eXtreme Development


Translate:  

  • Generating a CORBA dissector for Wireshark

    2020-12

    A while ago, I worked in a project where I had to sniff a distributed system based on CORBA and based on the collected data, create all CORBA requests.
    Once it would be very difficult simulate all requests from scratch perfectly (some operations on this enviroment triggers more than 50 requests with different parameters), we decided to generate CORBA dissectors (plugins) for Wireshark, that way, we could "replay" the chain of CORBA requests.
    So, the process is basically prepare a CentOS/RedHat to compile Wireshark from scratch adding the generated CORBA dissectors.
    For this guide, CentOS is used, any CentOS/RedHat 7.x or newer might work.

    Wirehsark 3.2.X was used for this tutorial and the following packages were required to install:
    (The dependencies might change depending on your enviroment)

    
brotli-devel.x86_64
brotli.x86_64
byacc.x86_64
cmake3.x86_64
cpp.x86_64
flex-devel.x86_64
flex.x86_64
gcc-c++-x86_64-linux-gnu.x86_64
gcc.x86_64
glib2-devel.x86_64
libgcrypt-devel.x86_64
libgcrypt.x86_64
libpcap-devel.x86_64
libpcap.x86_64
libssh2-devel.x86_64
libssh2.x86_64
libxkbfile.x86_64
libzstd-devel.x86_64
libzstd.x86_64
lua-devel.x86_64
lua.x86_64
lz4.x86_64
minizip-devel.x86_64
minizip.x86_64
qt5-qtmultimedia-devel.x86_64
qt5-qtmultimedia.x86_64
qt5-qtsvg-devel.x86_64
qt5-qtsvg.x86_64
qtsinglecoreapplication-qt5-devel.x86_64
qtsinglecoreapplication-qt5.x86_64
snappy-devel.x86_64
snappy.x86_64
xauth
xmlsec1-gcrypt-devel.x86_64
xmlsec1-gcrypt.x86_64
xorg-x11-drivers
xorg-x11-server-Xorg
xorg-x11-xkb-utils.x86_64
xorg-x11-xkb-utils-devel.x86_64
xz-devel.x86_64
xz-libs.x86_64
zstd
zstd.x86_64
wireshark-devel.x86_64
(wireshark-devel is included to make sure that all dependencies are installed)

    That would be translated to the following yum command to install the dependencies:
    
root@a-server:/root$ yum install bzip2 xauth brotli-devel.x86_64 brotli.x86_64 byacc.x86_64 cmake3.x86_64 \
								 cpp.x86_64 flex-devel.x86_64 flex.x86_64 gcc-c++-x86_64-linux-gnu.x86_64 \
								 gcc.x86_64 glib2-devel.x86_64 libgcrypt-devel.x86_64 libgcrypt.x86_64 \
								 libpcap-devel.x86_64 libpcap.x86_64 libssh2-devel.x86_64 libssh2.x86_64 \
								 libxkbfile.x86_64 libzstd-devel.x86_64 libzstd.x86_64 lua-devel.x86_64 \
								 lua.x86_64 lz4.x86_64 minizip-devel.x86_64 minizip.x86_64 \
								 qt5-qtmultimedia-devel.x86_64 qt5-qtmultimedia.x86_64 \
								 qt5-qtsvg-devel.x86_64 qt5-qtsvg.x86_64 qtsinglecoreapplication-qt5-devel.x86_64 \
								 qtsinglecoreapplication-qt5.x86_64 snappy-devel.x86_64 snappy.x86_64 xauth \
								 xmlsec1-gcrypt-devel.x86_64 xmlsec1-gcrypt.x86_64 xorg-x11-drivers \
								 xorg-x11-server-Xorg xorg-x11-xkb-utils.x86_64 \
								 xorg-x11-xkb-utils-devel.x86_64 xz-devel.x86_64 xz-libs.x86_64 zstd \
								 zstd.x86_64 wireshark-devel.x86_64
Loaded plugins: rhnplugin
This system is receiving updates from RHN Classic or Red Hat Satellite.
PostgreSQL96                                                                                 | 3.6 kB  00:00:00
epel                                                                                         | 5.3 kB  00:00:00
nginx                                                                                        | 2.9 kB  00:00:00
zabbix                                                                                       | 2.9 kB  00:00:00
spacewalk29-client-centos7-x86_64                                                            |  871 B  00:00:00
...

Dependencies Resolved

====================================================================================================================
 Package                              Arch              Version                     Repository                 Size
====================================================================================================================
Installing:
 ...
 gcc-c++-x86_64-linux-gnu             x86_64            4.8.5-16.el7.1              epel                      4.9 M
 xorg-x11-xkb-utils-devel             x86_64            7.7-14.el7                  centos7-x86_64            5.8 k
Installing for dependencies:
 ...
 gcc-x86_64-linux-gnu                 x86_64            4.8.5-16.el7.1              epel                      9.7 M

Transaction Summary
====================================================================================================================
Install  XXX Packages (+XXX Dependent packages)

Total download size: XXX M
Installed size: XX M
Is this ok [y/d/N]:
...

Downloading packages:
(X/Y): libxkbfile-devel-1.0.9-3.el7.x86_64.rpm                                               |  16 kB  00:00:00
...
--------------------------------------------------------------------------------------------------------------------
Total                                                                               1.9 MB/s |  XXX MB  00:00:10
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : gcc-x86_64-linux-gnu-4.8.5-16.el7.1.x86_64                                                       X/Y
  ...
  Verifying  : gcc-x86_64-linux-gnu-4.8.5-16.el7.1.x86_64                                                       1/X
  ...

Installed:
  gcc-c++-x86_64-linux-gnu.x86_64 0:4.8.5-16.el7.1           ...

Dependency Installed:
  binutils-x86_64-linux-gnu.x86_64 0:2.27-9.el7.1            ...

Complete!

    Now, we need to install CORBA libraries for Python:
    
root@a-server:/root$ pip3 install omniidl
Collecting omniidl
  Downloading https://files.pythonhosted.org/packages/d1/ce/6277e01c87a4ce04f605ef8f5d4abd22d4237b33bfe20d6e6714c083d867/omniidl-4.2.2-py3-none-any.whl
Installing collected packages: omniidl
Successfully installed omniidl-4.2.2

    Now, it's time to generate Wireshark dissector with omniidl:
    (In this case, I'm adding just two IDLs, but you can add any number of IDLs)
    
root@a-server:/root$
omniidl -p./ -b wireshark_be ../corba-idls/client.idl > packet-Client.idl.c
omniidl -p./ -b wireshark_be ../corba-idls/user.idl > packet-user.idl.c

    We are almost done!
    Now, we need to add the dissectors to CMake list
    Add the following lines to wireshark-root-directory/epan/dissectors/CMakeLists.txt:
    
${CMAKE_CURRENT_SOURCE_DIR}/packet-Client.idl.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-user.idl.c

    Now, we are ready to build Wireshark with cmake/make:
    
root@a-server:/root$ cd /wireshark-path
root@a-server:/root$ mkdir build
root@a-server:/root$ cd build
root@a-server:/root$ cmake3 ../
...
root@a-server:/root$ make
...

    At this point, if the compilation went well, Wireshark is built with your embedded CORBA dissectors.
    The last thing to do, is to allow wireshark and dumpcap have access in promiscuous mode as follows:
    
root@a-server:/root$ setcap cap_net_raw,cap_net_admin+eip /wireshark-path/build/run/dumpcap
root@a-server:/root$ setcap cap_net_raw,cap_net_admin+eip /wireshark-path/build/run/wireshark

    Wireshark is finally ready to be used with the CORBA IDL.


 


Geraldo Netto
SourceForge
{
 "name": "Geraldo Netto" 
 "contacts": [
          
       
 ]
 "sponsor me": [
       
 ]
 "food": [
      
 ]
 "folk": [
          
 ]
 "mindset": [
   "Control Theory"
   "Seneca"
   "utilitarianism"
   "..."
 ]
 "praying": [
   "Hermetism"
   "Kabbalah"
   "Spiritism"
   "Tantra"
   "Umbanda Branca"
   "..."
 ]
 "music": [
   "Cafe Del Mar"
   "Fito Paez"
   "Jennifer Rostock"
   "Juli"
   "Leningrad"
   "Mafalda Veiga"
   "Oasis"
   "Raimundos"
   "Rammstein"
   "Sabaton"
   "Skank"
   "The Cure"
   "Tom Jobim"
   "Zucchero"
   "..."
 ]
 "arts": [
   "Kandinsky"
   "Pollock"
   "..."
 ]
 "tech": [
   "algorithms"
   "distributed systems"
   "linux"
   "statistics"
   "..."
 ]
}