On May 2, 2011, at 12:38 PM, Jeff Morriss wrote:
> Would it be simpler (and more generic) to have a "cleanup"/EOF routine similar to the init mechanism but called as soon as we reach (the final) EOF (before the se memory is freed)?
What is "(the final) EOF"? In TShark, "we've reached the EOF" and "we're done dissecting the capture" happen at the same time, but in Wireshark, reaching the EOF when doing the sequential read is far from the end of dissection - a lot of per-session stuff can't be freed at the end of the sequential pass.
> It could also be used to indicate to things like TCP desegmentation that we've reached EOF so TCP could attempt to desegment things marked DESEGMENT_UNTIL_FIN even though we haven't seen a FIN (see bug 3785). Any memory held hoping for more packets (e.g., the last fragments for reassembly) could be freed at the end of the capture instead of waiting for the file to be closed.
A separate "cleanup" routine, called when the capture is closed, *before* the se_allocated memory is freed, might be useful...
...but it won't solve the problem you mention. *That* might well require an indication to be delivered *on* the last packet, rather than *after* the last packet, which makes it more complicated (especially in a live capture).
