Wireshark · Wireshark-dev: [Wireshark-dev] Dissector being called with tree != NULL in the middle of the capture

Wireshark-dev: [Wireshark-dev] Dissector being called with tree != NULL in the middle of the ca

From: David Aggeler <david_aggeler@xxxxxxxxxx>

Date: Tue, 20 Oct 2009 20:00:32 +0200


I was troubleshooting my dissector for a while and realized following:

- Open a file without any display filters

- The dissector is first being called with tree = NULL as expected forall protocol specific packets (having data from 164 to 1227)- Then it is called again with pinfo->fd->num == 512 and tree beingspecified

This is killing me. In order to optimize for performance, I do notpopulate all data structures when tree is null.And when it is not null, I expect all packets before hand being calledin the same way, to have the details needed.

Is a dissector supposed to be able to handle something like this, i.e.being called with tree specified somewhere in the middle of the stream?

If I need to, I will need to ignore the performance optimization.

Or is it a bug? This behavior is still true on the latest SVN from today.

Removing a few non related packets at the start, and I'm not beingcalled with tree != null.


- David

Follow-Ups:
- Re: [Wireshark-dev] Dissector being called with tree != NULL in the middle of the capture
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] Can't build devel 1.3.0 version under Ubuntu Jaunty ...
Next by Date: Re: [Wireshark-dev] Dissector being called with tree != NULL in the middle of the capture
Previous by thread: [Wireshark-dev] [ANNOUNCE] WinPcap 4.1 has been released
Next by thread: Re: [Wireshark-dev] Dissector being called with tree != NULL in the middle of the capture
Index(es):
- Date
- Thread