Ethereal will sometimes call the dissector twice for a packet when reading a
capture file.
When it does so depends on whether you have any filters allied.
First time it is called tree will be NULL, second time TREE will hae a
proper value.
the dissector must be prepared to handle that the dissector being called
mulktiple times for the
same packet.
Often this is codified as
if(!pinfo->fd->flags.visited){
...
} else {
...
}
----- Original Message -----
From: "Michael Shuldman"
Sent: Saturday, August 02, 2003 12:20 AM
Subject: [Ethereal-dev] dissector being called with same packets twice?
> Hello, !'m having a problem with what appears to be the dissector
> being called with the same packets twice (it's reading a
> previously saved capturefile). Here's an excerpt from the debugger,
> starting with the first entry into the dissector function registered
> with create_dissector_handle():
>
> Breakpoint 31, dissect_x11 (tvb=0x4de8b4, pinfo=0x4c8e08, tree=0x4dc818)
> at packet-x11.c:4271
> 4271 if (check_col(pinfo->cinfo, COL_PROTOCOL))
> (gdb) p pinfo->fd->num
> $161 = 4
> (gdb) p *tvb
> $162 = {type = TVBUFF_SUBSET, initialized = 1, usage_count = 1,
> ds_tvb = 0x4de818, used_in = 0x0, tvbuffs = {subset = {tvb = 0x4de880,
> offset = 20, length = 12}, composite = {tvbs = 0x4de880,
> start_offsets = 0x14, end_offsets = 0xc}}, real_data = 0x4db036 "B",
> length = 12, reported_length = 12, raw_offset = -1, free_cb = 0}
>
> And then again on the next entry into the same routine:
>
> Breakpoint 31, dissect_x11 (tvb=0x4de9b8, pinfo=0x4c8f08, tree=0x4dcdf4)
> at packet-x11.c:4271
> 4271 if (check_col(pinfo->cinfo, COL_PROTOCOL))
> (gdb) p pinfo->fd->num
> $163 = 4
> (gdb) p *tvb
> $164 = {type = TVBUFF_SUBSET, initialized = 1, usage_count = 1,
> ds_tvb = 0x4de91c, used_in = 0x0, tvbuffs = {subset = {tvb = 0x4de984,
> offset = 20, length = 12}, composite = {tvbs = 0x4de984,
> start_offsets = 0x14, end_offsets = 0xc}}, real_data = 0x4db036 "B",
> length = 12, reported_length = 12, raw_offset = -1, free_cb = 0}
>
>
> The same seems to be the case higher up, e.g. dissect_tcp().
>
> In both calls on dissect_x11(), we end up having all the data we need
> (i.e. no desgmenting required) and we dissect the packet, and after
> the second dissection, the information about the packet ends up
> getting printed out to the screen, but I don't understand why it
> doesn't happen the first time. Is there a function "we're done
> with this data" I'm not calling?
>
> The code path in my code is identical on both calls as the
> data is the same (I'm working on modified sources but the same happens
> in stock ethereal-0.9.7 dissect_x11()).
>
> (Please Cc me on replies)
> With kind regards,
>
> --
> _ //
> \X/ -- Michael Shuldman <michaels@xxxxxxx>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
