Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] f5ethtrailer: disabled by default

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 25 Apr 2018 11:03:39 -0700
On Apr 25, 2018, at 10:37 AM, Jason Cohen <kryojenik2@xxxxxxxxx> wrote:

> It's not a huge deal, but what would be necessary for the dissector to be enabled by default?
> 
> The commit message included:
> Also disable F5ETHTRAILER by default since it doesn't have a discriminating
> heuristic.

It'd need a discriminating heuristic, which means...

> We could probably get the changes needed, but want make sure we understand the requirements.

...that dissect_f5ethtrailer() would have to look at the data it was handed, determine whether it corresponds to an F5 Ethernet trailer and, if not, return FALSE without dissecting anything.

It would also have to make sure, before looking at any data, that the data is, in fact, present and not, for example, cut off by a snapshot length in effect when the capture was done.  (If the data isn't present, it should return FALSE, as that would mean that some or all of the trailer was cut off by that snapshot length.)