> Unfortunately, there's currently no way to look for a "header_field_info" > structure by field name, so you can't just look up "tcp" (for the TCP > protocol) to get a pointer to compare with "finfo->hfinfo" in your > routine, nor can you look up: > > "tcp.hdr_len" header length of the TCP header > "tcp.seq" TCP sequence number > "tcp.ack" TCP acknowledgment number > "tcp.flags.ack" TRUE if ACK is set, FALSE otherwise >
So it is not possible to look up by name, but are these fields referred to by any identifier? If so, would it be possible to look up these values? > nor could you look up "ip" for the IP protocol, "ip.hdr_len" to get the > IP header length, or "ip.len" to get the IP total length - there is > nothing in the TCP tree to give the length of the TCP payload, so you'd > have to look for the IP header as well, and compute the TCP payload > length from the IP header and total length and the TCP header length. > > Note also that there may be more than one layer of IP, due to various > forms of tunneling, so you'd have to get the IP header right *before* > the TCP header to get the right IP header. > > We could probably introduce routines to do by-name lookups (and probably > should, to make it possible to do things such as this); they probably > won't be in the next Ethereal release, however (as that will be coming > out soon), so you'd have to use the CVS version of Ethereal once those > routines are checked in (there's no official timeline for this, nor is > there an official commitment to add them), or wait for the release in > which they appear (see previous parenthetical note), or be the person to > introduce those routines (which might well speed up their arrival). > -- Phil Williams e-mail to [EMAIL PROTECTED] Mobile - 07968 261643 "Music is the answer" - Danny Tenaglia
