Hi,
Some random ideas that some one with unlimited time on their hands could dig
into :-)
Seriously - I thought I'd just scribble down some things I've idly been
thinking about to see if it spurs any interest in implementing them or why it's
a bad idea.
If any one is interested in any of the items listed and wants to continue the
discussion break that out in a separate email. Feel free to add to the list.
Reduce Memory usage:
- In frame_data.h it should be possible to cut down on the nstime_t structures
by only having abs_ts and the others could be offsets to that or something
similar thus saving a couple of bytes per packet.
- In the reassembly routines If I remember correctly, I might be wrong I think
we may waste memory for TCP. Fragments and reassembled fragments?
- It might be possible to store file pointer and length rather than the
fragment data and read in that data when needed.
Filtering:
- We have a string with per packet protocols, could that string be saved and
used in filtering - don't dissect the packet if it does not contain the
filtered protocol.
Pcap-ng
- The defined blocks are capture oriented should we define some analysis
re-saving oriented ones.
- UDP/TCP/SCTP... port map similar to the NRB (think decode as)
- Read filter used ( save filtered trace)
- File history ( saved file A as B (using read filter X) ...)
- ...
https://www.winpcap.org/mailman/listinfo/pcap-ng-format
Features
- Ability to edit conversations protocol data, make it possible to edit or add
data to a conversation after own analysis.
:
Best regards
Anders
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
