Wireshark-dev: [Wireshark-dev] Dissector being called with tree != NULL in the middle of the ca
From: David Aggeler <[email protected]>
Date: Tue, 20 Oct 2009 20:00:32 +0200
I was troubleshooting my dissector for a while and realized following:

- Open a file without any display filters
- The dissector is first being called with tree = NULL as expected for all protocol specific packets (having data from 164 to 1227) - Then it is called again with pinfo->fd->num == 512 and tree being specified
This is killing me. In order to optimize for performance, I do not 
populate all data structures when tree is null.
And when it is not null, I expect all packets before hand being called 
in the same way, to have the details needed.
Is a dissector supposed to be able to handle something like this, i.e. 
being called with tree specified somewhere in the middle of the stream?
If I need to, I will need to ignore the performance optimization.

Or is it a bug? This behavior is still true on the latest SVN from today.
Removing a few non related packets at the start, and I'm not being called with tree != null.
- David