Reconstructing request-response pairs from a recording

I'm analysing an interaction where two devices communicate using the request-response pattern over a fairly unreliable network (RS232) and would like to turn streams of "Computer sent bytes XXXX at 13:01:02" and "Device sent bytes YYYY at 13:01:03" back into the original request-response pairs.

I've rolled my own in the past based on a couple assumptions I know about the traffic behaviour, but was wondering if there any formal algorithms for this sort of thing?

Here's a playground link with the rough API I'm trying to create, plus the various assumptions I can make.

Disclaimer: I have no experience with serial connections, but I see your question is unanswered for a while now.

I feel like the question doesn't give much information about where exactly you are stuck.

What layers are you putting on top of the RS232 connection? Are you using existing crates like mio-serial?

Can you get a reliable bytestream out of it? Eg. one that guarantees bytes arrive in order? If you can, you can leverage existing infrastructure, like implementing AsyncRead/AsyncWrite for it and use tokio-codec/futures_codec to frame your connection, which probably saves you a bunch of work.

btw, thumbs up for the clean code and detailed comments :smiley:

I guess that's because I'm not sure how best to articulate the problem, and I've been struggling to find better terminology on the web.

A good analogy of what I'm trying to do is the follow TCP stream feature in WireShark.

When looking at a bunch of incoming and outgoing TCP packets, you can click on a single packet and it'll show you a view which reassembles all related packets into the incoming/outgoing streams an application would normally see.

I'm trying to implement a simplified version of this which will reassemble request-response pairs given a set of recorded incoming/outgoing messages (which have been parsed).

For the purposes of this analysis, I don't think the details of how the data is transferred will be relevant, we're analysing a recording of the communication some time after it takes place. The raw data that's been recorded is a series of bytes as well as the time our application emitted the read/write call.

Screenshot from 2020-02-22 17-08-09

I've then done some preprocessing which turns the byte stream from computer to device into a Vec<Request>, and the byte stream from device to computer is turned into a Vec<Response>. Any bytes which can't be parsed into a Request or Response are assumed to be garbage and we skip past them until the start of the next valid message.

The problem I'm trying to solve is how to take a Vec<Request> and Vec<Response> and inspect the attached timestamps and IDs to turn the inputs into a Vec<Transfer> (using the definitions from that playground link). Is there a proper name for this sort of analysis?

Ok, so it sounds like you have already done the hardest part of parsing the bytestream. What exactly makes you get stuck? What about?:

  1. loop over the Requests
  2. search the Responses for the corresponding ID,
  3. create the transfer object
  4. dump it in a Vec
  5. return the Vec