https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15208
Bug ID: 15208
Summary: MATE unable to extract fields for PDU
Product: Wireshark
Version: 2.6.4
Hardware: x86-64
OS: Windows 10
Status: UNCONFIRMED
Severity: Normal
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: sc...@harman.tv
Target Milestone: ---
Created attachment 16651
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16651&action=edit
Sample capture
Build Information:
Version 2.6.4-SAMSupport (v2.6.4)
Copyright 1998-2018 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software;
see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.9.1, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS
3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with MaxMind DB resolver, with
nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia,
with AirPcap, with SBC, with SpanDSP, with bcg729.
Running on 64-bit Windows 10, build 17763, with Intel(R) Core(TM) i7-6600U CPU
@ 2.60GHz (with SSE4.2), with 8084 MB of physical memory, with locale
English_Australia.1252, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.4.11, with Gcrypt 1.7.6, without AirPcap, binary plugins supported (18
loaded). Built using Microsoft Visual C++ 14.0 build 24215
--
Hi team - I'd logged a question on ask.wireshark.org
(https://ask.wireshark.org/question/5499/mate-protocol-weirdness/) but have now
extablished that the issue also occurs with the sample MATE dissectors
available on the Wiki.
Basic dissector for our giop-q_quentin plugin:
~~~
Pdu giop_pdu Proto giop Transport tcp/ip {
Extract giop_addr From ip.addr;
Extract giop_port From tcp.port;
Extract giop_type From giop.type;
Extract giop_request_id From giop.request_id;
Extract giop_request_op From giop.request_op;
};
Gop giop_req On giop_pdu Match (giop_request_id) {
Start (giop_type = 0);
Stop (giop_type = 1);
Extra (giop_request_op);
};
Done;
~~~
I've tested this in a few versions
With the web example, the pdu doesn't contain anything other than the time, and
likewise isn't extracting any sensible data.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
