The GIOP dissector tries to associate replies with requests. It does this by comparing the request ID. Unfortunately, this isn't good enough. When there are multiple connections, the same request ID can get used on different connections. So it needs to check IP address and port number too. I have made some changes to packet-giop.c to extend the list of requests to include source address and port number. Then when searching for a matching frame number it checks port & ip address too. This works well, except I appear to have to check the wrong IP address. So before submitting this as a change I'd like to know why. I'm getting the addresses from the packet_info structure. The list stores pinfo->src & pinfo->srcport. Then to get it to work, when searching for a matching request, using the packet_info of the reply, it compares the stored values with pinfo->src & pinfo->dstport. I would have expected the IP address to be pinfo->dst, not src. After all, the reply is sending back to the IP that sent the request and it is the destination port that is required, but if I change it to use dst it doesn't work. Can someone explain why this is Thanks asked 04 Nov '15, 09:32  Andy Ling |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
