Fernandez, Rafael <Rafael.Fernandez@...> writes:
> There are only TCP packets in my capture file.
That may be true, but as described in the doc/README.developer file in section
1.2 Skeleton code,
A protocol dissector may be called in 2 different ways - with, or
without a non-null "tree" argument.
If the proto_tree argument is null, Wireshark does not need to use
the protocol tree information from your dissector, and therefore is
passing the dissector a null "tree" argument so that it doesn't
need to do work necessary to build the protocol tree.
In the interest of speed, if "tree" is NULL, avoid building a
protocol tree and adding stuff to it, or even looking at any packet
data needed only if you're building the protocol tree, if possible.
Note, however, that you must fill in column information, create
conversations, reassemble packets, build any other persistent state
needed for dissection, and call subdissectors regardless of whether
"tree" is NULL or not. ...
> Can you try removing the "if(pinfo->tcp_tree != NULL)" check?
>
> if(pinfo->tcp_tree != NULL) {
> tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 4, get_message_tcpmessage_len,
> dissect_message_tcpmessage);
> }
So again, can you try this?