Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Incomplete Filtering optimisation technique

From: Sidhant Bansal <sidhbansal@xxxxxxxxx>
Date: Thu, 4 Jun 2020 14:33:18 +0800
There is this old thread discussing a filtering optimisation here(https://www.wireshark.org/lists/wireshark-dev/200903/msg00182.html) and here(https://wiki.wireshark.org/Development/FastFiltering)

I am facing speed bottleneck when dealing with large capture files (> 100 MB) and running filter on them. I realised that this filtration optimisation could help me in my use-case however I believe the thread went dead a few years back and it wasn't merged into the master eventually.

From a glance on the design of wireshark, it seems to be reasonably different from what is used to be when this patch was created, so merging this patch in today;s date seems no longer an easy task.

We can even try to do some sort of filtration results caching at opcode instructions level in the DFVM.

Just want to hear people's thoughts about wether they know what happened to FastFiltering and if not, then what do they think about it (in terms of real-life benefits and technical details about the implementation, for example relying on a 3rd party SAT solver ?)
Would love to hear any other suggestions / approaches which I could look into to speed up the filtering process.

Sidhant.