Guy Harris wrote:
On Fri, May 02, 2003 at 10:51:05PM +0200, Matthijs Melchior wrote:
There is one problem left. All my test cases start correctly with
a top level pdu. I cannot expect that to happen when I look at a
live data stream. I will need some way to give ethereal a hint as
to where in the first packet of a capture it is reasonable to start
parsing.
Ronnie Sahlberg added some stuff that might at least partially allow
that, and might be the basis for code to allow more of it.
If the dissector isn't heuristic, but could scan through a TCP segment
and decide where in that segment a packet for its protocol begins, that
would probably be fairly straightforward to handle (and Ronnie's changes
might already allow that).
....
Well, I have found something that sort-of works. If the tcp packet is
not reassebled, then parsing begins at a specified offset. In my testing
samples, this is always the first packet..., but if the pdu's fit exactly
then it could occur elswhere, isn't it...
When 0.9.12 is available I will try to find Ronnie Sahlberg's stuff...
Well, BER encoding has little redundancy and that makes it very difficult
to distinguish meta data from real data. With knowledge of the contents
of the pdu's in my current samples I can point to pdu start positions,
but that is certainly not generally applcable.
And, as a first aproximation, I think my current mechanism is acceptable,
and remains a candidate for improvement, if we know how.
Thanks.
--
Regards,
---------------------------------------------------------------- -o)
Matthijs Melchior Maarssen /\\
mmelchior@xxxxxxxxx Netherlands _\_v
---------------------------------------------------------------- ----
