Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] "tree check" vs "visit"ed

Date: Sun, 13 Nov 2011 12:41:43 -0500 (EST)
I'm working with a dissector that implements "request/response tracking" modeled after README.request_response_tracking.  The one problem I noticed with the dissector is that it checks the "if visited flag" (pinfo->fd->flags.visited) per the example, but it also checks to see if the "protocol tree" is NULL.  What happens is in the "first pass", tree = NULL, so the dissector doesn't do much (because there's no protocol tree).  In the "second pass", tree != NULL, but the packet has since been "visited", the request/response handling doesn't get called.   I thought I had read on this mailing list that the "tree checks" have been added to the necessary "internal APIs", so they aren't needed in a dissector.  Is that true?   That seems less optimal because I assume there would be more "tree checks" in the "internal APIs" that done just once in a dissector, but it makes the "if visited" flag much more useful (and dissector code much more readable).
 
Mike