I'm happy to know some else uses it!
On 5/8/05, bernd.ott@xxxxxxx <bernd.ott@xxxxxxx> wrote:
> I am currently playing around with MATE and its configuration. I have setup
> an SMB PDU that "filters" on SMB sessions.
> [snip]
> Currently it is necessary to add the smb.cmd values in decimal. I am used to
> know the in hex. Is there a way to use hex values for the configuration
> file? If not, I would like to add it to the wishlist for MATE.
With the current way to configure MATE that would be very difficult to
represent, luckily I'm on the middle of a rewrite of the configuration
part to use a "real" grammar instead of a list of vpls to configure
MATE so I'll take your request into account.
wth the new grammar your config would be:
Pdu smb_pdu Proto smb Transport tcp/ip {
Extract addr from ip.addr;
Extract port from tcp.port;
Extract smb_cmd from smb.cmd;
Extract smb_err from smb.nt_status
}
Gop smb_ses On smb_pdu Match (addr, addr, port, port) {
Start (cmd=114);
Stop (cmd=116);
}
> One additional question: How do I combine the ip.addr and tcp.port in the
> Action=GopDef line to get the values displayed as "pairs"?
So far MATE has not mechanisms to operate on single avps (I been
thinking on them but I haven't figured out yet a good way to deal with
that).
In http://wiki.ethereal.com/Mate_2fTutorial I used Transformations to
recognize client address from server addres for HTTP sessions.
You could take a similar approach:
Add ip.src, ip.dst , tcp.srcport and tcp.dstport twice each as
"client" and "server" addresses and then analyzing the contents of
other avps to remove the ones that are not right.
I hope this helps,
Luis