Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Idea for faster dissection on second pas

From: Evan Huus <eapache@xxxxxxxxx>
Date: Thu, 10 Oct 2013 18:22:06 -0400
It might be simpler and almost as efficient to have
recently-successful heuristic dissectors bubble nearer to the top of
the list so they are tried sooner. Port/conversation lookups are
hash-tables for the most part and likely won't be made noticeably
faster by caching.

Evan

On Thu, Oct 10, 2013 at 4:22 PM, Anders Broman <a.broman@xxxxxxxxxxxx> wrote:
> Hi,
> If we in the UDP/TCP/(SCTP?) dissectors saved next dissector on the first
> pas in say per packet data we could avoid
> repeated calls to heuristic dissectors and port/conversation lookups making
> the second pas faster.
> Does any one see any pitfalls with this idea?
>
> I can think of two ways of implementing it:
> - A new entry in pinfo "previous protocol" or something like that.
> or
> - make dissector_try_uint(), dissector_try_heuristic(),
> try_conversation_dissector() return the protocol
> or NULL;
>
> The second is perhaps cleaner but requires more changes or we could make new
> functions
> dissector_try_heuristic_ret_proto() etc or something like that.
>
> Comments?
>
> Regards
> Anders
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe