Home page logo

wireshark logo Wireshark mailing list archives

Re: Memory consumption in tshark
From: Dario Lombardo <dario.lombardo.ml () gmail com>
Date: Thu, 29 Aug 2013 16:30:16 +0200

Running the same command as before (I mean without valgrind) with -n, I get
1.5G of memory consumption, as without -n.

That's quite useful actually: it looks like the majority of the memory is
being used to store address-resolution data from all of the DNS packets so
that if those IP addresses show up later we can resolve them immediately
(without having to ask the system name resolver).

It's a cache, isn't it?

It doesn't look like there's a way to disable this at the moment (I
believe we still store the names even if name resolution is disabled), but
it should be easy enough to fix. The add_ipv4_name and add_ipv6_name
functions should probably be no-ops if all name resolution is disabled.
Then simply passing the -n flag will greatly reduce your memory usage
(though it won't yet).

What about a circular buffer? Instead of storing all the resolution, you
could create a circular buffer of N resolutions. This should give you the
control of the maximum amount of ram eaten by this part of the code. Once
reached the maximum you could
- delete older entries
- delete newer entries
- keep the existing entries making the following through the resolver
Just an idea. Disabling resolution when -n is used is to be implemented
anyway IMHO.
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]