[jboss-jira] [JBoss JIRA] Commented: (JGRP-324) Wireshark plugin for JGroups

Richard Achmatowicz (JIRA) jira-events at lists.jboss.org
Thu Jul 3 11:18:31 EDT 2008 

    [ http://jira.jboss.com/jira/browse/JGRP-324?page=comments#action_12419806 ] 
            
Richard Achmatowicz commented on JGRP-324:
------------------------------------------

I've been investigating modifying the plugin to handle TCP based JGroups traffic, and it will be very difficult to achieve without a small 
modification to the JGroups wireformat.

Here's the problem. When dissecting JGroups over TCP, we have to take account of two things due to the stream-orientation of TCP:
(i) a large TP bundle may be split into several TCP fragments
(ii) several small TP bundles may be placed into one TCP fragment

Reassembly of TP bundles will occur at the receiving TCP peer end, but Wireshark captures the fragments before reassembly, in between
the peers so to speak, and so the Wireshark plugin writer has to do the reassembly herself.

Reassembling TCP fragments is very very simple if we have a field in the TP header which describes the length of the entire TP bundle.
We can then say to Wireshark - "reassmble enough TCP fragments until you get a buffer with at least this length". Dissection on a complete
TP bundle can then proceeed in a straightforward fashion. The TP header does not have a "TP bundle length" field at the moment.

Without this information, we never know if we have a complete TP bundle in the buffer, and so have to dissect the TCP fragment "on the fly" -
checking before each read from the buffer if we have enough data in the buffer left; in that case that there is not enough data, request the
reading of another TCP fragment. I've had a go at implementing this, but it is just too complcated. It's easy to check before each read from the 
buffer if there is enough data available. It's also easy to get Wireshark to read another TCP fragment into the buffer. The real complication is in 
returning to the point where processing left off and contuniing, as the dissector is called anew each time we add in a new TCP fragment to the buffer. 
It is possible, but it would make the dissector extremely complicated and difficult to maintain.

At present, the disseector can handle UDP packets (as far as I am aware) for 2.6.2, which is what I have been testing with, and any wire compatible format.
If we could add a TP bundle length field to 2.7, this would allow handling both UDP and TCP for 2.7 onwards.

   



> Wireshark plugin for JGroups
> ----------------------------
>
>                 Key: JGRP-324
>                 URL: http://jira.jboss.com/jira/browse/JGRP-324
>             Project: JGroups
>          Issue Type: Feature Request
>            Reporter: Bela Ban
>         Assigned To: Richard Achmatowicz
>            Priority: Minor
>             Fix For: 2.x
>
>
> Write a C implementation of a Wireshark plugin which understands the JGroups wire format and displays information about the JGroups messages (e.g. sender, receiver, headers) in ethereal.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list