Wireshark-dev: Re: [Wireshark-dev] "[UNVERIFIED SENDER]Re: "[UNVERIFIED SENDER]Re: Hierarchy of
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Sultan, Hassan" <sultah@xxxxxxxxxx>
Date: Thu, 27 Jul 2017 17:38:42 +0000

> -----Original Message-----
> From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
> Sent: Tuesday, July 25, 2017 7:06 PM
> To: Sultan, Hassan <sultah@xxxxxxxxxx>
> Cc: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
> Subject: "[UNVERIFIED SENDER]Re: "[UNVERIFIED SENDER]Re: [Wireshark-dev]
> Hierarchy of fields & offsets
> 
> On Jul 25, 2017, at 5:58 PM, Sultan, Hassan <sultah@xxxxxxxxxx> wrote:
> 
...
> For people in the former group, the right way to do the field would be as an
> FT_NONE, with the three items underneath it, and with the FT_NONE item being
> composed of two disconnected ranges.  The blob data itself could just be
> dissected as NTLMSSP or GSSAPI, without an FT_BYTES field; the top-level
> protocol item should have all the blob's data in it.
> 
> For people in the latter group, the right way to do it would be to have separate
> fields for the length and offset, not under the item for the security blob, with the
> security blob as a separate item - which, again, could just be NTLMSSP or
> GSSAPI, without an FT_BYTES field.

Ok cool, would anyone object if I submitted a patch moving them out of the blob ?

Thanks,

Hassan