pyreshark icon indicating copy to clipboard operation
pyreshark copied to clipboard

Published 20 hours ago verified publisher icon ashdnazg

Performance compare to Lua?

Open petersondrew opened this issue 9 years ago • 5 comments

Has anyone compared the performance of pyreshark to Lua when doing something more complicated than just field items? I know the PyFunctionItem callbacks will be slower, particularly when unpacking packets, but does anyone know if they're faster/slower than doing something similar in Lua? I'm aware that performance can vary, but I'm particularly curious if packet.unpack is going to be a performance bottleneck compared to a similar implementation in Lua.

petersondrew avatar Oct 19 '15 15:10 petersondrew

I know one critical area it is faster at, its way faster to develop in.

On Mon, Oct 19, 2015 at 10:11 AM, Drew Peterson [email protected] wrote:

Has anyone compared the performance of pyreshark to Lua when doing something more complicated than just field items? I know the PyFunctionItem callbacks will be slower, particularly when unpacking packets, but does anyone know if they're faster/slower than doing something similar in Lua? I'm aware that performance can vary, but I'm particularly curious if packet.unpack is going to be a performance bottleneck compared to a similar implementation in Lua.

— Reply to this email directly or view it on GitHub https://github.com/ashdnazg/pyreshark/issues/19.

officialhopsof avatar Oct 19 '15 15:10 officialhopsof

That definitely appears to be the case, especially if you're trying to migrate away from a dissector written in C as we are. Our main goal here is to find an alternative to writing our dissectors in C, to avoid the headaches of building Wireshark plugins on Windows, that still provides acceptable performance.

petersondrew avatar Oct 19 '15 15:10 petersondrew

I've used pyreshark and c to make a few different dissectors and I was able to handle a ton of data pretty well with pyreshark. We would have 100,000+ packets coming in every minute or so and I did have to instruct people to use a capture limit to get wireshark to perform in a reasonable way. That being said, for our purposes, this was acceptable. Something that might be worth trying is compiling the dissector with cython?

On Mon, Oct 19, 2015 at 10:30 AM, Drew Peterson [email protected] wrote:

That definitely appears to be the case, especially if you're trying to migrate away from a dissector written in C as we are. Our main goal here is to find an alternative to writing our dissectors in C, to avoid the headaches of building Wireshark plugins on Windows, that still provides acceptable performance.

— Reply to this email directly or view it on GitHub https://github.com/ashdnazg/pyreshark/issues/19#issuecomment-149250178.

officialhopsof avatar Oct 19 '15 15:10 officialhopsof

I don't have any empiric data but lua should be faster than PyFunctionItem and slower than regular items. I suspect it's not going to be extreme as long as you don't use exceptions or similar slow code.

if you reach any interesting conclusions, I'll be happy to hear :)

ashdnazg avatar Oct 19 '15 20:10 ashdnazg

Thanks for the input everyone, I'm pressing forward porting to pyreshark as much as I can. If the performance is not acceptable I'll give Lua a shot and return with findings :-)

petersondrew avatar Oct 19 '15 20:10 petersondrew