Re: hadoop dissector

[Dario Lombardo <dario.lombardo.ml () gmail com>]

Maybe some developer like to "develop in the wild"... that could mean they
can avoid some rules, push incomplete dissectors, or whatever else I can't
figure out. Rules for dissectors are very strict. I don't mean they are
useless, but they have been set to have a very robust code _inside_
wireshark. Code that isn't so performing or robust or good can live outside
it in the form of a plugin.

For instance I have found in that dissector some code that I don't know if
could go into the master:

1) it is written in c++. Would it be acceptable?
2) it uses stl maps. Would it be acceptable or should it be replaced by
some "wmem maps" (maps with custom allocator)?

Thanks for the info.
Dario.

On Thu, Jul 2, 2015 at 7:04 PM, <mmann78 () netscape net> wrote:

>   I'd recommend attaching the capture file to a Bugzilla ticket (with all
> of the links mentioned here) and possibly your patch of the internal
> dissector.  Perhaps somebody can take it from there.
>
> As a side note, I still don't know how I feel about dissectors being
> "pulled from the wild" from developers rather than pushed to Wireshark (via
> Gerrit) by the original author(s). Gerrit (and just Buzilla before that)
> isn't THAT hard to navigate.  Are we missing something?  Are our code
> standards too strict?
>
>
>
>
> -----Original Message-----
> From: Dario Lombardo <dario.lombardo.ml () gmail com>
> To: Developer support list for Wireshark <wireshark-dev () wireshark org>
> Sent: Thu, Jul 2, 2015 12:03 pm
> Subject: [Wireshark-dev] hadoop dissector
>
>   Hi list
>   I opened a hadoop 2.6 capture file with the current master and I found
> that the hadoop dissector fails in opening the file (wrong dissection).
> This is probably related to the changes in the wire protocol that have not
> been reflected into the current dissector. So I decided to start
> understading how the dissector should be updated... but I stucked.
>
>  I can't find the specifications of the wire protocol. I just found this
> https://wiki.apache.org/hadoop/HadoopRpc.
>
>  I've found this project  https://github.com/liukeyou/hadoop-wireshark that,
> from the screenshots, sound promising, but is for WS 1.10, and is a plugin
> for windows (my dev env is linux). I succeded to compile it as internal
> dissector, but nothing gets dissected. Maybe it looks for something
> somewhere that I didn't copy.
>
>  I tried to compile hadoop myself, to instrument it in order to have a
> better understand of the flow and of the protocol, but the high level of
> abstraction of the hadoop java code made me lost.
>
>  These are my attempts so far... not very happy about them.
>  Did anyone tried to make the same or something different? Anyone having
> links/resources/ideas to share? Anyone interested in working on it?
>
>  Cheers,
>
> Dario
>
>    ___________________________________________________________________________
> Sent
> via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:   https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe:https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe <wireshark-dev-request () wireshark 
> org?subject=unsubscribe>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe