On Wed, Oct 17, 2012 at 02:15:44PM -0700, Guy Harris wrote:
>
> On Oct 7, 2012, at 2:06 PM, Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> wrote:
>
> > Big plan is to remove two members from frame_data structure:
> > interface_id and opt_comment reducing size of frame_data structure from 128B to 112B
> > (on 64bits).
>
> Note that comments aren't stored solely in the file - the user might add, change, or remove comments, and not have saved the edited file yet
> - *but* 99 44/100% of packets probably *haven't* had their comment sets edited, so a separate data structure
> with entries only for those packets that *have* had their comment sets edited would probably suffice.
I want to use similar approach as I've done with edited frames - binary tree with frane number as key.
If you want, you can check unfinished version of patch @ http://www.wireshark.org/~darkjames/frame_data-cleanup/comment.patch
I'll probably add two bitfields to frame_data: has_file_comment, has_user_comment to avoid
reading file (cf_read_packet_comment()), and to avoid looking for comment in tree
(cf_read_packet_comment(), cf_read_frame_r())
Anyway we first need to fix wiretap readers, mainly pcap-ng.
I'm not familiar with it, but it looks like it'd be enough to change one line in pcapng_seek_read:
- wblock.packet_header = &wth->phdr;
+ wblock.packet_header = phdr;
Right?
