In few days (I hope late tomorrow) I'll release a newer verion of
MATE. If anyone has made changes to MATE please submit them so I
consolidate them into the newer version.
The changes I've made are:
- I've Renamed several keywords to improve comprehensibility (thanks
to Ulf that made me notice that it was not realy clear what a leg was)
- renamed Leg into Grp
- renamed Ses into GoG (group of groups)
- improved PDU config
- more protocols create distinct pdus of diferent types out of the
same real pdu. This fixes a problem where Proto=tcp; and Proto=ftp;
would create a random PDU either one or the other. and allows the same
real PDU belong to different Groups (both tcp and ftp).
- added transport stack like: Transport=tcp/ip; this allows to
import fields from more than the "proto" and one "transport" range.
- every pdu type has it's own fields and transports hfid data, that
means the same field can be used by different PDUs with different
names. (it wasn't possible before)
- settings are internal.
- improved Group config
- internally there is a single hash containing structures holding
all the config instead of four different hashes. (faster analysis,
allows to add other parameters to the Grp easily)
- improved Grp analysis
- implicit Start: if a start is not declared for a Grp the first
PDU matching a key starts a group
- improved tap_filter: that means frames aren't analyzed at every
packet matching any configured field anymore, just interesting frames
are analyzed.
- added few fixes regarding Windows from Marting Regner
- removed the "crash at reinit" that was there, we can load a neww
file without crashing, good but no huge progress anyway: there's still
an issue with the tap that does not re-run on reload, that disallows
to just change the config file and reload to get packets re-analized.
Luis
--
"And what are you doing in man's clothes."
-- Frank, the rabbit
