Re: multiple parsing of the same packets

[Guy Harris <guy () alum mit edu>]

On Oct 30, 2013, at 7:31 AM, Evan Huus <eapache () gmail com> wrote:

> On Wed, Oct 30, 2013 at 4:14 AM, Matthieu Patou <mat () samba org> wrote:
>
> > Also is it possible to remember the dissection of packet so that we don't do
> > it again and again ?
>
> It is quite possible, it just takes an enormous amount of memory.

Wireshark (or, as it was called at the time, Ethereal) dissectors originally directly produced a GTK+ tree widget 
structure, rather than a protocol tree later used to produce the display tree.  The first implementation that produced 
a separate protocol tree had a bug wherein the trees weren't getting freed; I noticed that when reading in a large file 
got *really* slow and the machine started thrashing.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe