How do I clean up dissect values
I have a custom dissect that I have stored values from the capture that are only valid for that capture. So, how do you clean up(reset) all that values stored on close of capture, start of new capture, or opening another capture?
is there a routine that I can register so that when the user closes a capture, starts a new capture or opens a different capture that the all the stored values can be cleared.
Are we talking about storing values in memory? If so, have you had a look at https://gitlab.com/wireshark/wireshar... ? Especially the wmem_file_scope() pool.
Kind of. Wireshark has built-in two types of delta times, one the delta between consecutive line items and then the other is the delta time between two consecutive displayed line items. Both of which are determined from the timestamp that wireshark places on the received item. The payload of my dissected item contains a timestamp of when the payload was generated. To then determine the delta time of the generated item I need to store the payload timestamps for each line, additionally I need to store the sequence for each type of payload so that I can reference the previous item's entry. Now that part is easy, however I now want to open/start a new capture and all the stored references are still known. So when the capture is closed, opening a new capture, or starting a new capture I need to clear all the previously recorded entries ...(more)
When creating a custom dissector an entry point must be registered, is there also an associated clean-up method for when the capture is closed?
I'm not sure this is the correct approach, this sounds more like conversation data for your dissector. See the section on conversations in doc/README.dissector.
After reading through the doc/README.dissector, it appears that while what am trying to accomplish is technically a conversation the methods used are for values found in the network stack and not within the payload of the data. All of the data that is being tracked, except port, is found in the payload. Such as is this packet a transmitted or received message, what type of decoding will be needed, is it a heartbeat, etc.... Then the internal timestamp of the message, and specific message types found after dissect. None of that information is known in pinfo, the timestamp that is returned by a conversation appear to be from when wireshark received the packet and not when was the packet generated.
Or am I missing something? Such as, each of these items that are keys to the computing of value are stored as fields during the tvb dissect. So ...(more)