Hi Paul,
Can you reproduce the slow behavior with tshark? If so, then it might be worth to run profiling tools against it with less noise from the GUI. For Linux you could use "perf" for example:
perf record -g dwarf tshark -r your.pcap
perf report
Add -D1000 to the perf record command (before tshark) to delay recording for 1000ms, skipping initialization. Be sure to have the debugging symbols for tshark and the plugin.
Don't know about a similar tool for windows though.
Kind regards,
Peter
https://lekensteyn.nl
(pardon my brevity, top-posting and formatting, sent from my phone)
On 16 October 2017 07:34:20 BST, Paul Offord <Paul.Offord@xxxxxxxxxxxx> wrote:
>Hi Roland,
>
>I’m only doing this for debugging purposes, and I accumulate the total
>time as each packet is dissected. To get the value as output I’ve put
>the printf in a cleanup routine that gets triggered when I close the
>trace file.
>
>Unfortunately, microsecond granularity is not going to do it. All
>start and end times produced by the code below are equal – giving an
>elapsed time of zero. I’ve been looking at Windows nanosecond timers
>but I’ll have to use C++ to get access to those.
>
>Best regards….Paul
>
>From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On
>Behalf Of Roland Knall
>Sent: 16 October 2017 05:38
>To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
>Subject: Re: [Wireshark-dev] Tips regarding measuring function
>execution times
>
>Keep in mind, that printf is by far one of the slowest functions.
>Additionally it slows also down the output as well. I'd recommend
>writing the times into a buffer and dumping them in intervalls, very
>much like the tap's work, otherwise what you see might not be what is
>happening on the network.
>
>cheers
>
>On Sun, Oct 15, 2017 at 11:15 PM, Paul Offord
><Paul.Offord@xxxxxxxxxxxx<mailto:Paul.Offord@xxxxxxxxxxxx>> wrote:
>Thanks to all for the tips. I’ll give it a go.
>
>From: Wireshark-dev
>[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx<mailto:wireshark-dev-bounces@xxxxxxxxxxxxx>]
>On Behalf Of Pascal Quantin
>Sent: 15 October 2017 21:50
>To: Developer support list for Wireshark
><wireshark-dev@xxxxxxxxxxxxx<mailto:wireshark-dev@xxxxxxxxxxxxx>>
>Subject: Re: [Wireshark-dev] Tips regarding measuring function
>execution times
>
>
>
>2017-10-15 22:40 GMT+02:00 João Valverde
><joao.valverde@xxxxxxxxxxxxxxxxxx<mailto:joao.valverde@xxxxxxxxxxxxxxxxxx>>:
>
>
>On 15-10-2017 21:32, Peter Wu wrote:
>On Sat, Oct 14, 2017 at 02:18:39PM +0000, Paul Offord wrote:
>I'm investigating a performance problem with the TRANSUM dissector.
>I'd like to measure the accumulated time taken to execute a function in
>a Release build. My basic idea is to do something like this:
>
>guint32 execute_time_us;
>.
>.
>start_stopwatch(&execute_time_us);
>function_call_to_be_measured();
>pause_stopwatch(&execute_time_us);
>
>.
>.
>.
>
>stop_and_output_stopwatch(&execute_time_us);
>
>Is there a standard way to do this in Wireshark? How can I output the
>accumulated time on, say, the Status Line?
>
>Not sure about the Status line question, but you can measure elapsed
>microseconds with something like:
>
> guint64 start_time, end_time;
>
> start_time = g_get_monotonic_time();
> // ...
> end_time = g_get_monotonic_time();
> // ...
> g_print("elapsed us: %" G_GUINT64_FORMAT, end_time - start_time);
>
>https://developer.gnome.org/glib/stable/glib-Date-and-Time-Functions.html#g-get-monotonic-time
>
>I think console output doesn't work on Windows for graphical
>applications, or something like that. There isn't a better standard
>mechanism for debug output in Wireshark, that I know of.
>
>You can make it appear with Edit -> Preferences -> Advanced -> change
>gui.console_open option to ALWAYS.
>
>Pascal.
>
>______________________________________________________________________
>
>This message contains confidential information and is intended only for
>the individual named. If you are not the named addressee you should not
>disseminate, distribute or copy this e-mail. Please notify the sender
>immediately by e-mail if you have received this e-mail by mistake and
>delete this e-mail from your system.
>
>Any views or opinions expressed are solely those of the author and do
>not necessarily represent those of Advance Seven Ltd. E-mail
>transmission cannot be guaranteed to be secure or error-free as
>information could be intercepted, corrupted, lost, destroyed, arrive
>late or incomplete, or contain viruses. The sender therefore does not
>accept liability for any errors or omissions in the contents of this
>message, which arise as a result of e-mail transmission.
>
>Advance Seven Ltd. Registered in England & Wales numbered 2373877 at
>Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
>
>______________________________________________________________________
>This email has been scanned by the Symantec Email Security.cloud
>service.
>For more information please visit http://www.symanteccloud.com
>______________________________________________________________________
>
>___________________________________________________________________________
>Sent via: Wireshark-dev mailing list
><wireshark-dev@xxxxxxxxxxxxx<mailto:wireshark-dev@xxxxxxxxxxxxx>>
>Archives: https://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>mailto:wireshark-dev-request@xxxxxxxxxxxxx<mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe
>
>
>______________________________________________________________________
>
>This message contains confidential information and is intended only for
>the individual named. If you are not the named addressee you should not
>disseminate, distribute or copy this e-mail. Please notify the sender
>immediately by e-mail if you have received this e-mail by mistake and
>delete this e-mail from your system.
>
>Any views or opinions expressed are solely those of the author and do
>not necessarily represent those of Advance Seven Ltd. E-mail
>transmission cannot be guaranteed to be secure or error-free as
>information could be intercepted, corrupted, lost, destroyed, arrive
>late or incomplete, or contain viruses. The sender therefore does not
>accept liability for any errors or omissions in the contents of this
>message, which arise as a result of e-mail transmission.
>
>Advance Seven Ltd. Registered in England & Wales numbered 2373877 at
>Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
>
>______________________________________________________________________
>This email has been scanned by the Symantec Email Security.cloud
>service.
>For more information please visit http://www.symanteccloud.com
>______________________________________________________________________
