https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14591
Bug ID: 14591
Summary: MQTT Message Decoding Enhancement for allowing
sub-dissection of payload
Product: Wireshark
Version: Git
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: Enhancement
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: christopher.mayn...@igt.com
Target Milestone: ---
Build Information:
Version 2.9.0 (v2.9.0rc0-58-gb4b66d1b)
Compiled (64-bit) with Qt 5.6.2, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS
3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with MaxMind DB resolver, with
nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia,
with AirPcap, with SBC, with SpanDSP, with bcg729.
Running on 64-bit Windows 10, build 15063, with Intel(R) Xeon(R) CPU E3-1505M
v5 @ 2.80GHz (with SSE4.2), with 16225 MB of physical memory, with locale
English_United States.1252, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.4.11, with Gcrypt 1.7.6, with AirPcap 4.1.0 build 1622, binary plugins
supported (14 loaded). Built using Microsoft Visual C++ 14.0 build 24215
--
The MQTT Message Decoding feature is fantastic! Unfortunately, it doesn't
quite support all types of data, for example, compressed data, at least not as
far as I can tell.
Right now, I have a simple Lua shim that handles this, and it works OK, but I
need a different shim for each compressed protocol. Here's an example of such
a shim:
zdata.lua:
local p_zdata = Proto("zData", "Zlib-Compressed Data")
local data_handle = Dissector.get("data")
function p_zdata.dissector(buf, pinfo, tree)
local zdata_tree = tree:add(p_zdata, buf(0,-1))
pinfo.cols.protocol:append("/zData")
data_handle:call(buf:range(0):uncompress("Data"):tvb(), pinfo, tree)
end
In this use case, it would be nice if the MQTT Message Decoding feature could
be enhanced to somehow allow the payload to be decompressed and then have the
decompressed buffer passed to the appropriate protocol dissector, all based on
the topic name.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
