Wireshark mailing list archives
Re: Idea for faster dissection on second pas
From: Anders Broman <anders.broman () ericsson com>
Date: Fri, 11 Oct 2013 13:41:05 +0000
-----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Jeff Morriss Sent: den 11 oktober 2013 15:23 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Idea for faster dissection on second pas On 10/10/13 18:22, Evan Huus wrote:
It might be simpler and almost as efficient to have recently-successful heuristic dissectors bubble nearer to the top of the list so they are tried sooner. Port/conversation lookups are hash-tables for the most part and likely won't be made noticeably faster by caching.Wouldn't that expose us to the risk that the dissection actually changes on the 2nd pass (because the call order of the heuristics changes)? That would look pretty weird...
Hmm - yes, another thought is to make a conversation when a heuristic triggers and set the conversation dissector ensuring the same result On the second pass/filtering. Another costly item is col_add_fstr, would it be possible to stack up the col_xx statements and just execute the last one(s) as the lover ones will be overwritten any way. Col_set_fence complicates that further I suppose. Dissectors could be made to only set column info is no subdissector is being called but that may become messy. Regards Anders ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Idea for faster dissection on second pas, (continued)
- Re: Idea for faster dissection on second pas Michael Tuexen (Oct 10)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 10)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 10)
- Re: Idea for faster dissection on second pas ronnie sahlberg (Oct 10)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 10)
- Re: Idea for faster dissection on second pas Anders Broman (Oct 10)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 11)
- Re: Idea for faster dissection on second pas Jeff Morriss (Oct 11)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 12)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 10)
- Re: Idea for faster dissection on second pas Jeff Morriss (Oct 11)
- Re: Idea for faster dissection on second pas Anders Broman (Oct 11)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 11)
- Re: Idea for faster dissection on second pas Jeff Morriss (Oct 11)
- Re: Idea for faster dissection on second pas Anders Broman (Oct 11)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 11)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 11)
- Re: Idea for faster dissection on second pas Anders Broman (Oct 12)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 12)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 12)
- Re: Idea for faster dissection on second pas Jakub Zawadzki (Oct 12)
- Re: Idea for faster dissection on second pas Evan Huus (Oct 12)