> -----Original Message-----
> From: Wireshark-users [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On
> Behalf Of Stuart Longland
> Sent: Tuesday, November 12, 2019 7:52 PM
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: [Wireshark-users] CoAP dissector mixed-up about Accept and Content-
> Format?
>
> It clearly knows its text/plain, specifically it's a JMESPath query.
> The CoAP client in this case is requesting a JMESPath query be performed on a
> JSON document stored server side, and that the server return the response
> back to it in CBOR format (hence "Accept: application/cbor").
>
> That does not mean there is any CBOR contained anywhere in that packet.
> Why does WireShark try to interpret it as such?
> --
> Stuart Longland (aka Redhatter, VK4MSL)
>
> I haven't lost my mind...
> ...it's backed up on a tape somewhere.
Wireshark interprets that way because it's mistakenly calling dissect_coap_opt_ctype() for COAP_OPT_ACCEPT, when a new function should probably be written called dissect_coap_opt_accept() which doesn't improperly assign the content type value and string.
I would suggest that you open a Wireshark bug report for this at https://bugs.wireshark.org/bugzilla/ so it can be fixed.
- Chris
References:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-coap.c;h=0866207886fbfc581e9f52a49b0b6ac097e268ed;hb=HEAD#l598
598 static void
599 dissect_coap_opt_ctype(tvbuff_t *tvb, proto_item *head_item, proto_tree *subtree, gint offset, gint opt_length, int hf, coap_info *coinfo)
600 {
601 if (opt_length == 0) {
602 coinfo->ctype_value = 0;
603 } else {
604 coinfo->ctype_value = coap_get_opt_uint(tvb, offset, opt_length);
605 }
606
607 coinfo->ctype_str = val_to_str(coinfo->ctype_value, vals_ctype, "Unknown Type %u");
608
609 proto_tree_add_string(subtree, hf, tvb, offset, opt_length, coinfo->ctype_str);
610
611 /* add info to the head of the packet detail */
612 proto_item_append_text(head_item, ": %s", coinfo->ctype_str);
613 }
Correct: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-coap.c;h=0866207886fbfc581e9f52a49b0b6ac097e268ed;hb=HEAD#l810
810 case COAP_OPT_CONTENT_TYPE:
811 dissect_coap_opt_ctype(tvb, item, subtree, offset,
812 opt_length, dissect_hf->hf.opt_ctype, coinfo);
813 break;
Incorrect: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-coap.c;h=0866207886fbfc581e9f52a49b0b6ac097e268ed;hb=HEAD#l869
869 case COAP_OPT_ACCEPT:
870 dissect_coap_opt_ctype(tvb, item, subtree, offset,
871 opt_length, dissect_hf->hf.opt_accept, coinfo);
872 break;
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.
