On Sun, Aug 13, 2000 at 01:25:18AM -0700, Guy Harris wrote:
> Gilbert already checked into the CVS tree a version of that change that
> applies to the source in the CVS tree; it appears that we've failed to
> outwit the Linux developers, as either
>
> they've apparently come up with a new twist that fools the hack
> that Gilbert posted
>
> or
>
> we didn't guess all the ways in which the old weirdness can
> manifest itself.
Well, the attached patch, to the current CVS version of "packet-raw.c"
(which is also the version in 0.8.10 and 0.8.11) appears to handle the
*second* capture Reinhard Nissl sent out (the one with the 10 bytes of
zero before the IP header), and also appears to handle your capture
(where there's one byte, with some mysterious value, before the PPP
header).
Hopefully the Linux ISDN developers won't put their minds to coming up
with yet *another* wacky pile of gunk at the beginning of the packet....
Index: packet-raw.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/packet-raw.c,v
retrieving revision 1.17
diff -c -r1.17 packet-raw.c
*** packet-raw.c 2000/05/25 07:42:25 1.17
--- packet-raw.c 2000/08/13 08:48:15
***************
*** 40,48 ****
static gint ett_raw = -1;
! void
! capture_raw( const u_char *pd, packet_counts *ld ) {
/* So far, the only time we get raw connection types are with Linux and
* Irix PPP connections. We can't tell what type of data is coming down
* the line, so our safest bet is IP. - GCC
--- 40,50 ----
static gint ett_raw = -1;
! static const char zeroes[10];
+ void
+ capture_raw(const u_char *pd, packet_counts *ld)
+ {
/* So far, the only time we get raw connection types are with Linux and
* Irix PPP connections. We can't tell what type of data is coming down
* the line, so our safest bet is IP. - GCC
***************
*** 55,64 ****
capture_ppp(pd, 0, ld);
}
/* The Linux ISDN driver sends a fake MAC address before the PPP header
! * on its ippp interfaces. */
else if (BYTES_ARE_IN_FRAME(0,8) && pd[6] == 0xff && pd[7] == 0x03) {
capture_ppp(pd, 6, ld);
}
else {
capture_ip(pd, 0, ld);
}
--- 57,75 ----
capture_ppp(pd, 0, ld);
}
/* The Linux ISDN driver sends a fake MAC address before the PPP header
! * on its ippp interfaces... */
else if (BYTES_ARE_IN_FRAME(0,8) && pd[6] == 0xff && pd[7] == 0x03) {
capture_ppp(pd, 6, ld);
}
+ /* ...except when it just puts out one byte before the PPP header... */
+ else if (BYTES_ARE_IN_FRAME(0,3) && pd[1] == 0xff && pd[2] == 0x03) {
+ capture_ppp(pd, 1, ld);
+ }
+ /* ...and if the connection is currently down, it sends 10 bytes of zeroes
+ * instead of a fake MAC address and PPP header. */
+ else if (BYTES_ARE_IN_FRAME(0,10) && memcmp(pd, zeroes, 10) == 0) {
+ capture_ip(pd, 10, ld);
+ }
else {
capture_ip(pd, 0, ld);
}
***************
*** 105,114 ****
return;
}
/* The Linux ISDN driver sends a fake MAC address before the PPP header
! * on its ippp interfaces. */
else if (tvb_get_ntohs(tvb, 6) == 0xff03) {
next_tvb = tvb_new_subset(tvb, 6, -1, -1);
dissect_ppp(next_tvb, pinfo, tree);
return;
}
else {
--- 116,138 ----
return;
}
/* The Linux ISDN driver sends a fake MAC address before the PPP header
! * on its ippp interfaces... */
else if (tvb_get_ntohs(tvb, 6) == 0xff03) {
next_tvb = tvb_new_subset(tvb, 6, -1, -1);
dissect_ppp(next_tvb, pinfo, tree);
+ return;
+ }
+ /* ...except when it just puts out one byte before the PPP header... */
+ else if (tvb_get_ntohs(tvb, 1) == 0xff03) {
+ next_tvb = tvb_new_subset(tvb, 1, -1, -1);
+ dissect_ppp(next_tvb, pinfo, tree);
+ return;
+ }
+ /* ...and if the connection is currently down, it sends 10 bytes of zeroes
+ * instead of a fake MAC address and PPP header. */
+ else if (memcmp(tvb_get_ptr(tvb, 0, 10), zeroes, 10) == 0) {
+ tvb_compat(tvb, &next_pd, &next_offset);
+ dissect_ip(next_pd, next_offset + 10, pinfo->fd, tree);
return;
}
else {