["Meaney, Ed" <emeaney@xxxxxxxxxx>]

Gilbert,
The IP-IP encapsulation is used by Mobile IP protocol. I am finishing up a
dissector for it.
A capture of some IP-IP encap is attached.

The russian type font displays in english for me under NT, but it also gives
me a font where the bold and standard characters in the hex dump pane have
the same size and spacing.

The gtk_text_set_point() and gtk_editable_set_position() calls I grabbed
from the GTK+ test application to set the highlighted portion of the hex
pane in the viewable area without having to figure out the font size and
spacing, works nice under win32 and linux.

I don't have a "DLT_PPP_WIN32" trace yet, next time I do a dialup connection
I'll try to get one.

Ed
-----Original Message-----
From: Gilbert Ramirez [mailto:gram@xxxxxxxxxx]
Sent: Tuesday, February 01, 2000 11:27 PM
To: Meaney, Ed
Cc: 'Ethereal Dev list'
Subject: Re: [ethereal-dev] Ethereal Win32 libpcap patch.


On Tue, Feb 01, 2000 at 02:46:54PM -0500, Meaney, Ed wrote:
> All,
> I've finally had some time to clean up the win32 libpcap support.
> I use the WinDump libpcap from http://netgroup-serv.polito.it/windump/
under
> NT 4.0 SP4.
> There may be a problem in get_interface_list in util.c for Win98/95. NT
> returns Driver names in WCHARs.
> 98/95 should return the names in standard char * format but I don't have
> access to 95/98 right now.
> Attached is my patch. let me know if there are any problems.
> 
> Ed <<win32.patch>> 

Great! Thanks. I haven't tried the patch yet; I'll try it at
work tomorrow. But just by readin the patch, I have a couple of
questions.

diff -u -r1.71 packet-ip.c
--- packet-ip.c	2000/01/24 04:44:35	1.71
+++ packet-ip.c	2000/02/01 19:35:07
@@ -1047,6 +1047,9 @@
     case IP_PROTO_IPV6:
       dissect_ipv6(pd, offset, fd, tree);
       break;
+    case IP_PROTO_IPV4:
+      dissect_ip(pd, offset, fd, tree);
+      break;
     case IP_PROTO_PIM:
       dissect_pim(pd, offset, fd, tree);
       break;

True, we should put that in for correctness. Out of curiosity, do
you have a trace file with packets like that, IP-in-IP ?


 #ifdef WIN32
-#define MONO_MEDIUM_FONT "-*-lucida console-medium-*-*-*-*-100-*-*-*-*-*-*"
-#define MONO_BOLD_FONT "-*-lucida console-bold-*-*-*-*-100-*-*-*-*-*-*"
+/* font that allows bold and regular */
+#define MONO_MEDIUM_FONT "-unknown-courier
new-normal-r-normal-*-*-110-*-*-m-*-windows-russian"
+#define MONO_BOLD_FONT "-unknown-courier
new-bold-r-normal-*-*-110-*-*-m-*-windows-russian"

I think I'll avoid applying this patch. Nye vcye govaryat po-russki.


diff -u -r1.13 proto_draw.c
--- proto_draw.c	2000/01/25 03:45:45	1.13
+++ proto_draw.c	2000/02/01 19:35:08
@@ -158,6 +158,9 @@
     scrollval = MIN(linenum * lineheight,bv->vadj->upper -
bv->vadj->page_size);
 
     gtk_adjustment_set_value(bv->vadj, scrollval);
+    /* set the current highlight visible in window */
+    gtk_text_set_point(GTK_TEXT(bv), (bstart/16) * 76);
+    gtk_editable_set_position(GTK_EDITABLE(bv), (bstart/16) * 76);
   }
 }

What are the gtk_text_set_point() and gtk_editable_set_position()
calls for?

 
diff -u -r1.31 libpcap.c
--- libpcap.c	2000/01/22 06:22:39	1.31
+++ libpcap.c	2000/02/01 19:35:09
@@ -160,6 +160,13 @@
 	WTAP_ENCAP_LINUX_ATM_CLIP
 };
 #define NUM_PCAP_ENCAPS (sizeof pcap_encap / sizeof pcap_encap[0])
+/*
+ * New Data-link level type for win32.
+ */
+#ifdef WIN32 
+#define DLT_EN100MB	100	/* Ethernet (100Mb) */
+#define DLT_PPP_WIN32	101	/* Win32 dial up connection */
+#endif
 
 int libpcap_open(wtap *wth, int *err)
 {
@@ -456,6 +463,13 @@
 
 int wtap_pcap_encap_to_wtap_encap(int encap)
 {
+#ifdef WIN32
+   /* 2 NEW Encaps for win32 100 - 100Mb Eth and 101 - PPP wan */
+   if (encap == DLT_EN100MB)
+      return WTAP_ENCAP_ETHERNET;
+   if (encap == DLT_PPP_WIN32)
+      return WTAP_ENCAP_PPP;
+#endif

Do you have a "DLT_PPP_WIN32" trace available? We discovered that the
NDIS type for "WAN" indicates a packet with a fake ethernet header on it.
It is possible, if libpcap for win32 uses the same NDIS facility as
NetXRay, that "DLT_PPP_WIN32" should really return WTAP_ENCAP_ETHERNET.

--gilbert

Attachment: ipencap.dmp
Description: Binary data