Wireshark mailing list archives

Re: multiple parsing of the same packets

From: Anders Broman <anders.broman () ericsson com>
Date: Wed, 30 Oct 2013 14:25:27 +0000

-----Original Message-----
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Matthieu 
Patou
Sent: den 30 oktober 2013 09:15
To: Developer support list for Wireshark
Subject: [Wireshark-dev] multiple parsing of the same packets

Hello,

I noticed long time ago that wireshark is parsing the same packet at least 3 tree times.

To make it worse if I go back and forth to the same packet it will be dissected one more time.


A packet will be redissected when selected in the packet list

With complex protocols like DRS (directory replication for Active
directory) it's really a problem as the UI freeze for a while.

First thing, why 3 dissections initially, is there a way to reduce this to 2, I more or less understand why 2 pass are 
needed but 3 ...


Is it 3 times for all packets or "only" for the ones visible in the GUI?


Also is it possible to remember the dissection of packet so that we don't do it again and again ?


Generally probably not as that would require to keep the result of the dissection of all packets in memory. Dissectors 
can save data in
Per_packet_data or converssations and only do stuff if(!pinfo-visited) to do some stuff only once.

Ps: I'm not on the list, so can you put me in copy of responses


Matthieu.

--
Matthieu Patou
Samba Team
http://samba.org

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

multiple parsing of the same packets Matthieu Patou (Oct 30)
- Re: multiple parsing of the same packets Anders Broman (Oct 30)
  - Re: multiple parsing of the same packets Matthieu Patou (Oct 31)
- Re: multiple parsing of the same packets Evan Huus (Oct 30)
  - Re: multiple parsing of the same packets Guy Harris (Oct 30)
  - Re: multiple parsing of the same packets Guy Harris (Oct 30)
  - Re: multiple parsing of the same packets Matthieu Patou (Oct 31)
    - Re: multiple parsing of the same packets Evan Huus (Oct 30)
    - Message not available
    - Re: multiple parsing of the same packets Evan Huus (Oct 31)