Based on the following, and other things in the captures:
const AF_INET = 0x02;
const AF_INET6 = 0x17;
Protocol DnsCache = FormatString("Record Count = %d\n", Count)
{
UINT32 Version;
UINT32 Count;
struct Record[Count] = FormatString("%s = %s",Name, Type ==
AF_INET ? Ipv4Address.ToString : Ipv6Address.ToString)
{
[DataFieldByteOrder = LittleEndian]
UnicodeString Name;
UINT16 Type;
switch(Type)
{
case AF_INET:
[Global.NameTable$[Ipv4Address] = Name]
Ipv4Address Ipv4Address;
case AF_INET6:
[Global.NameTable$[Ipv6Address] = Name]
Ipv6Address Ipv6Address;
}
}
}
There can be multiple protocol definitions in an nml file, there can
be multiple constant definitions, and there can be multiple Structs
and Tables. In some sense, Structs and Protocols seem interchangeable.
In addition, it would seem from the stuff just above, that dissection
of a frame/object can have side effects. For example, the
[Global.NameTable$[Ipv4Address] = Name]. In addition, there are
several name spaces.
Also, as far as the grammar is concerned, I would try to treat:
[DataFieldByteOrder = LittleEndian]
UnicodeString Name;
as one grammatical item with [blah = blah, xxx] being an optional
prefix to a field definition.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
