From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]
On Behalf Of Vishnu Bhatt
Sent: den 10 januari 2014 10:54
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Siginificance of pinfo->fd->flags.visited
Thanks for the explanation.
- << The result of a packet dissection is
thrown away as soon as the packet has been read and presented, so if you ‘click’ on a new packet the dissection has to be redone.>>
>“Thrown away” means it’s not stored anywhere. Am I right? If yes, why is it
thrown away?
As its not needed as the packet will be re dissected when the information is needed again. Saving the dissection result for every packet in a trace would require
a lot of (RAM)memory.
(number of bytes times a factor > 10?)
>And also, few things are done only once using “flags.visited == FALSE”, why
then this variable is used, if the previous results are not stored, then everything has to be redone.
Perhaps I expressed that poorly, if you need some result of the dissection you need to arrange to store it and protect that code with “flags.visited”
to have it only executed once – the first time
When the packets are executed in order.
- << Not sure what you are referring to here
>>
>In packet-rlc.c in epan/dissectors, duplicity of RLC frames is checked, should
that be done everytime?
No it should probably only be done once and the result saved.
Regards
Anders
>Hello all,
>
>Can anyone please explain me the significance of pinfo->fd->flags.visited. I know that
this variable is set to TRUE if a packet has been visited once but if we click on the same packet then why all things are done again?
pinfo->fd->flags.visited is FALSE on the first pass when all packets are read in sequence then it’s set to FALSE. The result of a packet dissection is thrown away as soon as
the packet has been read and presented, so if you ‘click’ on a new packet the dissection has to be redone.
>
>Logically if a frame has been dissected once, it should not be checked again, so condition
“if(pinfo->fd->flags.visited == FALSE)” should always be checked before doing the dissection.
No true see above.
>Why the need of re-dissecting
>the frame over and over again?
See above.
>My second doubt is that in RLC, if duplicity has already been checked then why to check
it again? I mean should the duplicity function be covered under “if(pinfo->fd->flags.visited == FALSE)”?
Not sure what you are referring to here…
Thanks
Vishnu Bhatt
===============================================================================
Please refer to http://www.aricent.com/legal/email_disclaimer.html
for important disclosures regarding this electronic communication.
===============================================================================
===============================================================================
Please refer to http://www.aricent.com/legal/email_disclaimer.html
for important disclosures regarding this electronic communication.
===============================================================================
