Re: Idea for faster dissection on second pas

[Evan Huus <eapache () gmail com>]

On Fri, Oct 11, 2013 at 12:41 AM, Anders Broman <a.broman () bredband net> wrote:
> In the particular case I'm looking at there is mostly no match in the
> heuristics tables except false positives
> the same is true for many of the uint table lookups too as there is RTP sent
> from a tool simulating many
> users with many IP/port combinations making up a huge portion of the
> packets.
>
> Regards
> Anders

Now that I've actually looked at the callgrind profile you attached,
it seems the main slowdown is all of the tvb length checks we are
doing in the NULL tree case. This was the patch Jeff added to stomp
out a whole class of infinite loops.

I've checked in a few tweaks that help marginally, but I'm not sure
what else we can do. The checks are important and we're not doing them
in an obviously inefficient way. It does mean though, that
dissector-level "if (tree)" checks are more effective optimizations
than they used to be, if added with care.

Cheers,
Evan
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe