Re: [DISCUSS]: PCAP Reader Improvements

Another though is to have an alternative (potential) map field for each possible protocol. Thus, you would have a map for the DNS protocol and a map for the ICMP and so on. This would allow each map to have a fixed format. On Sun, Sep 22, 2019 at 9:46 AM Charles Givre wrote: > Hi Ted, > EVF =

Re: [DISCUSS]: PCAP Reader Improvements

Hi Ted, EVF = Enhanced Vector Framework. Complete tutorial here: https://github.com/paul-rogers/drill/wiki/Developer%27s-Guide-to-the-Enhanced-Vector-Framework#basics-tutorial Basicall

Re: [DISCUSS]: PCAP Reader Improvements

This sounds amazing. Some questions. What is EVF? How can you deal with the problem of variant maps? On Sun, Sep 22, 2019, 7:55 AM Charles Givre wrote: > Hello all, > I'm contemplating some improvements to Drill's PCAP reader. Specifically, > I'd like for Drill to actually be able to parse s

[DISCUSS]: PCAP Reader Improvements

Hello all, I'm contemplating some improvements to Drill's PCAP reader. Specifically, I'd like for Drill to actually be able to parse some of the actual packet data. I was thinking of using KaiTai structs as a means to do so as they already have parsers for common packets. An example of this