The load time for NFSv4 captures can be reduced by up to 2.5 times by skipping the 'proto_' routines during the initial load (first pass) of the capture in Wireshark. However, if '!tree' is used to detect if this is the first pass, 'Find's for text in the Info column fails because during a Find, 'tree' is temporarily set to NULL. If instead the !pinfo->fd->flags.visited' is used, Finds work well but tshark's io,stat fails to see the NFS-related field values unless the '-2' (two pass) option of tshark is specified.
Is there a way to detect in dissect-nfs.c, via a global variable or by calling a routine, if tshark or Wireshark is being run? If so, is it also possible to detect if tshark's '-2' option was specified?
This question is marked "community wiki".
Which you don't want to do if:
The way you determine whether to construct a protocol tree is, err, umm, by looking at the
(Also, it's not a case of "temporarily" being set to NULL. It's set to a non-null value iff the protocol tree is needed; it's not as if "non-null" is the standard setting and "null" merely a temporary special setting.)