As a part of a study project we did a performance comparison between Wireshark Plugins written in C and written in Lua. According to the Wireshark Development guide the Lua plugins are only used for proof of concept code because the C plugins are faster. This post aims to clarify how big this performance gap is.
To compare Lua and C we used our own protocol called “calculation protocol”. With this protocol you can send calculation requests to a server which will execute this request and send the calculated value back to the sender. To make sure no network time does affect our measures, we run server and client on the same system and talked over localhost. You can furthermore split our test in two groups. In the first group we did the test by compiling the entire Wireshark source code with the gcc -O2 option (compiler option). This option is the standard option in Wireshark. In the second group we compiled Wireshark again but with -O3 which is a more complex compiler optimization. In the next figure you can see the results for the first group of tests. In test 1 and 3 we used a .pcab file containing approximately 500.000 packages. In test 2 and 4 we used 1.000.000 packages instead. In test 3 and 4 the output on the console is piped to /dev/null. The time in both figures is measured in seconds.
The next figure shows the results for the -O3 compiler optimization option. Interestingly this compiler options did also affect the Lua plugin but after all the compiler optimization -O3 does not give us a big performance improvement.
As a conclusion the C plugins are in our example approximately 32% faster than thee Lua version. However developing in C means more overhead because you need to clone the entire Wireshark repository and compile it before you can start programming your plugin. Besides, for the most of us programming in C often result in a longer development time.