Re: multiple parsing of the same packets

[Guy Harris <guy () alum mit edu>]

On Oct 30, 2013, at 7:31 AM, Evan Huus <eapache () gmail com> wrote:

> On Wed, Oct 30, 2013 at 4:14 AM, Matthieu Patou <mat () samba org> wrote:
> > Hello,
> >
> > I noticed long time ago that wireshark is parsing the same packet at least 3
> > tree times.
> >
> > To make it worse if I go back and forth to the same packet it will be
> > dissected one more time.
> > With complex protocols like DRS (directory replication for Active directory)
> > it's really a problem as the UI freeze for a while.
>
> Is the protocol really so complex that dissecting a single packet of
> it takes a user-visible amount of time? That seems suspect to me.

I think we may currently have to make two passes over the contents of some DCE RPC packets.

If so, is that truly necessary?

And are there any *other* things that make DRS *so* complicated that dissecting a single packet is that slow?  Is it 
just that the packets are extremely large?

> > First thing, why 3 dissections initially, is there a way to reduce this to
> > 2, I more or less understand why 2 pass are needed but 3 ...
>
> It is in theory possible, the third pass is usually either to fill in
> the column or tree information. We could in theory pull that straight
> from the second pass, but we would have to calculate in advance which
> packets are visible, which may or may not be easy.

We could, perhaps, cache dissection results from a small number of packets.  If, for example, we could query the packet 
summary list widget to see how many packets it's displaying, the cache could save dissection results for that many of 
the most recently dissected packets.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe