Wireshark-dev: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP

From: Chris Maynard <chris.maynard@xxxxxxxxx>
Date: Thu, 5 May 2011 20:06:27 +0000 (UTC)
Fernandez, Rafael <Rafael.Fernandez@...> writes:

> There are only TCP packets in my capture file.

That may be true, but as described in the doc/README.developer file in section
1.2 Skeleton code,

   A protocol dissector may be called in 2 different ways - with, or
   without a non-null "tree" argument.

   If the proto_tree argument is null, Wireshark does not need to use
   the protocol tree information from your dissector, and therefore is
   passing the dissector a null "tree" argument so that it doesn't
   need to do work necessary to build the protocol tree.

   In the interest of speed, if "tree" is NULL, avoid building a
   protocol tree and adding stuff to it, or even looking at any packet
   data needed only if you're building the protocol tree, if possible.

   Note, however, that you must fill in column information, create
   conversations, reassemble packets, build any other persistent state
   needed for dissection, and call subdissectors regardless of whether
   "tree" is NULL or not.  ...

> Can you try removing the "if(pinfo->tcp_tree != NULL)" check?
> 
>     if(pinfo->tcp_tree != NULL) {
>         tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 4, get_message_tcpmessage_len,
>                          dissect_message_tcpmessage);
>     }

So again, can you try this?