Filebacked-tvbuffs : GSoC'13

[Ambarisha B <b.ambarisha () gmail com>]

Hi dev,

I am a final year engineering student pursuing my bachelors in Computer
Science. I was going through the GSoC'13 ideas page and found
"Filebacked-tvbuffs" interesting, so I looked it up. Here's a (probably not
so) short summary of what I did and understood. I'm only a novice, so if
I've got something wrong, please, enlighten me.

I went through the (interesting) archived conversation linked on the ideas
page. I've realized most of the discussion was about "how to deal with
large captures, so that users don't have to break up the captures".
Swapping or if needed mmaped files would help. But since the goal of this
project is to cut down the memory usage, I guess we're looking at
non-mmaped files.

The project description says that data in packet-bytes view and
packet-details view is duplicate of that on the disk. I tried to look this
up in the code. So, originally the data is in a capture_file and wtap_*()
gets the data out of that and it is finally handed to dissect_packet()
which actually makes the tvbuff out of it and passes to the
sub-dissectors(dissect_frame etc).

I think I now have an idea of how I would back up tvbuff by a hard disk. We
add another "type" of tvbuff which is backed up by a file, the same way
TVBUFF_SUBSET is backed by another tvbuff. Next we think about "how to back
it by a file?". Ofcourse, we can implement a neat cache in the tvb layer
itself, tuned for our accesses. But I have a couple of thoughts on this. Do
tell me, if I am missing something here.

If we are accessing all the data in the tvbuff in one shot, there wouldn't
be much use of a cache. Infact, it'll add housekeeping overhead. On the
other hand, if we're making small repeated accesses to the data, a no-cache
implementation would be pitifully slow. For this I need to look at usage of
tvbuffs in those two views more closely. Also, now that there's this
abstraction, the interface for accessing filebacked-tvbuff has to be a
little different than normal tvbuffs (because the data access might require
some housekeeping as opposed to the direct access of tvb->real_data+offset).

I thought I should talk to you guys first, because I could be going on a
wild-goose-chase with this. If there's something you want me to take a look
at or study, please do let me know. Also, if you can point me to a little
bug, so that I can get my hands dirty, that'll be great.

Thanks for taking the time out to read this,
Ambarish

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe