https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4652
--- Comment #4 from Andre Luyer <wiresharkbug@xxxxxxxxxxxxxxxxx> 2010-04-11 10:24:55 CEST ---
With the patch I got from Gerasimos - to simply skip the 5 byte header - I
build a development version and used it to scan several captures containing MQ
traffic.
With that patch there where no more Malformed Packets, so detecting if this
header is present and skipping it is the solution for this bug.
Based on the captures I have I can confirm that "Tag is 0x17, Length is 3 and
Value contains the message size in 3 octets in big endian form." is correct.
Why this header is there is an other question. Maybe it is used with MQ
Clustered Channels and not with MQ Point-to-Point Channels or it is a feature
introduced in version 6. I am not able to test that theory.
The frames containing a Message Descriptor are the most interesting ones. I
noticed that packet-mq.c can be improved at this point. I can translate the
integers/flags into their descriptions based on IBM's cmqc.h and patch this
code (a Message Descriptor is described here:
http://publib.boulder.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=/com.ibm.ztpf-ztpfdf.doc_put.cur/gtpc2/mqmdst.html
).
Also adding Expert Info based on the Message Descriptor would be useful but I
don't now yet how to do that. E.g. if a CorrelationID matches a MessageID in a
previous frame then we have found a REQUEST - REPLY pair.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
