hi!
I have used oprofile for profiling loading a pretty large sctp capture.
the sctp chunks are filled with zeroes (i.e. there is NO application
protocol involved)
here is the main part of the call trace:
CPU: AMD64 family10, speed 3e+06 MHz (estimated)
Counted CPU_CLK_UNHALTED events (Cycles outside of halt state) with a
unit mask of 0x00 (No
unit mask) count 750000
samples % image name symbol name
10063 30.1351 libwireshark.so.0.0.0 guint8_pbrk
1211 3.6265 libwireshark.so.0.0.0 compute_offset_length
952 2.8509 libwireshark.so.0.0.0 dissect_ip
885 2.6503 libwireshark.so.0.0.0 fast_ensure_contiguous
813 2.4346 libwireshark.so.0.0.0 tap_push_tapped_queue
691 2.0693 libwireshark.so.0.0.0 call_dissector_work
631 1.8896 libwireshark.so.0.0.0 dissect_packet
624 1.8687 libwireshark.so.0.0.0 dissect_frame
612 1.8327 libwireshark.so.0.0.0 ethertype
588 1.7608 libwireshark.so.0.0.0 check_offset_length_no_exception
578 1.7309 libwireshark.so.0.0.0 dissect_sctp_packet
563 1.6860 libwireshark.so.0.0.0 dissect_sctp_chunk
507 1.5183 libwireshark.so.0.0.0 tvb_reported_length_remaining
500 1.4973 libwireshark.so.0.0.0 emem_alloc_chunk
486 1.4554 libwireshark.so.0.0.0 except_setup_try
459 1.3745 libwireshark.so.0.0.0 call_dissector_through_handle
426 1.2757 libwireshark.so.0.0.0 in_cksum
410 1.2278 libwireshark.so.0.0.0 tvb_new_subset
409 1.2248 libwireshark.so.0.0.0 dissector_try_uint_new
401 1.2009 libwireshark.so.0.0.0 dissector_try_heuristic
381 1.1410 libwireshark.so.0.0.0 dissect_eth_common
325 0.9733 libwireshark.so.0.0.0 tvb_length_remaining
325 0.9733 libwireshark.so.0.0.0 tvb_new
319 0.9553 libwireshark.so.0.0.0 tvb_get_ntohl
311 0.9313 libwireshark.so.0.0.0 tvb_get_ntohs
302 0.9044 libwireshark.so.0.0.0 dissect_data_chunk
298 0.8924 libwireshark.so.0.0.0 tap_build_interesting
293 0.8774 libwireshark.so.0.0.0 tvb_get_guint8
273 0.8175 libwireshark.so.0.0.0 ensure_contiguous
269 0.8056 libwireshark.so.0.0.0 dissect_sctp
269 0.8056 libwireshark.so.0.0.0 dissect_vlan
251 0.7517 libwireshark.so.0.0.0 col_append_fstr
251 0.7517 libwireshark.so.0.0.0 dissector_try_uint
249 0.7457 libwireshark.so.0.0.0 col_set_str
239 0.7157 libwireshark.so.0.0.0 ensure_contiguous_no_exception
214 0.6409 libwireshark.so.0.0.0 emem_free_all
213 0.6379 libwireshark.so.0.0.0 epan_dissect_run_with_taps
203 0.6079 libwireshark.so.0.0.0 dissect_sip_common
what I do not understand is why are functions like:
dissector_try_heuristic
guint8_pbrk
dissect_sip_common
called since:
1. the sctp chunks do NOT contain the data of any application level protocol
2. the ports used are NOT the default sip ports..
3. in the Edit/Preferences/Protocols/SCTP window, _none_ of:
a. "Try heuristic sub-dissectors first"
b. "Dissect upper layer protocols
are checked.
otoh, why is it trying to dissect sip and not diameter for example??
thanks!
cristian
