On Jan 14, 2004, at 5:52 PM, Richard Sharpe wrote:
He uses tethereal with the SQL patch to store info in MySQL and then
does
lots of interesting postprocessing on the data. He claims that they can
process at about 30Mbps, and, using 0.9.16, experiences something like
a
300% speed improvement if he removes all but the half-dozen protocols
they
are interested in and the protocols required to reach those protocols.
Because it just doesn't bother calling their dissectors, but just
dissects them as data?
So what they really want is a way to prevent particular dissectors from
handing anything off to subdissectors. That *could* be done at startup
time, but I could also imagine somebody wanting to dynamically turn off
handoff from some particular protocol *and* turn it on again, so that
they could, for example, look at a trace purely from the standpoint of
TCP and then turn handoff from TCP back on again.
The various handoff routines currently don't know what dissector is
doing the handoff; that could be changed in a couple of ways:
1) make it an explicit argument;
2) keep that information in the "packet_info" structure.
The former requires API changes; the latter wouldn't, as the handoff
routines could maintain that, just as they maintain the "current_proto"
member of the "packet_info" structure. (It'd require changes in those
few places where handoff isn't done with handoff routines - those could
be found by looking for places where "pinfo->current_proto" is
changed.)
