Wireshark · Ethereal-dev: Re: [ethereal-dev] how to handle etypes

Ethereal-dev: Re: [ethereal-dev] how to handle etypes < maxlen

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>

Date: Sun, 5 Dec 1999 01:53:59 -0800

> However, "dissect_llc()" (and "capture_llc()") should probably check for
> an OUI of 0x00 0x00 0x00 before treating the frame as a SNAP frame with
> a 2-byte Ethernet type following the OUI.

I've checked in changes to do that.  Try the "#if 0"-out code, and, if
it shows an OUI of 0x00000c (Cisco) and a protocol ID of 0x010b, and
shows everything after that as data, check in that version of
"packet-vlan.c".

You might, BTW, also want to add a "capture_vlan()" routine, called by
"capture_ethertype()" if "etype" is ETHERTYPE_VLAN; it would look
something like:

  encap_proto = pntohs( &pd[offset+2] );
  if ( encap_proto <= IEEE_802_3_MAX_LEN) {
    if ( pd[offset+4] == 0xff && pd[offset+5] == 0xff ) {
      capture_ipx(pd,offset+4,cap_len,ld);
    } else {
      capture_llc(pd,offset+4,cap_len,ld);
    }
  } else {
    capture_ethertype(encap_proto, offset+4, pd, cap_len, ld);
  }

so that packets within a VLAN packet get counted right in the capture
window.

References:
- [ethereal-dev] how to handle etypes < maxlen
  - From: Neulinger, Nathan R.
- Re: [ethereal-dev] how to handle etypes < maxlen
  - From: Guy Harris

Prev by Date: Re: [ethereal-dev] how to handle etypes < maxlen
Next by Date: Re: [ethereal-dev] Checked in code to write "snoop" and NetMon capture files
Previous by thread: Re: [ethereal-dev] how to handle etypes < maxlen
Next by thread: [ethereal-dev] I went ahead and committed the scroll patch...
Index(es):
- Date
- Thread