Wireshark · Wireshark-dev: Re: [Wireshark-dev] Performance degradation in trunk

Wireshark-dev: Re: [Wireshark-dev] Performance degradation in trunk

Date: Thu, 12 Sep 2013 10:07:32 -0400

P.P.S. The 1.8 profile didn't include debug symbols for Wireshark, so it wasn't as useful as I'd hoped. If my guess isn't correct and you generate a new profile for 1.8, please install the -dev and -dbg packages for wireshark, libwireshark etc so that the profile contains human-readable symbols.

On Thu, Sep 12, 2013 at 10:02 AM, Evan Huus <eapache@xxxxxxxxx> wrote:

Alright, so there isn't a clear culprit, but there's a good chance it's the heuristics for STUN - after 1.8 a conversation lookup was added (r44068), and that uses a g_hash_table. The only major difference between the two profiles that I found was a significant increase in calls to g_hash_table_lookup from the conversation code.

If you don't need STUN decoding, try disabling its heuristic (there's no preference, but just commenting out the heur_dissector_add call should work) and see if that improves things.

If that doesn't work I'm not sure what the problem could be.

Evan

PS the new name-resolution code also uses g_hash_tables now, but the call source is comparatively small next to the conversation code, so I don't think that's the problem. It may be worth trying a 1.10 build as well though, just for comparison (since that will have the STUN changes but not the name-resolution changes).

On Thu, Sep 12, 2013 at 9:40 AM, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:

File from tshark 1.8.2
/Anders

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: den 12 september 2013 14:54
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Performance degradation in trunk

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Evan Huus
Sent: den 12 september 2013 13:15
To: balint@xxxxxxxxxxxxxxx; Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Performance degradation in trunk

On 2013-09-12, at 5:40 AM, Bálint Réczey <balint@xxxxxxxxxxxxxxx> wrote:

>> Could they analyze perf results or run git bisect to find the point
>> when the degradation started?

>Since this is on Ubuntu (which can run valgrind) just use the -p option to tools/valgrind-wireshark.sh and it will produce a performance profile. Do that for >both builds and we'll have something to work with.
>
>Evan

Here's the output from "trunk", how do you get anything useful from it?
/Anders

>PS I suspect some new heuristic dissector has been introduced, since none of the other changes from 1.8 to trunk are likely to have such a significant >performance impact.

> Cheers,
> Balint
>
> 2013/9/12 Anders Broman <anders.broman@xxxxxxxxxxxx>:
>> Hi,
>>
>> I recently supplied some people with an internal build from recent
>> trunk and got complaints on performance. Switching back
>>
>> To the default Wireshark on the Ubuntu 13.04 system 1.8.2 reading of
>> a 400M trace file with SIP Diameter etc traffic is more than twice as fast.
>>
>> Regards
>>
>> Anders
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-dev] Performance degradation in trunk
  - From: Anders Broman
- Re: [Wireshark-dev] Performance degradation in trunk
  - From: Bálint Réczey
- Re: [Wireshark-dev] Performance degradation in trunk
  - From: Evan Huus
- Re: [Wireshark-dev] Performance degradation in trunk
  - From: Anders Broman
- Re: [Wireshark-dev] Performance degradation in trunk
  - From: Anders Broman
- Re: [Wireshark-dev] Performance degradation in trunk
  - From: Evan Huus

Prev by Date: Re: [Wireshark-dev] custom plugin (*.dll) is not working at plugin configured path %WIRESHARK%\plugins\<version>
Next by Date: [Wireshark-dev] Question regarding emem -> wmem conversion
Previous by thread: Re: [Wireshark-dev] Performance degradation in trunk
Next by thread: [Wireshark-dev] custom plugin (*.dll) is not working at plugin configured path %WIRESHARK%\plugins\<version>
Index(es):
- Date
- Thread