Wireshark-dev: [Wireshark-dev] Different wireshark behaviour on Linux as on Windows
From: Roland Knall <[email protected]>
Date: Mon, 28 Feb 2011 09:32:56 +0100
Hello

I am developing a plugin, which will dissect protocols, where other
dissectors are already registered.

Two instances are the Ethernet Powerlink dissector as well as the
Sercos III dissector.

My protocol is part of their communication messages, but can not be
identified as easily, as e.g. an UDP payload, as it is encoded in the
transmitted messages. Therefore, I kind of have to take an heuristic
approach an dissecting the various frames.

This works well so far, but now I have come across a funny situation.
My main development plattform is Linux. On it, my plugin get's loaded,
everything get's dissected correctly, and works as intended. My plugin
is called openSAFETY.

On Windows, the SercosIII plugin takes precedence over my plugin. Both
register the same Ethertypes, therefore this should not be unusual,
but as told, the situation is directly opposite towards the Linux
side.

Interesting side-fact, the EPL plugin, which is part of the main
wireshark library, never gets called before my own plugin. There on
both plattforms, my plugin get's called first.

So my question is, can I influence the decision made by wireshark in
any way, which plugin get's called?

In every case, the dissector immediatly before my dissector get's
called is the default Ethernet dissector.

kind regards, Roland