Wireshark-dev: [Wireshark-dev] Ronnie's SVN 20251 looks quite strange to me - is there a reason?

From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Mon, 05 Mar 2007 21:57:28 +0100

Hi!

In an attempt to fix bug 1419 I've stumbled over a strange change that Ronnie Sahlberg made in SVN 20251 and I'm asking if there's a reason for it that I just don't see.

The comment to 20251:

"break out dfcode from the capture file structure and declare it locally where it is needed. allocate and release the dfcode program as needed instead of having it hang around in the capture file structure. this will ensure that dfcode will not have longer than se scope lifetime in case we need that property of it later"

The problem with this change: It's calling the line:

dfilter_compile(cf->dfilter, &dfcode);

each time cf_continue_tail() get's called, which takes place when new packets are added to the packet list while CAPTURING (this update takes place SEVERAL times a second for an "Update list in real time" capture).

So we're computing the whole display filter (which might be very long) over and over and over again while capturing,
to avoid some minor memory consumption / allocation problems?!?

That makes packet drops more likely without a good reason!!!



In addition, I don't see a good reason for this re-compiling at all!

The common sequence for an "Update list in real time" capture will look like:
cf_start_tail
cf_continue_tail
cf_continue_tail
cf_continue_tail
...
cf_continue_tail
cf_finish_tail

So why not simply dfilter_compile() at cf_start_tail() and dfilter_free() at cf_finish_tail() ?!?


Regards, ULFL