Wireshark-bugs: [Wireshark-bugs] [Bug 7785] New: The specialised GIOP dissectors (from IDL) have

Date: Wed, 3 Oct 2012 02:10:47 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7785

           Summary: The specialised GIOP dissectors (from IDL) have
                    preference over general GIOP
           Product: Wireshark
           Version: 1.6.7
          Platform: x86
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Dissection engine (libwireshark)
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: steve@xxxxxxxxxxxxx


Build Information:
Version 1.6.7

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.10, with GLib 2.32.0, with libpcap (version
unknown), with libz 1.2.3.4, with POSIX capabilities (Linux), without libpcre,
with SMI 0.4.8, with c-ares 1.7.5, with Lua 5.1, without Python, with GnuTLS
2.12.14, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Dec 10 2011 11:43:21), without AirPcap.

Running on Linux 3.2.0-31-generic-pae, with libpcap version 1.1.1, with libz
1.2.3.4, GnuTLS 2.12.14, Gcrypt 1.5.0.

Built using gcc 4.6.3.
--
This is a general issue. There are some quite specific GIOP dissectors
defined in IDL, specifically tango and a whole load of parlay stuff. The
problem
is that they simply match on operation name, so take precedence over any
general
IDL that happens to use the same name. Eg in my IDL:

interface GreetingService
{
   oneway void ping ();
};

The ping operation is recognised as a packet of type TANGO not generic GIOP
as tango has a ping operation. Tango also has operations "info", "state",
"status", "name", all of which will be interpreted as TANGO packets if a user
is unfortunate enough to use them in their IDL.

This is an issue as if running a GIOP analysis using wireshark will be
filtering
on the GIOP protocol and not expecting any operations to be miss categorized
as other protocol types (so in effect are lost from the trace). Tango is
particularly guilty of using simply named operations that are likely to be used
by others, although cosnaming has always been a pain with the use of "list" and
"destroy".

As a fix I guess I would like all GIOP packets, identified as such by default
and
add some sort of ability for users to enable the additional specific
categoriosation if required.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.