Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Different wireshark behaviour on Linux as on Windows

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 9 Mar 2011 10:04:09 -0800
On Mar 9, 2011, at 7:39 AM, Roland Knall wrote:

> It would definitly not solve the underlying problem. but at least it
> would make the whole process predictable, which is definitly not the
> case now.

That might or might not constitute an improvement; the file name given to a plugin, or whether a dissector is a plugin or a built-in, probably has little to do with whether a given dissector should or shouldn't be the one used for a given type field value.

Of course, if the type field is, for example, an Ethernet type field, it's not clear that there ever *SHOULD* be more than one dissector registered for that type field value - if, for example, SercosIII was assigned the Ethernet type value 0x88CD, no other protocol should ever use that Ethernet type, and, thus, no other dissector should ever register with that Ethernet type value; other protocols should get their own Ethernet type values.

> My favorite solution would be, that a dissector could register, that
> it should always get selected before all other dissectors.

What happens if *two* dissectors make the same request?