This sounds amazing. Some questions.
What is EVF? How can you deal with the problem of variant maps? On Sun, Sep 22, 2019, 7:55 AM Charles Givre <[email protected]> wrote: > Hello all, > I'm contemplating some improvements to Drill's PCAP reader. Specifically, > I'd like for Drill to actually be able to parse some of the actual packet > data. I was thinking of using KaiTai structs as a means to do so as they > already have parsers for common packets. An example of this is the DNS > parser (https://formats.kaitai.io/dns_packet/java.html) > > I was thinking of doing the following: > 1. Converting the PCAP plugin to use the EVF framework. > 2. Including a config option to turn the parsing on/off > 3. Having the appropriate parser read and parse the data and store it > into a Drill map. > > Does anyone have any comments or thoughts on the matter? > Thanks, > -- C > >
