Phillip Paradis wrote:
> One might be able to do as Nvidia/ATI et. al. do with their drivers. Create
> the plug-in itself as a generic binary module which decodes blocks of data;
> it would make no use of the Wireshark APIs and cannot include or link with
> any GPL code. Then create a stub that fits between Wireshark's APIs and the
> plugin; this would be released as source code along with the binary, and
> would also not contain any Wireshark code, though it would contain the
> necessary header includes.
If you release a binary dissection module, what's to stop someone from
feeding it fuzzed and randomized data, mapping the input and output, and
reverse-engineering the protocol itself? Dissectors aren't device
drivers, and their very nature (i.e. "tell me everything you know about
the data at offset X") means that once you release a dissector, you've
also released the details of your protocol.