-----Original Message----- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Evan Huus Sent: den 11 oktober 2013 16:37 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Idea for faster dissection on second pas
On Fri, Oct 11, 2013 at 9:22 AM, Jeff Morriss <jeff.morriss...@gmail.com> wrote: >> On 10/10/13 18:22, Evan Huus wrote: >>> >>> It might be simpler and almost as efficient to have >>> recently-successful heuristic dissectors bubble nearer to the top of >>> the list so they are tried sooner. Port/conversation lookups are >>> hash-tables for the most part and likely won't be made noticeably >>> faster by caching. >> >> >> Wouldn't that expose us to the risk that the dissection actually >> changes on the 2nd pass (because the call order of the heuristics >> changes)? That would look pretty weird... > >If there are heuristic false positives than there isn't much we can do besides >make the individual heuristics better. If the port lookup isn't effective >because >you know the ports don't line up, you can select the "Try heuristics >first" option which should help at least a little. Not really as the RTP dissector is weak and defaulted off and I'm only interested in performance improvements at this point. But it brings up a question; some of the heuristic dissectors are for "unusual" protocols and not perfect and some of the "port" dissectors Are registered in the epithermal port range (I think) should we default those to off? > >Only if two heuristics match the same packet, which is, theoretically, a bug >since they can't both be right. Yes but that's the name of the game for heuristics, isn't it? Regards Anders ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
