Hello all, I'm contemplating some improvements to Drill's PCAP reader. Specifically, I'd like for Drill to actually be able to parse some of the actual packet data. I was thinking of using KaiTai structs as a means to do so as they already have parsers for common packets. An example of this is the DNS parser (https://formats.kaitai.io/dns_packet/java.html)
I was thinking of doing the following: 1. Converting the PCAP plugin to use the EVF framework. 2. Including a config option to turn the parsing on/off 3. Having the appropriate parser read and parse the data and store it into a Drill map. Does anyone have any comments or thoughts on the matter? Thanks, -- C
