Re: Memory consumption in tshark

[Evan Huus <eapache () gmail com>]

On 2013-08-28, at 2:47 AM, Jakub Zawadzki <darkjames-ws () darkjames pl> wrote:

> On Tue, Aug 27, 2013 at 06:17:13PM -0400, Evan Huus wrote:
> > As Anders says, this is because we have no way right now to selectively
> > discard it: much of the data is stored in a way that we can only get rid of
> > all of it, or none.
>
> I'm not sure why we want to do selectvely discard, I'm fan of 'get rid of all of it'.

This is what I meant by state-less mode, but it means you can't do reassembly or anything, so...

If we want all the nice features, we have to keep some state. The point is that we could do a much better job of 
freeing that state once we were done with it (ie when reassembly is complete, or whatever).

> > I'm sure there are some significant improvements we could make if somebody
> > figures out how,
>
> It's quite simple just call epan_free(), epan_new() after each packet

That's a much easier way of doing stateless mode than the one I came up with :)

> (or every N-th packet, or 
> when dissection throw OutOfMemory exception - ups it could be too late ;])
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe