Wireshark · Wireshark-dev: [Wireshark-dev] Calling dissector with proto

Wireshark-dev: [Wireshark-dev] Calling dissector with proto_tree==NULL

From: Fabrizio Bertocci <fabrizio@xxxxxxx>

Date: Thu, 24 Jan 2008 14:14:54 -0800

All,

I am working on a newer version of the RTPS packet dissector (real-time publisher/subscriber).I have noticed that my packet dissector gets called every time withthe proto_tree parameter not NULL, including when the packets areloaded in memory.Unfortunately there are some complex packets that require some heavycomputation that should not be necessary unless the packet isselected. As result of this, loading a file (with those packets)takes quite a long time...

The documentation said that wireshark calls the packet dissector withproto_tree != NULL only when the entire tree is needed.Any idea why? Is it something that has changed over the time? Is itsomething I'm doing wrong?


I'm registering the protocol on top of UDP with a simple call to:
heur_dissector_add("udp", dissect_rtps, proto_rtps);

Thanks for any help provided!
Fabrizio

Follow-Ups:
- Re: [Wireshark-dev] Calling dissector with proto_tree==NULL
  - From: Jaap Keuter

Prev by Date: Re: [Wireshark-dev] Error in MEGACO: [Packet size limited during capture: MEGACO truncated]
Next by Date: Re: [Wireshark-dev] Calling dissector with proto_tree==NULL
Previous by thread: Re: [Wireshark-dev] Error in MEGACO: [Packet size limited during capture: MEGACO truncated]
Next by thread: Re: [Wireshark-dev] Calling dissector with proto_tree==NULL
Index(es):
- Date
- Thread