> Given that there are no such APIs, one would have to be added and, if we're > going to be adding APIs, an API by which a post-dissector can specify that, > at least on the first pass through the packets, it requires a protocol tree > would be better, as it wouldn't encourage people to write code that works > only in Wireshark but not in TShark.
OK but just to be clear, I'm not trying to write a Wireshark-only post-dissector. This is a port of transum.lua which supports Wireshark and tshark. > So would you need the full protocol tree *every* time the packet is > dissected, or just the *first* time (meaning you'd save the results of the > first-pass processing and not require it later)? TRANSUM only needs the values in the first pass, but during the second pass it adds a section to the end of the visible tree using proto_tree_add_xxxxxx function and I assume that means it needs the full tree at that point. I imagine other dissectors and post-dissectors would also need the full tree on the second pass. -----Original Message----- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Guy Harris Sent: 10 April 2017 06:43 To: Developer support list for Wireshark <wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] Inconsistent availability of proto_tree values during the first of two passes On Apr 9, 2017, at 10:37 PM, Paul Offord <paul.off...@advance7.com> wrote: > Ah that was going to be my next question :-) > > Any ideas? Given that there are no such APIs, one would have to be added and, if we're going to be adding APIs, an API by which a post-dissector can specify that, at least on the first pass through the packets, it requires a protocol tree would be better, as it wouldn't encourage people to write code that works only in Wireshark but not in TShark. (The only such code should be taps with a GUI. Even the taps that produce tables of information shouldn't be program-dependent - there should be a layer that shows the table in text form in TShark and as a table window in Wireshark.) So would you need the full protocol tree *every* time the packet is dissected, or just the *first* time (meaning you'd save the results of the first-pass processing and not require it later)? ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ______________________________________________________________________ This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
