> -----Original Message-----
> From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
> Sent: Tuesday, July 25, 2017 7:06 PM
> To: Sultan, Hassan <sultah@xxxxxxxxxx>
> Cc: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
> Subject: "[UNVERIFIED SENDER]Re: "[UNVERIFIED SENDER]Re: [Wireshark-dev]
> Hierarchy of fields & offsets
>
> On Jul 25, 2017, at 5:58 PM, Sultan, Hassan <sultah@xxxxxxxxxx> wrote:
>
...
> For people in the former group, the right way to do the field would be as an
> FT_NONE, with the three items underneath it, and with the FT_NONE item being
> composed of two disconnected ranges. The blob data itself could just be
> dissected as NTLMSSP or GSSAPI, without an FT_BYTES field; the top-level
> protocol item should have all the blob's data in it.
>
> For people in the latter group, the right way to do it would be to have separate
> fields for the length and offset, not under the item for the security blob, with the
> security blob as a separate item - which, again, could just be NTLMSSP or
> GSSAPI, without an FT_BYTES field.
Ok cool, would anyone object if I submitted a patch moving them out of the blob ?
Thanks,
Hassan
