I am a bit stymied as to how the MATE plugin works, and thus why I
can almost but not quite make it do what I want. What I am trying to
do(at a minimum) is add the ability to sort by TCP session in the
packet list view. While trying to figure out how to do that, I was
fiddling with mate, and it occurred to me that adding a column to
display the MATE GOP number could work, and then be reconfigurable by
MATE scripts. So I managed to add such a column, and by adding the
following code(currently in mate_tree in packet-mate.c, but I had it
working about as well someplace else as well):
if ( pdus && pdus->gop && check_col(pinfo->cinfo,
COL_MATE_GOP)) {
col_add_fstr(pinfo->cinfo, COL_MATE_GOP, "%8d:%s",
(pdus->gop->id),(pdus->gop->cfg->name));
}
I can configure mate with the example tcp.mate script, and load a file
with a bunch of web traffic, and all the TCP packets have the column
filled in , and ARP, ICMP, etc do not, exactly as expected. However,
the packets classified as HTTP, while having the correct MATE
information listed in the protocol tree, has a blank value for my new
column, and thus doesn't sort in with the rest of the session it
belongs to. If I turn off HTTP dissection, it all works. I know the
Info column is cleared and filled in by later dissectors, but clearly
nothing knows about my new column but me, so it isn't being manually
cleared.
I then dug into where the handoff occurs, and then noticed that
MATE registers itself as a frame tap, although the packet callback is
an empty routine. So now I am confused as to a) how MATE actually
gets handed packets, and b) why my column ever works if I am calling
it from a tap. Anyway, if anyone has any suggestions, and or an
explanation as to how packets flow through MATE, I'd greatly
appreciate it.
Thanks,
Todd Carrozzi
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
