Incomplete Filtering optimisation technique

[Sidhant Bansal <sidhbansal () gmail com>]

There is this old thread discussing a filtering optimisation here(
https://www.wireshark.org/lists/wireshark-dev/200903/msg00182.html) and
here(https://wiki.wireshark.org/Development/FastFiltering)

I am facing speed bottleneck when dealing with large capture files (> 100
MB) and running filter on them. I realised that this filtration
optimisation could help me in my use-case however I believe the thread went
dead a few years back and it wasn't merged into the master eventually.

> From a glance on the design of wireshark, it seems to be reasonably
different from what is used to be when this patch was created, so merging
this patch in today;s date seems no longer an easy task.

We can even try to do some sort of filtration results caching at opcode
instructions level in the DFVM.

Just want to hear people's thoughts about wether they know what happened to
FastFiltering and if not, then what do they think about it (in terms of
real-life benefits and technical details about the implementation, for
example relying on a 3rd party SAT solver ?)
Would love to hear any other suggestions / approaches which I could look
into to speed up the filtering process.

Sidhant.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe