On Fri, Apr 29, 2011 at 12:55:34AM -0700, Guy Harris wrote:
> On Apr 29, 2011, at 12:52 AM, Jakub Zawadzki wrote:
>
> > Actually we still can do transparent access, but only when BLOCK is not
> > inside
> > middle of byte.
>
> Does that mean "we can still do fast random access to all gzipped files, but
> we have to change the way we choose when to start a new block", or does it
> mean "we can't do fast random access to some gzipped files"?
Sorry, don't know.
In *one* pcap file (ratio: 1.187):
I have 2346 blocks (avg. every 37KB) from which 268 (avg. every 330KB) has
bits=0.
330 KB is still below SPAN constant (1MiB).
(I can send C program to calculate these values for given gzip file)
But honestly, I don't care, if someone need it he can:
1/ update zlib.
2/ Write his own compressor and pass to deflate(..., flush):
a/ Z_FINISH (and write new gzip header -- wiretap will always make a fast
seek point).
And random access will work also without
inflateSetDictionary.
b/ Z_FULL_FLUSH, Z_SYNC_FLUSH (which should align block to byte boundary)
every N bytes like he want (but N >= SPAN)
By using Z_FULL_FLUSH it should also be possible to
have random access without inflateSetDictionary.
> Note that we also use inflateSetDictionary(), which appears to have been
> added in 1.2.2.1 (31 October 2004).
I'm aware, should I commit patch for it? (or wait when wiretap fails to build
to someone?)
Btw. from zlib page:
Version 1.2.3 (July 2005) eliminates potential security vulnerabilities in
zlib 1.2.1 and 1.2.2, so all users of those versions should ***upgrade
immediately***
So maybe it's good (read: safer for user) if wireshark fails to build with zlib
support? :-)
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
