On 05/01/13 12:16, Anders Broman wrote:
Ambarisha B skrev 2013-05-01 17:01:
On Thu, Apr 25, 2013 at 7:34 PM, Jeff Morriss
<jeff.morriss.ws@xxxxxxxxx <mailto:jeff.morriss.ws@xxxxxxxxx>> wrote:
[...]
>What will this data member contain in case of a reassembly
implementation which uses file backed tvbuffs?
file pointer(s) and length
It may be problematic to obtain the fragments from the original file in
case it is gziped or if the fragments are
parts of decrypted packets so writing to a new file might be the best
option.
gzip'd files shouldn't be much of a problem now: we have (reasonably)
fast random access to them. (Whether the same can be said for bzip'd
files[1] is another matter.)
Decrypted packets are a problem with this approach, however. I don't
know how common they are in practice to know how much they should impact
the design.
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8563
