ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] GIOP dissector reply decode

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Michael Mann <mmann78@xxxxxxxxxxxx>
Date: Fri, 30 Oct 2015 11:29:54 -0400
Couple of thoughts from a quick skim of the code/git history:
 
1. I presume giop_complete_request_list is for matching request/reply.  Grepping its use will probably give you some clues as to where to look.
2. I'd recommend using the latest dev branch (master or at least master-2.0).  Any fixes you find would need to be applied there (master) first and then backported to 1.12 (and 2.0)
3. It's possible some work was already done related to this (see bug 11123 in Bugzilla).   There have also been other GIOP dissector improvements since 1.12.
 
 
 
-----Original Message-----
From: Andy Ling <Andy.Ling@xxxxxxxxx>
To: 'wireshark-dev@xxxxxxxxxxxxx' <wireshark-dev@xxxxxxxxxxxxx>
Sent: Fri, Oct 30, 2015 10:27 am
Subject: [Wireshark-dev] GIOP dissector reply decode

I’m currently using Wireshark 1.12.5 built on Windows 7 using Visual C++ 12
 
I am adding a GIOP plugin for our internal IDL using the following command to generate the plugin C code
 
C:\Python27\omniorb\omniORB-4.1.6\bin\x86_win32\omniidl.exe -p d:\wireshark-1.12.5\tools -b wireshark_be Q_Quentin.idl > packet-q_quentin.c
 
I am finding that the dissector is getting confused when trying to decode replies. It looks like it is only checking the GIOP request ID to determine which request a reply is for.
 
So when there are multiple machines making requests, the same request ID can get used for different requests. When this happens the replies can get decoded wrongly.
 
In fact multiple threads from a single source IP can use the same GIOP request ID on different ports. This can confuse the reply decode too.
 
I have had a quick look through the dissector code and can’t work out what is doing this.
 
So can someone point me in the right direction and maybe give me some clues about where and whether this can be fixed.
 
Regards
 
Andy Ling
 
 
 


This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com 
___________________________________________________________________________
Sent
via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:   
https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-dev
            
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube