ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 1453] GIOP reassembly fails when first packet of a PDU is

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 19 Nov 2007 23:32:12 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1453


sake@xxxxxxxxxx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1128|                            |review_for_checkin-
               Flag|                            |




------- Comment #5 from sake@xxxxxxxxxx  2007-11-19 23:32 GMT -------
Created an attachment (id=1128)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1128&action=view)
update to the gios dissector

Hi Wolf,

> Sorry, I was in the US for a couple of days - and not able to access my
> wireshark repository.

No Worries :-)

> Working in a restricted environment here at Lufthansa, I am not able to
> do a "svn co ..." to get the newest trunk content which prevents me from
> doing a "svn diff ...".
>
> I will try it from home where I don't have these firewall/proxy
> restrictions. I am sending you a manually merged version of
> packet-giop.c vs. wireshark-0.99.7-SVN-23465 in case you want to start
> earlier and do the "svn diff ..." yourself.

Check, I looked at your changes, and have just a few remarks:

> Contents of the changes:
> 1.) Have machine readable tags in the col_info overview like
> <     col_append_fstr(pinfo->cinfo, COL_INFO, " id=%u", request_id );
> --- instead of
> >     col_append_fstr(pinfo->cinfo, COL_INFO, " %u", request_id);
> ==WN== We really need this to have automated batch analysis of GIOP
> sniffer data.

Looks OK to me

> 2.) have symbolic names for codesets, like:
> <   { "ISO_8859_1", 0x00010001U },
> ==WN== would be nice to keep it, but it is not viable

The functionality is ok, but could you use the standard API routines
of Wireshark instead of building your own?
ie make use of a "value_string" struct and the function "val_to_str"
Have a look at how it's done for "giop_message_types".

> 3.) support decompression of GIOP (partial header, full data)
> ==WN== this is an important addon and considered to be very usefull even
> outside of Lufthansa.

Looks OK to me too

> 4.) fix for out-of-order segments, i.e. check for valid "GIOP" signature
> before returning the length of the message
> ==WN== your suggested fix which really helped a lot.

I'm glad it helped :-)

> Sorry for causing trouble and work,

No problem!

Cheers,


Sake


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube