Hi,
I am writing this in the hope that someone here knows how to store
PPP/vj-compressed direction information using wtap_dump() so that it is properly
recognized when loading the capture file with Ethereal.
Although I was able to successfully construct and dump PPP frames that can
be viewed with Ethereal, the direction of vj-compressed packets is always said
to be unknown. My workaround for this was to use the p2p_phdr structure to
provide Ethereal with the appropriate direction information but that data
doesn't seem to get recognized at all.
Since I am not really familiar with the wiretap library I would appreciate
some help on that topic.
My function calls are as follows and although no errors occur I am not
getting the the desired results :
....
w_dumper = wtap_dump_open(filename,WTAP_FILE_PCAP ,
WTAP_ENCAP_PPP_WITH_PHDR,0,&err); /* what is snaplen for ? */
....
....
/* buffer fill... */
....
struct wtap_pkthdr w_hdr = { time,
port->bp,
port->bp, /*
bytes in port->buffer */
WTAP_ENCAP_PPP_WITH_PHDR
};
union wtap_pseudo_header w_phdr;
w_phdr.p2p.sent = port->dir; /* TRUE or FALSE */
int err=0;
if(!wtap_dump(w_dumper,&w_hdr,&w_phdr,(guchar *) port->buffer , &err))
{
if(err != 0) printf("wtap_dump() failed! Errorcode: %i\n",err);
}
....
if(!wtap_dump_close(w_dumper,&err))
{
if(err != 0) printf("[INFO] wtap_dump_close() failed! Error code:
%i\n",err);
}
.....
When I load the dump file in Ethereal afterwards , the encapsulated packets
(in the PPP frames) that are not TCP VJ-compressed are all properly dissected
(LCP,ICMP, IP etc...). For the VJ-compressed TCP packets only "direction
unknown" is displayed and the packet is not further dissected (decompressed),
although the functionality for this is given in packet-vj.c.
This is apparently because the according pinfo->p2p_dir is never filled
before, for me it looks like the code where this should happen ( packet-frame.c )
is never reached and I don't know why (since I think I supply the right
encapsulation header).
Does anyone know what I am doing wrong? I could also provide a dump file if
that makes analysis easier.
Thanks in advance,
Philipp M�nner
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Jetzt ein- oder umsteigen und USB-Speicheruhr als Pr�mie sichern!