Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Plugin Dissector vs Builtin Dissector

From: Kevin Cox <kevincox@xxxxxxxxxxx>
Date: Wed, 23 Apr 2014 13:19:43 -0400
Hello,

Forgive me if this has been asked before but I can't find any resources
about the advantages/disadvantages of plugin dissectors and the ideal
cases for each.

So far I have gathered that plugin dissectors are "easiest to write
initially"[0] while builtin dissectors load slightly faster.

[0] https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html

I have read the README.{developer,dissector,plugin} and a number of
others but can't find a resource to help me decide which to write.

For the curious I will be working on a dissector for the Ceph[1]
protocol as a gsoc project this summer and am trying to make the
decision whether a builtin or plugin dissector would be preferred.

[1] https://ceph.com/

Cheers,
Kevin

Attachment: signature.asc
Description: OpenPGP digital signature