Wireshark · Wireshark-dev: Re: [Wireshark-dev] causes for losing COL_PROTOCOL or COL_INFO data

[Michael Mann <mmann78@xxxxxxxxxxxx>]

I would have blamed having logic under pinfo->fd->flags.visited, but since Wireshark does 2 passes (one with visited = FALSE, other visited = TRUE), your columns should never be populated.  Subsequent dissection from changing display filters will continue to have pinfo->fd->flags.visited = TRUE.

That's the only thing I can think of.

 

Is your protocol displayed otherwise in the packet tree?  Is there fragmentation (and possibly faulty logic for reassembly)?

 

 

-----Original Message-----
From: John Dill <John.Dill@xxxxxxxxxxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Fri, Sep 15, 2017 5:09 pm
Subject: [Wireshark-dev] causes for losing COL_PROTOCOL or COL_INFO data

I'm setting the column fields and they appear to be set fine when I first open Wireshark, but when I apply a packet filter, I lose information from the fields even though it appears that I'm still calling the same col_* functions in the dissection.  Then when I remove the filter _expression_, and the COL_INFO I set is still missing.  Is there a usual cause for this behavior?  I can't seem to discover what's causing it.

 

Thanks,

John D.

 

___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe