Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3467] New: Memcache Textual Protocol dissector patch

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 18 May 2009 12:04:25 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3467

           Summary: Memcache Textual Protocol dissector patch
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: rama@xxxxxxxxx


Build Information:
Build information:
===========

wireshark 1.1.4-SVN-28395

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.14.3, with GLib 2.18.1, with libpcap 0.9.5, with libz
1.2.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares,
without ADNS, without Lua, without GnuTLS, without Gcrypt, with MIT Kerberos,
without GeoIP, without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Darwin 9.4.0 (MacOS 10.5.4), with libpcap version 0.9.5.

Built using gcc 4.0.1 (Apple Inc. build 5465).


--
Info:
===
This is a patch to dissect the Memcache Textual Protocol.
http://code.sixapart.com/svn/memcached/trunk/server/doc/protocol.txt

Dissects most of the memcache text commands(set, get, add...etc) except for the
ones mentioned below.

Does not use deprecated or prohibited APIs.

This is a built-in dissector and will patch to the
epan/dissectors/packet-memcache.c file.

Testing:
=====
1. Tried a variety of capture files (ranging from KB to hundreds of MB),
including almost all memcache commands and errors.

2. Performed fuzz testing (did around 20 passes before I stopped it on all my
capture files --output OK for al capture files).

3. Tried editcap with various error probabilities  on my capture files. Did get
some assertions from packet-igrp.c and thought they are out of my scope here
(i.e independent of memcache).
        11:58:05          Warn Dissector bug, protocol IGRP, in packet 8729:
packet-igrp.c:109: failed assertion "pinfo->net_src.type == AT_IPv4"

4. Also tried 'randpkt' - captures dns traffic and tried to read it as memcache
protocol. The dissector did not crash.

5. When I try to open a file by browsing thorough a file system I get the
following error:
(wireshark:12218): Gtk-WARNING **: Unable to find default local directory
monitor type
(wireshark:12218): GLib-GObject-CRITICAL **: g_object_unref: assertion
`G_IS_OBJECT (object)' failed

However, when i try to open the same files, by clicking on the "Open Recent"
files I do not get the error. Not sure what is happening here. Suspecting
something in the GTK lib?

6. Trying to get more testing on it.

Things to do:
========
1. Implement 'incr', 'decr' and 'stats sizes' responses.
2. Improve PDU reassembly logic a little bit: Currently, if we lose track of
the stream and are hit by a new packet in which there is new request somewhere
in the middle, I list the packet as "Memcache Continuation" and move on.
Thinking, maybe I could read line by line and somehow realize that the packet
contains a new memcache request.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube