Wireshark-dev: [Wireshark-dev] Sharkfest roadmap sessions summary

From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Fri, 04 Apr 2008 10:50:14 -0700

This past Monday and Wednesday at Sharkfest we had a couple of sessions where we
went over what should be next for Wireshark. The discussion was lively each day,
with users and developers contributing lots of great ideas. A slightly-edited
version of the whiteboard contents from each session is included below.

There was a lot of focus on NTAR/Pcap-NG support. It sounds like quite a few
people could make use of the extra functionality it would provide. There was
also enthusiasm for dropping GTK1 support. On Wednesday there was a lot of focus
on start/stop triggers and on Wireshark's memory usage.

I've started working on removing GTK1 references from the packaging directory,
and plan to tackle the easy memory management items next.

Whiteboard dump:

Kickoff (Monday)

Features
  - Multi-threaded dissection
  - Bounce diagrams (timing + drill-down)
  - Memory mapped file I/O
  - Dump GTK1!!!
  - Native UI (Windows Mac KDE)
* - Rename Epan
  - Pcap-NG
  - Dump to memory buffer
  - Capture performance improvements
  - Whiz-bang startup wizard
  - CI improvements
  - Packet correlation
* - Checksum + chimney handling
  - Wirebrush (trace file scrubber)
  - Formal code review (maybe just of core code initially)
  - Higher level dissection

Use cases
  - Network performance + forensics
  - Transport layer analysis
  - Research + validation
  - Application troubleshooting
  - Remote sampling
  - Data cleansing


Wrap-up (Wednesday)

Memory Management
  - Configurable upper limit on the amount of ep_ and se_allocated memory
  - A sliding window for the packet list
  - Let the user disable guard pages and canaries

General Roadmap
  - Pcap-NG
  - Start/stop triggers
    - Use capture or display filters?
    - Does this mean refactoring the interface dialog?
  - Better name resolution
* - Drop GTK1