Wireshark-bugs: [Wireshark-bugs] [Bug 1746] New: new SNMP dissector shows convoluted tree
Date: Wed, 15 Aug 2007 14:38:55 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1746

           Summary: new SNMP dissector shows convoluted tree
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: thomas.anders@xxxxxxxxxxxxx


Build Information:
wireshark 0.99.7 (SVN Rev 22504)

Compiled with GTK+ 2.10.6, with GLib 2.12.4, with libpcap 0.9.4, with libz
1.2.3, with libpcre 6.7, with Net-SNMP 5.4.1, without ADNS, without Lua, with
GnuTLS 1.4.4, with Gcrypt 1.2.3, without Kerberos, with PortAudio PortAudio
V19-devel, without AirPcap.

Running on Linux 2.6.18.8-0.3-default, with libpcap version 0.9.4.

Built using gcc 4.1.2 20061115 (prerelease) (SUSE Linux).

--
The change to the asn2wrs generated SNMP dissector (around r18086) has
introduced a major usability regression in the tree pane.

I've attached a sample capture file with a single SNMP INFORM packet. Here's
the compact dissection with the old dissector:

    Simple Network Management Protocol
        Version: 2C (1)
        Community: trapcomm
        PDU type: INFORM (6)
        Request Id: 0x28ae232e
        Error Status: NO ERROR (0)
        Error Index: 0
        Object identifier 1: 1.3.6.1.2.1.1.3.0
(EXPRESSION-MIB::sysUpTimeInstance)
        Value: Timeticks: (123) 0:00:01.23
        Object identifier 2: 1.3.6.1.6.3.1.1.4.1.0 (SNMPv2-MIB::snmpTrapOID.0)
        Value: OID: RFC1213-MIB::sysDescr.0
        Object identifier 3: 1.3.6.1.2.1.1.1.0 (RFC1213-MIB::sysDescr.0)
        Value: STRING: "test"

Now compare to the complicated nested output of the new dissector:

    Simple Network Management Protocol
        version: v2c (1)
        community: trapcomm
        data: informRequest (6)
            informRequest
                request-id: 682500910
                error-status: noError (0)
                error-index: 0
                variable-bindings: 3 items
                    Item
                        name: 1.3.6.1.2.1.1.3.0
(DISMAN-EVENT-MIB::sysUpTimeInstance)
                        valueType: value (0)
                            value: simple (4294967295)
                            value: simple (4294967295)
                                application-wide: timeticks-value (3)
                                    timeticks-value: 123
                    Item
                        name: 1.3.6.1.6.3.1.1.4.1.0 (SNMPv2-MIB::snmpTrapOID.0)
                        valueType: value (0)
                            value: simple (4294967295)
                                simple: objectID-value (2)
                                    Value: OID: SNMPv2-MIB::sysDescr.0
                    Item
                        name: 1.3.6.1.2.1.1.1.0 (SNMPv2-MIB::sysDescr.0)
                        valueType: value (0)
                            value: simple (4294967295)
                                simple: string-value (1)
                                    Value: STRING: test

The new format doesn't seem to provide any significant additional details, but
one needs to expand a *lot* of items until one gets to the relevant
information.
E.g. to see the value (123) of the first varbind, one needs to expand nine
(9!!) items compared to one (1) with the old dissector.

Please also see Bug 1088 for a different regression (info pane).


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.