Wireshark-dev: Re: [Wireshark-dev] Fastest and the Legal way to distribute Custom Dissectors
From: Ian Schorr <[email protected]>
Date: Tue, 11 Aug 2009 12:10:32 +1000
#3 is probably the "best" if you're willing to share the source and think the code would be of use to others.

- Less work for you in the long run. 
  - Each time a new release of Wireshark comes out with changes that you want, you'd need to release a newer version of your "custom" Wireshark.  Or if you don't do this, would complicate things for users that are frequent Wireshark users and DO want a version installed with the latest changes.
  - Periodically changes are made that affect ALL (or a large number) of dissectors.  If that happens someone else would most likely update your dissector so it continues to function.  Without checking in, you'll need to figure out why your dissector doesn't compile anymore with newer releases.
- Your changes will be reviewed by someone who knows more about Wireshark than you do.  If you've done something badly (that will potentially cause crashes, weird errors, will cause you headaches in the long run) you have a good chance of getting feedback to help with this.
- You have contributed back to the community, which is kind of a major point of this project.
- Once your code is checked in you can just direct people to download the latest Wireshark instead of your own private version. (though initially you may have to just distribute a custom build - though you can generate one automatically here using the buildbot)

- As you say, may take longer overall to push changes to Wireshark - possibly especially a problem if you expect them to be updated frequently. 
People here tend to be fairly responsive, and won't waste your time.  But if you've written something badly, you probably will be forced to rewrite it (which may slow you down in the short term, but be good in the long term)

#2 is a mixed bag.  Distributing code as plugins are probably more "legal" if you weren't willing/allowed to distribute the sources, but that's not a problem for you.  However, plugins tend to be problematic to maintain.
There tend to be frequent changes in Wireshark that will break existing plugins (so you'd potentially end up having to compile a plugin for each version of Wireshark that you want your dissectors to be compatible with), and a lot of the maintainers here aren't exactly a fan of them.  Don't expect a lot of support on getting them to work.  I'd probably stick with either #1 if this is just some really simple project and you're going to be distributing to a few people for limited use, or #3 if you want to do things "right" and save yourself work in the long run.