first, the one that's registered last, or some other
dissector.
Is there anyway to specify one dissector as the default decoder?
1) Disable all the other ones.
2) Arrange that only the one you want as the default register with a
port number, and have all the others register using
dissector_add_handle(), so you can use Decode As to force that
dissector to be used for the UDP port number or Ethernet type in
question.
3) Make them heuristic dissectors, so they can figure out which of
them should handle the traffic in question. That would work only for
UDP; in any case where two protocols are using the same Ethernet type,
the IEEE Police need to go after whichever of them didn't get that
Ethernet type assigned to them by the IEEE, and crack their skull a bit.
