Re: Tshark: proto_tree not created on first pass with tap defined

[Guy Harris <guy () alum mit edu>]

On Feb 10, 2017, at 12:15 AM, Paul Offord <Paul.Offord () advance7 com> wrote:

> It's normal for a dissector to be called with a NULL proto_tree pointer on the first pass *unless* a tap has been 
> registered.

Actually, it's currently normal, in TShark, if you're doing two-pass processing, for taps not to be called on the first 
pass, so it's currently irrelevant whether a tap has been registered or not - no protocol tree is constructed on the 
first pass of two-pass processing unless it's needed for filtering, so no protocol tree is passed to dissectors, 
including post-dissectors, on the first pass of two.

If your post-dissector (which is *not* a tap) needs to be called with a protocol tree on *every* pass, that means that 
we need a way for post-dissectors to *directly* indicate that they need a protocol tree, *separate* from anything 
related to tap registration.  Taps should not be registered solely as a way to affect *other* code, such as a 
post-dissector.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe