On Nov 21, 2013, at 12:08 PM, mmann@xxxxxxxxxxxxx wrote:
> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=53489
>
> User: mmann
> Date: 2013/11/21 08:08 PM
>
> Log:
> Remove ethertype, mpls_label and ppids from packet_info structure.
>
> The information was converted to "proto" data within their respective dissectors strictly for use in "Decode As".
"proto" data is persistent, so you're allocating a chunk of data for every packet in an Ethernet capture, for example, which remains around until the capture is closed. That might amount to a significant additional amount of memory for a large capture.
Perhaps what's needed here is a way for dissectors to attach arbitrary data to a packet_info structure, with the data being freed when the packet_info structure is freed (for example, when the epan_dissect_t containing a packet_info structure is freed).
