Wireshark-dev: Re: [Wireshark-dev] Plugin Dissector vs Builtin Dissector
From: "John Dill" <John.Dill@xxxxxxxxxxxxxxxxx>
Date: Wed, 23 Apr 2014 14:42:21 -0400
>Message: 4
>Date: Wed, 23 Apr 2014 13:19:43 -0400
>From: Kevin Cox <kevincox@xxxxxxxxxxx>
>To: wireshark-dev@xxxxxxxxxxxxx
>Subject: [Wireshark-dev] Plugin Dissector vs Builtin Dissector
>Message-ID: <5357F62F.5080707@xxxxxxxxxxx>
>Content-Type: text/plain; charset="iso-8859-1"
>
>Hello,
>
>Forgive me if this has been asked before but I can't find any resources
>about the advantages/disadvantages of plugin dissectors and the ideal
>cases for each.
>
>So far I have gathered that plugin dissectors are "easiest to write
>initially"[0] while builtin dissectors load slightly faster.
>
>[0] https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html
>
>I have read the README.{developer,dissector,plugin} and a number of
>others but can't find a resource to help me decide which to write.
>
>For the curious I will be working on a dissector for the Ceph[1]
>protocol as a gsoc project this summer and am trying to make the
>decision whether a builtin or plugin dissector would be preferred.
>
>[1] https://ceph.com/
>
>Cheers,
>Kevin

One factor to consider is whether the contents of the packet is
considered proprietary.  In that sense, developing and releasing
the protocol dissector as a plugin allows to one to control the
code distribution without the need to maintain a fork of Wireshark.

For development purposes, either is fine, but Wireshark appears
to prefer to release dissectors as built-in when feasible.

Best regards,
John Dill

<<winmail.dat>>