Guy Harris skrev 2012-05-11 06:32:
On May 10, 2012, at 9:22 PM, Anders Broman wrote:
Guy Harris skrev 2012-05-11 05:03:
On May 10, 2012, at 1:24 AM, Anders Broman wrote:
Filtering:
- We have a string with per packet protocols, could that string be saved and used in filtering - don't dissect the packet if it does not contain the filtered protocol.
If you're referring to the "frame.protocols", that is, unfortunately, computed as part of the process of dissecting the packet, so....
But we do run trough all packets on the first pass, subsequent filtering could benefit.
Yes, but we don't *persistently store* the frame.protocols value for every frame - if we wanted to use it when filtering, we'd have to recompute it for each packet, and, as recomputing it involves dissecting the packet, that means it doesn't let us avoid dissecting the packet.
The whole idea was to preserve the string or a list of protocol Id's so
at the expense of memory
filtering speed up may be possible.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
