On Tue, Apr 26, 2011 at 9:57 PM, Chris Maynard
<chris.maynard@xxxxxxxxx> wrote:
George Nychis <gnychis@...> writes:
> Another alternative, is to remove packet-smb* from the build.
In most cases, to remove unwanted protocol dissectors from the build, delete the
relevant packet-*.c files from epan/dissectors/Makefile.common's DISSECTOR_SRC.
Alternatively, you could just disable those protocols via "Analyze -> Enabled
Protocols", then uncheck all those that you don't want/need. This method does
not require recompiling Wireshark, but it doesn't prevent someone from
re-enabling them again, so if you want to avoid that, then you'll have to
recompile it.
If it could only be done somehow with some logical grouping... I do not need many, many protocols, but it's impossible to go and start unchecking all the irrelevant ones. Too many.
For example, I reckon I'll never meet ATM traffic, nor Appletalk, nor USB based, bluethooth or anything but normal Ethernet, IP and above (and yes, if somehow something was encapsulated above Etherenet, so I lost it, no big deal). Probably cost some in performance as well, especially for some of the heuristic ones.
I'm also unsure how much of a performance hit we get by having all those less used protocol fields in packet_info structure. Perhaps we should move all those to a dynamically allocated (if need access to) structure. Random example (from gssapi, which actually I see, but never decrypt):
guint16 decrypt_gssapi_tvb;
tvbuff_t *gssapi_wrap_tvb;
tvbuff_t *gssapi_encrypted_tvb;
tvbuff_t *gssapi_decrypted_tvb;
gboolean gssapi_data_encrypted;
(is packet_info even properly memory aligned with all those 'random' sized fields in it?!)
Y.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
