On Apr 19, 2017, at 4:47 AM, Roland Knall <[email protected]> wrote:
> Generally speaking we can divide new protocol languages in two different
> classes:
>
> - interpreting ones
> - compiled ones
>
> The interpreting class has LUA and wsgd as representative. They have their
> benefits, but I do not really like the approach of interpreting at runtime.
And I *do* like it, as
1) it means you don't need a C/C++ compiler in order to add protocol
support;
2) there are some interesting optimization possibilities - if, for
example, you're dissecting only to run some filter on the packets, interpretive
code could be modified so as to skip over most packet fields, looking only at
those 1) used in the filter or 2) needed in order to figure out how the packet
is organized in memory (fields that give the length of other fields, fields
specifying the type of a structure, etc.);
3) the bytecode for the protocol can be "loaded on demand", which might
speed up startup;
4) if the interpreter can fit in the L1 cache, and keep most of its
state in registers, it might run reasonably fast.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
