Re: Specifying dissectors declaratively

[Guy Harris <guy () alum mit edu>]

On Apr 19, 2017, at 4:47 AM, Roland Knall <rknall () gmail com> wrote:

> Generally speaking we can divide new protocol languages in two different classes:
>
> - interpreting ones
> - compiled ones
>
> The interpreting class has LUA and wsgd as representative. They have their benefits, but I do not really like the 
> approach of interpreting at runtime.

And I *do* like it, as

        1) it means you don't need a C/C++ compiler in order to add protocol support;

        2) there are some interesting optimization possibilities - if, for example, you're dissecting only to run some 
filter on the packets, interpretive code could be modified so as to skip over most packet fields, looking only at those 
1) used in the filter or 2) needed in order to figure out how the packet is organized in memory (fields that give the 
length of other fields, fields specifying the type of a structure, etc.);

        3) the bytecode for the protocol can be "loaded on demand", which might speed up startup;

        4) if the interpreter can fit in the L1 cache, and keep most of its state in registers, it might run reasonably 
fast.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe