Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Memory consumption in tshark

From: Evan Huus <eapache@xxxxxxxxx>
Date: Wed, 28 Aug 2013 09:41:02 -0400

On Wed, Aug 28, 2013 at 9:31 AM, Dario Lombardo <dario.lombardo.ml@xxxxxxxxx> wrote:



On Wed, Aug 28, 2013 at 1:29 PM, Evan Huus <eapache@xxxxxxxxx> wrote:
It's dependant on platform and setup, but I'll assume a from-source build on Linux. In theory all you have to do is prefix your normal command with "libtool --mode=execute valgrind --tool=massif" and then the usual ./tshark etc.

Valgrind takes a bunch more memory though, so you'll almost certainly want to use editcap to split the capture, and then run this on just a subset.

It will produce an output file massif.out.PID which you can pass to the ms_print command for human-readable output. That output would be useful to us.

 
I'm attaching the output. I've run it on a 1GB pcap file.
 
Thanks, though I'm afraid I forgot something :(
We usually use the ./tools/valgrind-wireshark.sh script which sets a couple of environment variables to make the output more useful. I didn't mention it, because the helper script doesn't currently support extra flags (like the -Y and -w) you used. If you could set the following environment variables and run again, that would be appreciated:
export WIRESHARK_DEBUG_EP_NO_CHUNKS=
export WIRESHARK_DEBUG_SE_NO_CHUNKS=
export WIRESHARK_DEBUG_WMEM_OVERRIDE=simple
export G_SLICE=always-malloc

Alternatively, you could just run "./tools/valgrind-wireshark.sh -m capture.pcap". It will take care of all of the environment stuff, and the libtool prefix etc, but it won't run with the -w or -Y flags. I expect the output to be more-or-less the same, but I'm not sure of that.

Thanks again,
Evan

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe