4.2 - Scanner performance

The API for decoding packets has been designed from the ground up, to be able to utilize a native protocol scanner. JScanner class is a control class for the native scanner. Native in the sense that most of the logic of scanning a packet data buffer is implemented in native code.

The scanner has a scan() function written in C that scans the packet data using a function dispatch table. The table contains a scan function for every core protocol. The scan function looks up 2 things, the length of the header and the next protocol header that after it. The numerical protocol ID serves as the index into an array of these scan functions. Array lookups are much efficient in C than they are in java. Overall the scan loop is tight and efficient.

The information returned from a scan function is recorded a packet state structure which contains a list of header state structures. Only the offset and length are recorded on a per header basis. The scanner uses a fairly large internal buffer to store these state structures in. A new packet is assigned the next state structure until the scanner runs out of buffer space. Then it wraps around to the beginning of the buffer. So no mallocs and frees are necessary on a per packet basis. Only the the scanner itself is initialized or garbage collected.

The numerical ID assigned to each protocol is often used as an index into bit arrays and lookup tables. JScanner in conjunction with JRegistry which makes sure that each protocol header gets a unique numerical ID, make it possible to optimize protocol lookups and other operations.