Wireshark mailing list archives
Re: Stateless Dissection
From: Evan Huus <eapache () gmail com>
Date: Sun, 22 Jun 2014 18:09:24 -0400
On Sun, Jun 22, 2014 at 6:05 PM, Joerg Mayer <jmayer () loplof de> wrote:
On Sun, Jun 22, 2014 at 05:07:19PM -0400, Evan Huus wrote:After Kurt's recent post I dug up an old patch I'd played with andcleanedit up a bit. It still needs some work (documentation at the very least)but[1] should add a -Z option to tshark which turns on "stateless"dissection.You lose reassembly and all that, but you should get no memory growth at all. The implementation is a bit of a hack in that stateless dissection still does all the stateful work, it just throws it away after each packet (so stateless is actually slightly slower than stateful) but it seems to work in my simple tests. Does this seem useful to people? Ideas for a better flag (Z just happened to be handy)? Other thoughts, comments, suggestions?How about having the cake and eating it (at least partially)? What I am thinking about is something like keeping state but only for the last 1000 (insert your favourite number here) packets and only *then* throwing it away. Or is this unrealistic?
Possible, but I think it would be confusing. There's no way to do a sliding window of state, so doing this you would get reassembly *most* of the time, except when the packets being reassembled happened to cross one of those n-packet boundaries. As such the dissection would be inconsistent, which isn't very nice. Perhaps better would be a flag to throw out state every time the ring-buffer cycles files (assuming ring-buffer is enabled)? Evan
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Stateless Dissection Evan Huus (Jun 22)
- Re: Stateless Dissection Jakub Zawadzki (Jun 22)
- Re: Stateless Dissection Evan Huus (Jun 22)
- Re: Stateless Dissection Jakub Zawadzki (Jun 22)
- Re: Stateless Dissection Evan Huus (Jun 22)
- Re: Stateless Dissection Evan Huus (Jun 26)
- Re: Stateless Dissection Evan Huus (Jun 22)
- Re: Stateless Dissection Jakub Zawadzki (Jun 22)
- Re: Stateless Dissection Evan Huus (Jun 22)
- Re: Stateless Dissection Kurt Knochner (Jun 22)
- Re: Stateless Dissection Evan Huus (Jun 22)