Attached is a test patch, please test it.
Didier, this is a refactored version of your patch, it differs from
your original patch in that it
1, does refcounting on whether fields and parent protocols are used or
not. (not neccessary here but might be useful in the future)
2, renames the new variable and the function.
3, it will use the refcounting information inside
proto_tree_add_item() and friends and avoid doing unneccessary work
for the fields that are not used.
(just checking per protocol is not optimal since some protocols SMB
and H225 etc have many thousand filter fields each)
I also implemented the protocol set tree to NULL part of your patch to
frame/eth/ip
I tested it with color filters, taps and display filters and it seems to work.
Test results:
I used a ~1GB capture file and only had Frame, Ethernet and IP
protocols enabled.
Original version of tethereal
tethereal -q :
on average 51 seconds.
tethereal -R "not frame" :
which requires filtering and thus dissection of the packets
on average 141 seconds
==> filtering took an additional 90 seconds on this capture.
With the patch to proto.c / proto.h
tethereal -R "not frame" :
on average 115 seconds
==> filtering took an additional 65 seconds.
With teh full patch applied
tethereal -R "not frame" "
on average 110 seconds
==> filtering took an additional 60 seconds.
Thus in this test capture and with only Frame/Ethernet and IP enabled
the filtering overhead was reduced from 90 to 60 seconds.
I.e fitlering overhead reduced by 30% or one can suddnely filter 50%
more packets in the same timeframe.
I also expect that memory useage will also be reduced a bit.
While the proto.c faking of fields that are uninteresting is
reasonably good for improving performance I think one will also need
to refactor all popular/busy protocol dissectors as in didiers
original patch and reset tree to NULL whenever possible and
encapsulate everything that is expensive in cpu terms inside if(tree){
}
Many protocol dissectors currently ignore this easy optimization.
Please test the patch. It does touch some very vital parts of how
ethereal works.
If no one has any objections or failures to report I will check
something like this in in a couple of days.
On Fri, 25 Mar 2005 22:53:46 +0000, didier <dgautheron@xxxxxxxx> wrote:
> ronnie sahlberg wrote:
> > Ok,
> >
> > Can you
> > 1, change the new variable infilter to a better name like
> > is_referenced or something
>
> > 2, change the proto_tree_is_null() function to only take one
> > parameter, the protocol hf_field and return a gboolean TRUE/FALSE and
> > rename it as is_protocol_referenced() or something, and only take the
> > int proto hf field as parameter so one would write code like
> > if(!is_protocol_referenced(proto_nfs)){
> > tree=NULL
> > }
> is_protocol_referenced() needs to know the tree. Ie it's
> is_protocol_referenced or tree is visible.
> >
> > so one can also solve the problem with NLM and similar which calls
> > dissectors from other protocols and make nfs do
> > if( !is_protocol_referenced(proto_nfs)
> > &&!is_protocol_referenced(proto_nlm)){
> > tree=NULL;
> > }
> > 3, document the new variable, the assumptions and howto use the new
> > optimization for dissectors so others can add it to the other
> > dissectors.
> > What values does it take for fields and protocols etc.
> Didier
>
>
Attachment:
filter_performance.diff.gz
Description: GNU Zip compressed data
