> Unfortunately, there's currently no way to look for a "header_field_info"
> structure by field name, so you can't just look up "tcp" (for the TCP
> protocol) to get a pointer to compare with "finfo->hfinfo" in your
> routine, nor can you look up:
>
> "tcp.hdr_len" header length of the TCP header
> "tcp.seq" TCP sequence number
> "tcp.ack" TCP acknowledgment number
> "tcp.flags.ack" TRUE if ACK is set, FALSE otherwise
>
So it is not possible to look up by name, but are these fields referred
to by any identifier? If so, would it be possible to look up these values?
> nor could you look up "ip" for the IP protocol, "ip.hdr_len" to get the
> IP header length, or "ip.len" to get the IP total length - there is
> nothing in the TCP tree to give the length of the TCP payload, so you'd
> have to look for the IP header as well, and compute the TCP payload
> length from the IP header and total length and the TCP header length.
>
> Note also that there may be more than one layer of IP, due to various
> forms of tunneling, so you'd have to get the IP header right *before*
> the TCP header to get the right IP header.
>
> We could probably introduce routines to do by-name lookups (and probably
> should, to make it possible to do things such as this); they probably
> won't be in the next Ethereal release, however (as that will be coming
> out soon), so you'd have to use the CVS version of Ethereal once those
> routines are checked in (there's no official timeline for this, nor is
> there an official commitment to add them), or wait for the release in
> which they appear (see previous parenthetical note), or be the person to
> introduce those routines (which might well speed up their arrival).
>
--
Phil Williams
e-mail to csypbw@xxxxxxxxxxxxxxxx
Mobile - 07968 261643
"Music is the answer" - Danny Tenaglia
