On Tue, Aug 14, 2007 at 06:25:20PM +0200, Ulf Lamping wrote:
> The current Ethernet manuf name resolving (resolve the manufacturer name - the first three bytes of the Ethernet address, e.g. 04:05:06 -> Xerox) doesn't work if the address uses the Ethernet broadcast or locally administered flags (see http://wiki.wireshark.org/Ethernet?highlight=%28ethernet%29#head-93bbcf02a0070b56eaae6b5f3f4ba6112c64522a for details about these flags).
>
> Currently only the resolving of 04:05:06 -> Xerox does work, 05:05:06, 06:05:06 and 07:05:06 are not resolved, although the manufaturer part is the same.
Ah, great news. It's been annoyoing me for a while, but never enough to
fix it :-)
> I've implemented an experimental change in epan/addr_resolv.c, which strips down both flags before doing the actual manuf resolvings - which is working well:
>
> 04:05:06 -> Xerox
> 05:05:06 -> Xerox
> 06:05:06 -> Xerox
> 07:05:06 -> Xerox
OK, BUT: The moment, the flag for locally assigned is true, resolving
should either stop or at least not mask out that bit.
> Unfortunately, this "hides" both flags a little bit (although the display of these flags wasn't very "prominent" already before), so I'm unsure if the change should go into the Wireshark sources or not.
Maybe do two passes: One without the mask, and if it doesn't return
success, then with the mask (0xfe) on the first octet?
ciao
joerg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
