Ethereal-dev: Re: [ethereal-dev] found the rpc problem - not sure if ethereal will ever be abl
> "snoop" appears to handle this - it even recognized frame 6 as a reply
> to frame 5, even though the hosts were different.
>
> I wonder whether it looks *only* at port numbers (and transaction IDs),
> or if it looks for a match on the port numbers and at least one of the
> IP addresses, e.g. trusting the sender address of the request and the
> recipient address of the reply.
I changed the RPC code to use a null address as the destination address
for calls, and the source address for replies, when checking
conversations; that seems to have fixed the problem with that trace file
- it now matches the replies from "stellar.cc.umr.edu" with the requests
to "nissrv3.cc.umr.edu".
(I also made the conversation code first compare port numbers, as per my
earlier mail, on the theory that those tests, which are cheaper than the
address tests, are likely to fail first.
In addition, I moved the stuff that checks whether a packet looks like
an ONC RPC packet from "dissect_udp()" to "dissect_rpc()";
"dissect_rpc()" now takes the standard dissector arguments, and returns
a "gboolean" - TRUE if the packet was an ONC RPC packet and it dissected
it, FALSE if it's not an ONC RPC packet and its caller should check for
other types of packet.)
