The first format (C-Like) is the current one, the second format was
the original (dropped) one.
In the odd story of the accidental development of MATE this format was
written for loading and testing an ISUP/H323/SIP only module, it came
to my view that the matching mechanism was versatile enough for a lot
of protocols so I used the test-loader as a mechanism to load and
configure the whole thing. I never liked it as a config language
So I wrote the C-Like grammar that is used now, I just never took the
time to translate all the examples to the new grammar.
My *Big* fault is that I never fully documented the new (C-like) one.
For the other thing MATE and the Lua bindings bear no relation
whatsoever (besides the common Author). MATE uses a series of rules to
group Pdus while Lua is a full-blown programming language (somewhat
exotic butit is nice and fast) with bindings to the Wireshark API.
On 8/10/07, Sake Blok [EMAIL PROTECTED] wrote:
Hi,
I started to use MATE to link packets to each other in Wiresharl/Tshark
and do some analysis on the set. I was able to get some things working
aleady and I think it is a great plugin. I do have some questions
though. When I look at the information on the Wiki I am a bit confused
by the two syntax formats.
The first format is like:
Pdu dns_pdu Proto dns Transport ip {
Extract addr From ip.addr;
Extract dns_id From dns.id;
Extract dns_resp From dns.flags.response;
};
The second format is like:
Transform start_cond {
Match (attr1=aaa, attr2=bbb) Insert (msg_type=start);
Match (attr3=www; attr2=bbb) Insert (msg_type=start);
Match (attr5^a ) Insert (msg_type=stop);
Match (attr6$z ) Insert (msg_type=start);
};
Pdu pdu ... {
...;
Transform start_cond
}
Action=Transform; Name=start_cond; attr1=aaa; attr2=bbb; .msg_type=start;
Action=Transform; Name=start_cond; attr3=www; attr2=bbb; .msg_type=start;
Action=Transform; Name=start_cond; attr5^a; .msg_type=stop
Action=Transform; Name=start_cond; attr6$z; .msg_type=stop;
Action=PduDef; Name=pdu; ...
Action=PduTransform; For=pdu; Name=start_cond;
Action=GopDef; Name=gop; ...
Action=GopStart; For=gop; msg_type=start;
Action=GopStart; For=gop; msg_type=stop;
At this time I find the first format much more clear, but most of
the examples use the second format.
Are the two totally interchangeable?
If so, how should I translate one to the other? Any general rules on that?
If not, which of the two is the richest? Is one just a replacement to
the other?
Another question is how MATE and LUA relate to each other, I know LUA is
far more extensive in its possibilities, but is it also possible to easily
write LUA scripts for the things MATE is good at? Ie, would learning to
write LUA scripts make learning to write MATE scripts obsolete?
Cheers,
Sake
___
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
Propertarianism joined to capitalist vigor destroyed meaningful
commercial competition, but when it came to making good software,
anarchism won.
-- Eben Moglen
___
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
