Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Idea for faster dissection on second pas

From: Michael Tuexen <Michael.Tuexen () lurchi franken de>
Date: Thu, 10 Oct 2013 22:27:30 +0200
On Oct 10, 2013, at 10:22 PM, Anders Broman <a.broman () bredband net> wrote:


Hi,
If we in the UDP/TCP/(SCTP?) dissectors saved next dissector on the first pas in say per packet data we could avoid
repeated calls to heuristic dissectors and port/conversation lookups making the second pas faster.
Does any one see any pitfalls with this idea?

I can think of two ways of implementing it:
- A new entry in pinfo "previous protocol" or something like that.
or
- make dissector_try_uint(), dissector_try_heuristic(), try_conversation_dissector() return the protocol
or NULL;

The second is perhaps cleaner but requires more changes or we could make new functions
dissector_try_heuristic_ret_proto() etc or something like that.

Comments?

SCTP might have multiple "next dissectors", one for each data chunk...

Best regards
Michael


Regards
Anders


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
           mailto:wireshark-dev-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: