Wireshark-dev: Re: [Wireshark-dev] Filebacked-tvbuffs : GSoC'13
From: Jeff Morriss <[email protected]>
Date: Wed, 01 May 2013 16:25:44 -0400
On 05/01/13 12:16, Anders Broman wrote:
Ambarisha B skrev 2013-05-01 17:01:
On Thu, Apr 25, 2013 at 7:34 PM, Jeff Morriss
<[email protected] <mailto:[email protected]>> wrote:
[...]
 >What will this data member contain in case of a reassembly
implementation which uses file backed tvbuffs?

file pointer(s) and length

It may be problematic to obtain the fragments from the original file in
case it is gziped or if the fragments are
parts of decrypted packets so writing to a new file might be the best
option.
gzip'd files shouldn't be much of a problem now: we have (reasonably) 
fast random access to them.  (Whether the same can be said for bzip'd 
files[1] is another matter.)
Decrypted packets are a problem with this approach, however.  I don't 
know how common they are in practice to know how much they should impact 
the design.
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8563