1,In debug mode,first time hit dissect_fp(),the input parameter:tree is always 0x00000000, then all FP message can't been decode in the first time. why??? asked 16 Apr '13, 01:36  smilezuzu |
One Answer:
Wireshark uses a two pass dissection strategy. The first (and the only linear) pass allows the dissector to setup state information, while in subsequent passes it may be asked for presentation details (a tree). answered 16 Apr '13, 08:31  Jaap ♦ |
It is also possible that something is under if(tree) that shouldn't be.