Wireshark mailing list archives
"tree check" vs "visit"ed
From: mmann78 () netscape net
Date: Sun, 13 Nov 2011 12:41:43 -0500 (EST)
I'm working with a dissector that implements "request/response tracking" modeled after README.request_response_tracking. The one problem I noticed with the dissector is that it checks the "if visited flag" (pinfo->fd->flags.visited) per the example, but it also checks to see if the "protocol tree" is NULL. What happens is in the "first pass", tree = NULL, so the dissector doesn't do much (because there's no protocol tree). In the "second pass", tree != NULL, but the packet has since been "visited", the request/response handling doesn't get called. I thought I had read on this mailing list that the "tree checks" have been added to the necessary "internal APIs", so they aren't needed in a dissector. Is that true? That seems less optimal because I assume there would be more "tree checks" in the "internal APIs" that done just once in a dissector, but it makes the "if visited" flag much more useful (and dissector code much more readable). Mike
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- "tree check" vs "visit"ed mmann78 (Nov 13)
- Re: "tree check" vs "visit"ed Guy Harris (Nov 13)