On 3/23/09, didier <dgautheron@xxxxxxxx> wrote:
> There's still some small stuff which could go but It would only improve
> wireshark speed by 20-40%, I'm not sure it's worth the time.
Even that would be worth it, I think ...
> A big change is the per packet protocols bitfield but even if it's in
> rather good shape it triggers a lot of existing bugs in dissectors,
> breaks plugins (I changed hfinfo structure) and so on.
>
> The last change is the packet list but it's a ugly hack and needs a lot
> of work.
>
> On the other hand I don't know if Wireshark speed is a problem for most
> users, for a trace with a couple of ten thousand packets its current
> speed is ok.
>
> Maybe it's a prejudice, at first I thought that running Wireshark on
> captures with millions packets was stupid, about using the right tool
> and so on, but it's surprisingly useful.
I routinely deal with captures with millions of packets, and would
love it if Wireshark was quicker. When I looked at these issues back
in 2003 or thereabouts there was lots of low hanging fruit. However,
these days I lack the time to look into these issues.
--
Regards,
Richard Sharpe