ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 12184] MATE AVPL match modes "Loose" and "Every" do not wo

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 18 Sep 2016 17:29:11 +0000

Comment # 8 on bug 12184 from 
Hmm, I am still not fully certain how multiple AVPs with the same name have to
be handled (for matching data AVPs and returning results).

In plugins/mate/examples/web.mate there is this snippet (old syntax):
Action="" Name=rm_client_from_dns_resp; Mode=Replace; Match=Every;
dns_resp=1; client_addr; .dns_resp=1;

Here you can see that the intention of "Every" is that every condition
(dns_resp=1, client_addr) must match and that it is replaced by (dns_resp=1)
(effectively dropping client_addr).

In mms.mate we can see a case where "Loose" with zero conditions is allowed, it
is expected to match (and apply the replacement). Rewritten to the new syntax
(for clarity) it becomes:

    Transform mms_start {
        // yes, really no attributes and apparently no value for the AVP
either?
        Match Loose () Insert (mms_start);
    }
    Pdu mmse_over_wsp_pdu Proto wsp Transport ip {
        // (Match omitted)
        Transform mms_start;
    }

In the same file we find (translated and annotated):

    Transform rm_client_from_http_resp1 {
        // If "http_rq" is set, match and return from this transform.
        Match Strict (http_rq) Insert ();
        // could probably be "Strict" as well?
        Match Every (addr) Insert (not_rq);
    }
    Transform rm_client_from_http_resp2 {
        // huh, why add not_rq above and replace it here? Why not just:
        // Match Strict (addr) Insert (ue); above?
        Match Strict (not_rq) Replace (ue);
    }
    Pdu mmse_over_http ... {
        Extract addr From ip.addr;
        Extract http_rq From http.request;
        ...
        Transform rm_client_from_http_resp1;
        Transform rm_client_from_http_resp2;
    }

In matelib/radius.mate:

    Transform radius_same_port {
        // If there are already two ports, do nothing
        Match Strict (radius_port, radius_port) Insert ();
        // else add a new port?
        Match Every (radius_port) Insert (radius_port=0);
    }
    Pdu radius_pdu Proto radius Transport udp/ip {
        Match radius_addr From ip.addr;
        Match radius_port From udp.port;
        Match radius_id From radius.id;
        Match radius_code From radius.code;
        Transform radius_same_port;
    }
    Gop radius_req On radius_pdu (radius_id, radius_addr, radius_addr,
radius_port, radius_port) {
        // not sure if right syntax
        Start (radius_code|1|4|7);
        Stop (radius_code|2|3|5|8|9);
    }

None of these examples really help understanding what should be done for Match
(what to return for a match).

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube