First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How do I clean up dissect values

I have a custom dissect that I have stored values from the capture that are only valid for that capture. So, how do you clean up(reset) all that values stored on close of capture, start of new capture, or opening another capture?

is there a routine that I can register so that when the user closes a capture, starts a new capture or opens a different capture that the all the stored values can be cleared.

gary.barnes.az's avatar
1
gary.barnes.az
asked 2021-04-21 23:09:25 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Are we talking about storing values in memory? If so, have you had a look at https://gitlab.com/wireshark/wireshar... ? Especially the wmem_file_scope() pool.

Uli's avatar Uli (2021-04-22 06:27:42 +0000) edit
more
  • delete

Kind of. Wireshark has built-in two types of delta times, one the delta between consecutive line items and then the other is the delta time between two consecutive displayed line items. Both of which are determined from the timestamp that wireshark places on the received item. The payload of my dissected item contains a timestamp of when the payload was generated. To then determine the delta time of the generated item I need to store the payload timestamps for each line, additionally I need to store the sequence for each type of payload so that I can reference the previous item's entry. Now that part is easy, however I now want to open/start a new capture and all the stored references are still known. So when the capture is closed, opening a new capture, or starting a new capture I need to clear all the previously recorded entries ... (more)

gary.barnes.az's avatar gary.barnes.az (2021-04-22 15:23:07 +0000) edit
more
  • delete

When creating a custom dissector an entry point must be registered, is there also an associated clean-up method for when the capture is closed?

gary.barnes.az's avatar gary.barnes.az (2021-04-22 15:26:34 +0000) edit
more
  • delete

I'm not sure this is the correct approach, this sounds more like conversation data for your dissector. See the section on conversations in doc/README.dissector.

grahamb's avatar grahamb (2021-04-22 19:59:21 +0000) edit
more
  • delete

After reading through the doc/README.dissector, it appears that while what am trying to accomplish is technically a conversation the methods used are for values found in the network stack and not within the payload of the data. All of the data that is being tracked, except port, is found in the payload. Such as is this packet a transmitted or received message, what type of decoding will be needed, is it a heartbeat, etc.... Then the internal timestamp of the message, and specific message types found after dissect. None of that information is known in pinfo, the timestamp that is returned by a conversation appear to be from when wireshark received the packet and not when was the packet generated.

Or am I missing something? Such as, each of these items that are keys to the computing of value are stored as fields during the tvb dissect. So ... (more)

gary.barnes.az's avatar gary.barnes.az (2021-04-23 17:50:02 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

register_cleanup_routine(func) appears to be the method. I am coding it up to validate.

gary.barnes.az's avatar
1
gary.barnes.az
answered 2021-04-22 18:44:40 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer