Comment # 17
on bug 8947
from Michael Mann
I applied your patch and ran it on the provided trace file, with a breakpoint
at the COPS_OBJ_HANDLE case in dissect_cops_object_data. It was hit on the
"first pass" (pinfo->fd.flags.visited == 0).
The problem is that in your patch you return if "cops_tree == NULL", which will
be true in Wireshark only when "pinfo->fd.flags.visited == 0", and after that
is when you're attempting to do the "conversation tracking".
It looks to me like you can add the "handle value", create a conversation and
populate your "pdu_tree" with the request in the COPS_OBJ_HANDLE case when
checking for "pinfo->fd.flags.visited == 0". I'm not sure where the response
is handled, but the same logic should apply.
You are receiving this mail because:
- You are watching all bug changes.