Hello,
I have seen the wireshark SIGCOMP implementation, and it seems to
me that some operations are missing, and many corner cases are not
handled as RFCs demand, especially regarding DECOMPRESSION-
FAILURE conditions (example: MLOD self-modifying code detection).
Some stuff like operands decoding could be refactored a lot to reduce
complexity and code size.
I would prefer to build an alternative SIGCOMP implementation for
wireshark rather than tweak the current one, in order to be able to offer
a clean design.
But maybe what you already have in place is
"good enough" (tm), and in this case I would suggest to at least
integrate the RFC 4465 torture tests in the build, in order to single out
the problems with the current implementation.
Wdyt ?
Claudio F.