Re: Exporting FTP objects

[Richard Sharpe <realrichardsharpe () gmail com>]

On Tue, Dec 14, 2021 at 9:34 AM Moshe Kaplan <mosheekaplan () gmail com> wrote:
> Good afternoon,
>
> I've been working on MR 1611 for exporting FTP objects. One of the complexities is that because the transmitted FTP 
> files are spread across multiple "packets", they need to be reassembled by the export objects 'tap' into a single 
> block of contiguous memory, so they can be exported. In the MR's current implementation, this is done by appending 
> the data from each ftp-data packet as it is received.
>
> Martin Mathieson commented here:
> "I would still like to hear more opinions on whether we should export data that isn't re-ordered/reassembled. I've 
> unfortunately missed the past couple of developer dens. Maybe ask on the dev list about whether it would be confuse 
> people, and if it would, whether there are ideas on how to do it?"
>
> Does anyone have any suggestions as to how to best deal with the problem of reordered packets?

I suspect you are going to have to maintain a data structure that
allows you to reassemble them, but you probably knew that.

How about a data structure (perhaps a hash indexed by starting
sequence number) with the ending seq number or length and pointer to
the data and a more-data flag or something.

Then, when you have all the data you can index into the hash table by
starting sequence number starting at 1.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe