thx for reply Guy and Happy New Year, but tcp session is closed properly (wget download quit properly) maybe add parameter for freeing memory after tcp fin/reset ? and maybe add memory parameter alloc limit ? (icmp/udp/ipproto and others) Best Regards Rmkml
>On Sat, 13 Jan 2007, Guy Harris wrote: >> rmkml wrote: >> Im use tshark v0.99.4 on linux kernel2619 and libc232 >> and I have memory question, >> when I start tshark (with -ta -ni eth0), I download iso (~700Mo) for >> example, tshark alloc ~220Mo, but never freeing memory (same alloc after >> ten minutes after download), why tshark not freeing memory ? >Because it doesn't know it won't need it any more. >The exact same code (the exact same *binary* code) is used for Wireshark >and TShark dissectors. >In Wireshark, various data structures maintained by dissectors are kept >around as long as a capture file is open, as they might be needed in >order to re-dissect particular packets. Even in TShark, a data >structure might be needed to dissect packets later in a capture. >(tcpdump, by default, also keeps some data structures around - a >per-TCP-connection data structure, so it can print relative sequence >numbers.) >The biggest consumer of memory is packet reassembly; for that, it could >conceivably release the memory once the reassembled data is fully >processed, but there's currently no way for the reassembly code to know >that the reassembled data won't be used in the future, as would be the >case in Wireshark. That might be added at some point. (If Wireshark >could be assured that fast random access to capture files is possible, >it could re-read the packet fragments if, after the first pass through >the packet data, a reassembled packet is needed.) _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
