On Oct 10, 2013, at 10:22 PM, Anders Broman <a.broman@xxxxxxxxxxxx> wrote:
> Hi,
> If we in the UDP/TCP/(SCTP?) dissectors saved next dissector on the first pas in say per packet data we could avoid
> repeated calls to heuristic dissectors and port/conversation lookups making the second pas faster.
> Does any one see any pitfalls with this idea?
>
> I can think of two ways of implementing it:
> - A new entry in pinfo "previous protocol" or something like that.
> or
> - make dissector_try_uint(), dissector_try_heuristic(), try_conversation_dissector() return the protocol
> or NULL;
>
> The second is perhaps cleaner but requires more changes or we could make new functions
> dissector_try_heuristic_ret_proto() etc or something like that.
>
> Comments?
SCTP might have multiple "next dissectors", one for each data chunk...
Best regards
Michael
>
> Regards
> Anders
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
