Wireshark-dev: Re: [Wireshark-dev] Drop sql-oracle dissector?

From: Evan Huus <eapache@xxxxxxxxx>
Date: Sun, 17 Mar 2013 08:54:59 -0400
I created a general Oracle protocol page, since I've not been able to
find much to cleanly distinguish the different protocols that
apparently get lumped into the Oracle family.

http://wiki.wireshark.org/Oracle

Dissector was removed from the source tree in r48349 after being
attached (with appropriate warnings) to the wiki page.

On Sat, Mar 16, 2013 at 10:49 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Mar 16, 2013, at 7:17 PM, Evan Huus <eapache@xxxxxxxxx> wrote:
>
>> packet-sqloracle.c is currently not being built (not listed in either
>> Makefile.common or CMakeLists.txt).
>>
>> It was mentioned in bug #8449 because Moshe noticed that it had a
>> really egregious buffer overflow condition while doing random code
>> review.
>>
>> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8449
>>
>> Having taken a look at the dissector, it is an absolute mess. Tons of
>> obvious bugs, bad practices, etc. There is no way it would be accepted
>> as a patch, were it filed new today (and nobody seems to know who
>> wrote it anyways).
>>
>> So, since nobody has complained about the fact that it's disabled, and
>> it looks like nearly as much work to rewrite as it is to fix, I'm
>> happy just removing it completely.
>
> I presume it's intended to dissect whatever protocol Oracle uses to send SQL over the wire, probably encapsulated on top of TNS.
>
> Some poking around the Web found
>
>         http://packetpushers.net/sqlnet-a-k-a-oracle-tns-and-firewalls/
>
> which says a bit about how TNS works but just speaks of SQL being transported atop it, with no other details of how that's done (or of whether services *other* than SQL are transported over TNS or how you identify the service).
>
> I saw some stuff referring to an Oracle "net8" or "Net8" protocol - perhaps that's version 8 of their SQL protocol - and a Google search for
>
>         net8 protocol
>
> found, among other thing:
>
>         http://www.pythian.com/blog/repost-oracle-protocol/
>
> which doesn't *look* as if it's TNS, so it might be what runs atop TNS, or might be an alternative to TNS, or....
>
> It spoke of "TTCCode"s; Googling for "TTCCode" found some stuff and a lot of irrelevant stuff, and Googling for
>
>         TTCCode TTIPro
>
> found various bits of stuff for Java packages with names starting with "oracle.jdbc", which *might* be Java code that puts Oracle SQL on the wire.
>
> This book:
>
>         http://www.amazon.com/The-Oracle-Hackers-Handbook-ebook/dp/B000SEIC3K
>
> looks as if it has some protocol details as well.
>
> Oracle has some information at
>
>         http://docs.oracle.com/cd/A87860_01/doc/network.817/a76933/architec.htm
>
> but that's more of a software stack description than a protocol stack description.
>
> The source file in question might have some useful information in combination with various other bits of information about Net8/SQL*Net/TTC-7/whatever the heck the name or names of the protocols are; perhaps either:
>
>         it should be renamed as "oracle_sql.txt" with a huge comment saying "this code is crap, but it might be one source of useful protocol information in case anybody wants to make an Oracle SQL dissector" and left in the tree;
>
>         we should create an "OracleSQL" page on the Wiki with that file as an attachment and various links for the benefit of anybody trying to write an Oracle SQL dissector;
>
>         we should file a bug in Bugzilla saying "we need to dissect Oracle SQL messages" and make that file an attachment.
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe