Re: Tshark: proto_tree not created on first pass with tap defined

[Guy Harris <guy () alum mit edu>]

The underlying problem here appears to be that the TRANSUM post-dissector is not only adding stuff to the protocol 
tree, which obviously doesn't need to be done if there is no protocol tree, but is also doing *analysis* of the packet 
information.

The latter of those should *not* be done in a dissector - it should be done in a tap.

Unfortunately, *currently*, taps are run after all dissectors, including post-dissectors, are run, which might not work 
for this purpose.  If so, what we probably would need here is to have a mechanism to allow taps to be run "early".  For 
now, we could define "early" as "before the post-dissectors are run".
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe