https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15910
--- Comment #24 from Christopher Maynard <christopher.mayn...@igt.com> ---
(In reply to Peter Wu from comment #23)
> For future reference, this is a quick way to configure the dissector with
> the capture from bug 14591 to reproduce the issue raised above:
>
> tshark -r mqtt_zcoap.pcap -ouat:mqtt_message_decoding:'"Ends
> with","/c.z","compressed","coap"' -V
The issue now is that the CoAP header used in the mqtt_zcoap.pcap file is that
of Figure 7 of RFC 7252, whereas it's now being incorrectly dissected as the
CoAP header from Figure 4 of RFC 8323. One of the reasons that header was used
was because RFC 8323 hadn't even been written yet at the time it was added as
the MQTT payload. It was only noted in "Section 3. Message Format" of RFC 7252
that, "It could also be used over other transports such as SMS, TCP, or SCTP,
the specification of which is out of this document's scope." Without RFC 8323,
it wasn't explicitly specified that a different CoAP header should be used, but
even if it had, CoAP isn't directly over TCP in this case, but over MQTT, so
it's unclear as to which header should be used. I don't know if MQTT is the
only problematic protocol or not, but maybe there could be heuristics added to
the CoAP dissector as to how to parse the header if not *directly* over UDP or
TCP, as is the case here?
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
