Re: causes for losing COL_PROTOCOL or COL_INFO data

[Michael Mann via Wireshark-dev <wireshark-dev () wireshark org>]

I would have blamed having logic under pinfo->fd->flags.visited, but since Wireshark does 2 passes (one with visited = 
FALSE, other visited = TRUE), your columns should never be populated.  Subsequent dissection from changing display 
filters will continue to have pinfo->fd->flags.visited = TRUE.
That's the only thing I can think of.
 
Is your protocol displayed otherwise in the packet tree?  Is there fragmentation (and possibly faulty logic for 
reassembly)?
 
 
-----Original Message-----
From: John Dill <John.Dill () greenfieldeng com>
To: wireshark-dev <wireshark-dev () wireshark org>
Sent: Fri, Sep 15, 2017 5:09 pm
Subject: [Wireshark-dev] causes for losing COL_PROTOCOL or COL_INFO data



I'm setting the column fields and they appear to be set fine when I first open Wireshark, but when I apply a packet 
filter, I lose information from the fields even though it appears that I'm still calling the same col_* functions in 
the dissection.  Then when I remove the filter expression, and the COL_INFO I set is still missing.  Is there a usual 
cause for this behavior?  I can't seem to discover what's causing it.
 
Thanks,
John D.
 

___________________________________________________________________________Sent via:    Wireshark-dev mailing list 
<wireshark-dev () wireshark org>Archives:    https://www.wireshark.org/lists/wireshark-devUnsubscribe: 
https://www.wireshark.org/mailman/options/wireshark-dev             mailto:wireshark-dev-request () wireshark 
org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe