Wireshark-bugs: [Wireshark-bugs] [Bug 7014] New: Dissector submission for ActiveMQ OpenWire prot

Date: Sat, 31 Mar 2012 12:52:46 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7014

           Summary: Dissector submission for ActiveMQ OpenWire protocol
           Product: Wireshark
           Version: 1.6.6
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: metatechbe@xxxxxxxxx


metatech <metatechbe@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #8117|                            |review_for_checkin?
              Flags|                            |

Created attachment 8117
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8117
First implementation of packet-openwire.c

Build Information:
NA
--
Here is a dissector for ActiveMQ OpenWire protocol.

A few words about the protocol : 
OpenWire has two wire formats :
- "loose" : more verbose, less CPU-intensive, less network-intensive (1-pass)
- "tight" : more compact, more CPU-intensive, more network-intensive (2-pass)
This dissector only supports the "loose" syntax, which is not the default.
This dissector only supports version 6 of the protocol.
It can be changed on the broker in the activemq.xml file by specifying
"tightEncodingEnabled=false" :

There is a sample capture uploaded on the Wiki :
http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=openwire_sample.tar.gz
It contains 3 variants of the protocol : 
1. "loose" and "nocache"
2. "loose" and "cache"
3. "tight" and "cache" 

I performed 3000 runs of fuzz testing with success.

Patch was tested against Wireshark 1.6.5 and 1.6.6.

Please review.

Thanks.

metatech

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.