Hi!
In an attempt to fix bug 1419 I've stumbled over a strange change that
Ronnie Sahlberg made in SVN 20251 and I'm asking if there's a reason for
it that I just don't see.
The comment to 20251:
"break out dfcode from the capture file structure and declare it locally
where it is needed. allocate and release the dfcode program as needed
instead of having it hang around in the capture file structure. this
will ensure that dfcode will not have longer than se scope lifetime in
case we need that property of it later"
The problem with this change: It's calling the line:
dfilter_compile(cf->dfilter, &dfcode);
each time cf_continue_tail() get's called, which takes place when new packets are added to the packet list while CAPTURING
(this update takes place SEVERAL times a second for an "Update list in real time" capture).
So we're computing the whole display filter (which might be very long) over and over and over again while capturing,
to avoid some minor memory consumption / allocation problems?!?
That makes packet drops more likely without a good reason!!!
In addition, I don't see a good reason for this re-compiling at all!
The common sequence for an "Update list in real time" capture will look like:
cf_start_tail
cf_continue_tail
cf_continue_tail
cf_continue_tail
...
cf_continue_tail
cf_finish_tail
So why not simply dfilter_compile() at cf_start_tail() and dfilter_free() at cf_finish_tail() ?!?
Regards, ULFL
