Header/Packet Equality

[mrmonday]

We need to decide what it means for an XHeader or XPacket to be equal. There are three possibilities:

• The entire packet must be equal, including payload
• Only the header must be equal
• Only selected parts of the header must be equal (ie. Ignore volatile fields such as TTL).

[mattlknight]

This is an interesting question. I think something that may help answer this question, is laying out a few scenarios of why you would want to compare two packets or two headers for equality.

If we are talking about tracing a conversation across multiple hops, then selected parts of the headers would be the way to go. If we are trying to see if a packet has been altered, I would think the entire packet start-to-finish would need to be perfect match, including CRC if available.

Since there are several scenarios with different goals for equality comparison, would it make since to expose methods that offer these variations in comparisons? Maybe through traits?

[pvinci]

Until the dissector matures, I would suggest that equality be defined as a comparison of a vector of slices.
Case 1 would be self[..] == other[..]
Case 2 would be self[..14] == other[..14]
Case 3 would be vec! (self[13..14], self[15..16]) == vec! (other[13..14], other[15..16])

Where is the ip header, for example? The location is dependent on the previous layers. Is it from an untagged packet, a tagged packet, a q-in-q packet, a gre packet, ipip? Is the first ip header of self being compared to the first or second ip header of other?

Is it proper to simply compare two structs, or should that be delegated to a dissector that can properly determine layers?

[infosechoudini]

I think the dissectors themselves should determine the layers. There are instances tho, where a layer later in the dissector chain needs acces to a ealier layer.