Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] slow sip voip flow for large captures

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Fri, 03 Feb 2012 14:43:43 +0100
On 2012-02-03 13:01, Cristian Constantin wrote:
hi!

wireshark can draw call flows for sip voip calls
(accessible through the menu Telephony/VoIP Calls).

however, when the capture is large, containing tens of
thousands of sip voip calls, wireshark becomes very slow
at producing the list of calls and the call flows.

[SNIP]

the runtime decreased now to approx. 1 minute (pretty reasonable
when compared to 10 hours)


Very impressive improvement.

I can publish the patches on bugzilla; however,
the changes/tests have been explicitly targeted at sip voip calls.
some of the data structures are global and used by _all_
voip protocol taps; it won't work correctly with dumps having
also non-sip voip calls.

pls. let me know your opinion.


Go ahead attaching your improvement on to bugzilla, with the appropriate explanation of limitations, as you did here. It's always interesting to see this stuff, which can inspire a generic solution.

Thanks,
Jaap