Ethereal-users: Re: [Ethereal-users] IEEE 802.11 Unknown OUI problem

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 1 Jun 2001 16:07:44 -0700 (PDT)
> The protocol ID field is the same as normal - 0x0800 - IP.
> 
> The only difference from an IP packet that hasn't gone through
> this bridge and one that has is that the OUI is changed.

Well, that does raise two questions:

	1) has Labtam given up the OUI 00-00-78 (which the IEEE site
	   says they still own)?

	2) do the networking stacks on 802.11 clients all know that an
	   OUI of 00-00-78 should be treated the same as an OUI of
	   00-00-00, or are 00-00-78/0800 packets also not recognized as
	   IP packets by 802.11 clients?

I've checked in the attached changes, which should make Ethereal, at
least, treat 00-00-78 packets the same way 00-00-00 packets are treated,
even if the machines for which the packets are intended don't do so....

Index: oui.h
===================================================================
RCS file: /usr/local/cvsroot/ethereal/oui.h,v
retrieving revision 1.8
diff -c -r1.8 oui.h
*** oui.h	2001/01/10 09:07:35	1.8
--- oui.h	2001/06/01 23:03:37
***************
*** 29,40 ****
  
  #define	OUI_ENCAP_ETHER	0x000000	/* encapsulated Ethernet */
  #define	OUI_CISCO	0x00000C	/* Cisco (future use) */
  #define	OUI_CISCO_90	0x0000F8	/* Cisco (IOS 9.0 and above?) */
  #define OUI_BRIDGED	0x0080C2	/* Bridged Frame-Relay, RFC 2427 */
  					/* and Bridged ATM, RFC 2684 */
  #define	OUI_ATM_FORUM	0x00A03E	/* ATM Forum */
- #define	OUI_APPLE_ATALK	0x080007	/* Appletalk */
  #define OUI_CABLE_BPDU	0x00E02F	/* DOCSIS spanning tree BPDU */
  
  extern const value_string oui_vals[];
  
--- 29,41 ----
  
  #define	OUI_ENCAP_ETHER	0x000000	/* encapsulated Ethernet */
  #define	OUI_CISCO	0x00000C	/* Cisco (future use) */
+ #define	OUI_CISCO_WLANB	0x000078	/* Cisco WLAN bridged packets? */
  #define	OUI_CISCO_90	0x0000F8	/* Cisco (IOS 9.0 and above?) */
  #define OUI_BRIDGED	0x0080C2	/* Bridged Frame-Relay, RFC 2427 */
  					/* and Bridged ATM, RFC 2684 */
  #define	OUI_ATM_FORUM	0x00A03E	/* ATM Forum */
  #define OUI_CABLE_BPDU	0x00E02F	/* DOCSIS spanning tree BPDU */
+ #define	OUI_APPLE_ATALK	0x080007	/* Appletalk */
  
  extern const value_string oui_vals[];
  
Index: packet-llc.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/packet-llc.c,v
retrieving revision 1.84
diff -c -r1.84 packet-llc.c
*** packet-llc.c	2001/03/30 10:51:50	1.84
--- packet-llc.c	2001/06/01 23:03:37
***************
*** 166,176 ****
  */
  	{ OUI_CISCO,       "Cisco" },
  	{ OUI_CISCO_90,    "Cisco IOS 9.0 Compatible" },
  	{ OUI_BRIDGED,     "Frame Relay or ATM bridged frames" },
  				/* RFC 2427, RFC 2684 */
  	{ OUI_ATM_FORUM,   "ATM Forum" },
- 	{ OUI_APPLE_ATALK, "Apple (AppleTalk)" },
  	{ OUI_CABLE_BPDU,  "DOCSIS Spanning Tree" }, /* DOCSIS spanning tree BPDU */
  	{ 0,               NULL }
  };
  
--- 166,177 ----
  */
  	{ OUI_CISCO,       "Cisco" },
  	{ OUI_CISCO_90,    "Cisco IOS 9.0 Compatible" },
+ 	{ OUI_CISCO_WLANB, "Cisco 802.11 bridge" },
  	{ OUI_BRIDGED,     "Frame Relay or ATM bridged frames" },
  				/* RFC 2427, RFC 2684 */
  	{ OUI_ATM_FORUM,   "ATM Forum" },
  	{ OUI_CABLE_BPDU,  "DOCSIS Spanning Tree" }, /* DOCSIS spanning tree BPDU */
+ 	{ OUI_APPLE_ATALK, "Apple (AppleTalk)" },
  	{ 0,               NULL }
  };
  
***************
*** 230,235 ****
--- 231,237 ----
  			switch (oui) {
  
  			case OUI_ENCAP_ETHER:
+ 			case OUI_CISCO_WLANB:
  			case OUI_APPLE_ATALK:
  				/* No, I have no idea why Apple used
  				   one of their own OUIs, rather than
***************
*** 237,243 ****
  				   packet type as protocol ID, for
  				   AppleTalk data packets - but used
  				   OUI_ENCAP_ETHER and an Ethernet
! 				   packet type for AARP packets. */
  				capture_ethertype(etype, offset+8, pd,
  				    ld);
  				break;
--- 239,249 ----
  				   packet type as protocol ID, for
  				   AppleTalk data packets - but used
  				   OUI_ENCAP_ETHER and an Ethernet
! 				   packet type for AARP packets.
! 
! 				   Also, apparently, some Cisco 802.11
! 				   bridges change the OUI of packets
! 				   from 000000 to 000078. */
  				capture_ethertype(etype, offset+8, pd,
  				    ld);
  				break;
***************
*** 383,388 ****
--- 389,395 ----
  	switch (oui) {
  
  	case OUI_ENCAP_ETHER:
+ 	case OUI_CISCO_WLANB:
  	case OUI_APPLE_ATALK:
  		/* No, I have no idea why Apple used
  		   one of their own OUIs, rather than
***************
*** 390,396 ****
  		   packet type as protocol ID, for
  		   AppleTalk data packets - but used
  		   OUI_ENCAP_ETHER and an Ethernet
! 		   packet type for AARP packets. */
  		if (XDLC_IS_INFORMATION(control)) {
  			ethertype(etype, tvb, offset+5,
  			    pinfo, tree, snap_tree, hf_type, -1);
--- 397,407 ----
  		   packet type as protocol ID, for
  		   AppleTalk data packets - but used
  		   OUI_ENCAP_ETHER and an Ethernet
! 		   packet type for AARP packets.
! 
! 		   Also, apparently, some Cisco 802.11
! 		   bridges change the OUI of packets
! 		   from 000000 to 000078. */
  		if (XDLC_IS_INFORMATION(control)) {
  			ethertype(etype, tvb, offset+5,
  			    pinfo, tree, snap_tree, hf_type, -1);