Wireshark-dev: Re: [Wireshark-dev] Howto unregister a dissector?
From: "Martin Peylo" <[email protected]>
Date: Tue, 19 Jun 2007 14:50:13 +0200
Hi Stephen,

On 6/13/07, Stephen Fisher <[email protected]> wrote:
On Mon, Jun 11, 2007 at 01:31:21PM +0200, Martin Peylo wrote:

> I'm searching for a way to unregister a dissector.
I don't think there is a way.  See below.
Thanks for the reply, this validates what I expected.

> My problem is that we need a specially hacked version of a protocol
> dissector which is already built into Wireshark (lives in
> libwireshark.so). In order not to distribute a hacked version of
> Wireshark (for Linux, Solaris and Windows) to everybody -- each time
> we have to change it -- it would be nice to be able to overwrite the
> inbuilt dissector with a plugin.

Any chance of contributing your changes to the Wireshark code base for
all to enjoy? :-)
Sadly that's not possible for some reasons. The biggest problem would
be that one needs a precompiled library in order for the hacked
dissector to work. This library has a license which is not really
compatible. It does all the work, the dissector code only calls it. If
there would be a way to publish it I'd really do it as I did before.
:-)

> If I just call register_dissector(), Wireshark complains that there is
> already a dissector registered with that name and does not start. Is
> there any way to circumvent this? I didn't manage to find one so far.

How about registering your dissector with a slightly different name, but
the same port?  Then going into Wireshark and disabling the built-in
dissector through the Analyasis -> Enabled protocols menu?
Thanks for that suggestion - I'll investigate if we could do that.

Best regards,
Martin