Tim Wojtulewicz
Tim Wojtulewicz
I spent a little time looking at this today. It doesn't seem too much of a stretch to support dynamic update. DU is really just 4 sets of RRs passed...
Dynamic update is a collection of RRs, which leads to a question of what events should get sent from it. I'm already planning to add an event for each of...
There is https://github.com/IvanNardi/pl7m, but it only operates on the data inside the pcap not on the pcap structure itself.
The thing is that it would make fuzzing packet analyzers (or anything under L7) much harder, but weren't doing any of that anyways.
I worked on this a bit today. There's a changeset sitting on the `topic/timw/3915-unknown-ip-protocol` branch, if you want to play with it. It sets the protocol field to `unknown_transport` and...
> If so, would it be possible to at least decode the IP protocol from the port field(s) and display that in the proto field in logs? @awelzel and I...
We spent a long time talking about this as a team yesterday and this is where we landed - Add a new field to conn.log called `proto_id` that has the...
> From a user standpoint, I think I'd rather see `proto` in the conn log set to the IP proto and a flag to indicate that it is unconfirmed so...
> I think the first question anyone will want answered if they see unknown_transport is: what was the IP protocol? Requiring a configuration change to add that info doesn't seem...
Another couple of caveats with extending the `transport_proto` enum: - Protocol values 146-252 are considered "unassigned". Should there be entries for all of those? - If you're using preallocated `PortVal`...