I'm working with a dissector that implements "request/response tracking" modeled after README.request_response_tracking. The one problem I noticed with the dissector is that it checks the "if visited flag" (pinfo->fd->flags.visited) per the example, but it also checks to see if the "protocol tree" is NULL. What happens is in the "first pass", tree = NULL, so the dissector doesn't do much (because there's no protocol tree). In the "second pass", tree != NULL, but the packet has since been "visited", the request/response handling doesn't get called. I thought I had read on this mailing list that the "tree checks" have been added to the necessary "internal APIs", so they aren't needed in a dissector. Is that true? That seems less optimal because I assume there would be more "tree checks" in the "internal APIs" that done just once in a dissector, but it makes the "if visited" flag much more useful (and dissector code much more readable).
Mike
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
