On Mon, Feb 24, 2014 at 5:07 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Feb 24, 2014, at 1:02 AM, Rahul Rohit <rahul.rohit@xxxxxxxxxxx> wrote:
>
>> I understand the point but just for the sake of curiosity I would like to know how the value of tree were to be decided i.e. when the value of tree would be 0 and when will it contain some valid address ??
>
> It will be NULL if the dissection being done at the time doesn't need to build a protocol tree and it will be non-null if the dissection being done at the time doesn't.
>
> The conditions under which a protocol tree needs to be built vary, and are subject to change from release to release of Wireshark.
>
>> Is this true that when the user clicks a packet in the packet-pane of the Wireshark GUI then automatically tree was
>> Given some value ??
>
> That's one situation where a protocol tree will probably always need to be built (we probably wouldn't gain much performance by caching the protocol tree for every packet that's been selected, and we'd spend a lot of memory building a protocol tree for every single packet and saving it in memory).
We would gain a lot of performance when filtering large files, but
memory use would be through the roof.
See https://www.wireshark.org/lists/wireshark-dev/201310/msg00118.html
> That is not, however, the only situation in which a protocol tree will need to be built.
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
