Introduction

In the context of a recent study project, our team conducted a comprehensive performance analysis comparing Wireshark Plugins written in C with those written in Lua. The Wireshark Development guide indicates that Lua plugins are primarily intended for proof of concept code, given the superior speed of C plugins. This study aims to elucidate the extent of this performance discrepancy.

Introduction

In the context of a recent study project, our team conducted a comprehensive performance analysis comparing Wireshark Plugins written in C with those written in Lua. The Wireshark Development guide indicates that Lua plugins are primarily intended for proof of concept code, given the superior speed of C plugins. This study aims to elucidate the extent of this performance discrepancy.

To facilitate a fair comparison between Lua and C, we designed a custom protocol named the “calculation protocol.” This protocol enables the transmission of calculation requests to a server, which processes these requests and sends back the computed values to the sender. To ensure that our measurements were not influenced by network latency, we executed both the server and client on the same system, communicating via localhost.

Our testing approach can be categorized into two groups. In the first group, we conducted tests by compiling the entire Wireshark source code using the standard gcc -O2 (compiler option). In the second group, we recompiled Wireshark with the more intricate compiler optimization -O3.

The following findings are based on the first group of tests. Test 1 and 3 utilized a .pcab file containing approximately 500,000 packages, while test 2 and 4 were conducted with 1,000,000 packages. For test 3 and 4, the output on the console was directed to /dev/null. The time results, presented in seconds, are depicted in the figure below.

wireshark_performance_o2_new

Performance Comparison (Compiler optimization -O2)

Upon evaluating the results for the -O3 compiler optimization option, we observed that this compiler option also impacted the Lua plugin. However, despite the comprehensive -O3 optimization, the performance gain was not significant. The C plugins outperformed the Lua version by approximately 32% in our study.

wireshark_performance_o3_new

Performance Comparision (Compiler optimization -O3)

Nevertheless, it’s important to note that developing in C involves additional overhead, as it requires cloning the entire Wireshark repository and compiling it before initiating plugin development. Moreover, for many developers, programming in C often translates to a longer development cycle.