On Feb 24, 2014, at 1:02 AM, Rahul Rohit <rahul.rohit@xxxxxxxxxxx> wrote:
> I understand the point but just for the sake of curiosity I would like to know how the value of tree were to be decided i.e. when the value of tree would be 0 and when will it contain some valid address ??
It will be NULL if the dissection being done at the time doesn't need to build a protocol tree and it will be non-null if the dissection being done at the time doesn't.
The conditions under which a protocol tree needs to be built vary, and are subject to change from release to release of Wireshark.
> Is this true that when the user clicks a packet in the packet-pane of the Wireshark GUI then automatically tree was
> Given some value ??
That's one situation where a protocol tree will probably always need to be built (we probably wouldn't gain much performance by caching the protocol tree for every packet that's been selected, and we'd spend a lot of memory building a protocol tree for every single packet and saving it in memory).
That is not, however, the only situation in which a protocol tree will need to be built.
