On Sep 28, 2012, at 7:47 AM, robert.bullen@xxxxxxxxxx wrote:
> I build Wireshark for Windows without zlib. It works faster, but I think that is more the result of consuming less memory than an actual speed increase.
At least with the new compressed-file code as of 1.6, it shouldn't consume more memory (other than for zlib itself, which shouldn't be invoked for uncompressed files except when the file is opened, and maybe for a few data structure members) for an uncompressed file. If it's doing that, file a bug.
> In addition, it allows files larger than 2 GB to be read (at least that used to be a reason; not sure if it is still valid).
That should be fixed in the Wiretap library as of 1.6 - the new code for reading files doesn't use the zlib I/O routines, and uses routines that should support 64-bit file offsets if the underlying OS does (which includes 64-bit platforms and, I think, most if not all recent versions of various UN*Xes, and NT versions of Windows).
However, a file larger than 2GB might has enough packets that the frame_data structures might fill up a 32-bit address space, and there's a bug, fixed only recently, where, at least on Windows, we were imposing 32-bit limits on 64-bit address spaces.
