Wireshark · Ethereal-dev: Re: [Ethereal-dev] Ethereal optimizations (proposals)

Ethereal-dev: Re: [Ethereal-dev] Ethereal optimizations (proposals)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 1 Dec 2003 13:11:01 -0800


On Dec 1, 2003, at 11:09 AM, Biot Olivier wrote:

| Umm... do we really need a GtkCList?


We need some widget to display the packet list.

Whether it should be a GtkClist is another matter. I think that, atsome point, it shouldn't be, so that we *can* do the callback stuff.

 The most simple approach would be to
redissect the packets we have to display (get 1st matching packet;dissect
and display while not all visible packets are shown).

A callback-based list display widget could do that - the routine itcalled to get the column text and color information would dissect thepacket to get column data and, if there are color filters, build aprotocol tree as well and run the color filters on it.

| Another way to do that would be to have a widget where the row's text
| and color is determined when a row is drawn in the screen, by a
| callback.
If we know that we only have to display a limited number of rows(today's
computer monitors would not display more than 100 rows I think), we may
decide it is acceptable to redissect the visible rows for thecolorization.

It probably is acceptable. I infer from Microsoft Network Monitor'sbehavior and some of its internal APIs for dissectors that it worksthat way (with some callback scheme).

| The problem with any scheme that does stuff when a row is madevisible

| is that it'd require that the packet be dissected when its
| row is drawn
| - which would require that dissection to happen reasonably quickly,
| which would, in turn, require that the data for the packet be read
| reasonably quickly, meaning random access to the capture file be
| reasonably fast.

Ah. That's the major problem I think.

That's the major problem - another potential problem is that"g_node_append()" is, I think, linear in the length of the list towhich it's appending, which means that there's some N^2 behavior; thisshows up in some very big packets that take many many seconds to bedisssected.

Maybe we can save the decoding dictionary in a temporary file at thetime we
read the file?

What is the "decoding dictionary"? Do you mean the protocol trees forthe packets?

Follow-Ups:
- Re: [Ethereal-dev] Ethereal optimizations (proposals)
  - From: Ronnie Sahlberg

References:
- [Ethereal-dev] (no subject)
  - From: Biot Olivier

Prev by Date: [Ethereal-dev] Message statistics TAP for tethereal ANSI A-i/f
Next by Date: [Ethereal-dev] Patch to expose OPC/DPC from MTP3, SCCP preferences
Previous by thread: [Ethereal-dev] (no subject)
Next by thread: Re: [Ethereal-dev] Ethereal optimizations (proposals)
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$