Wireshark · Ethereal-dev: Re: [ethereal-dev] WCCP 1.0 Decoder

Ethereal-dev: Re: [ethereal-dev] WCCP 1.0 Decoder

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>

Date: Sat, 11 Dec 1999 15:11:40 -0800

> -    offset += sizeof(type);    
> +    if(type == GRE_PPP) {
> +    	proto_tree_add_item_hidden(gre_tree, hf_gre_ppp, offset, sizeof(type), TRUE);
> +    	offset += sizeof(type);    
> +    } else if(type == GRE_IP) {
> +    	proto_tree_add_item_hidden(gre_tree, hf_gre_ip, offset, sizeof(type), TRUE);
> +    	offset += sizeof(type);    
> +    } else if(type == GRE_WCCP) {
> +    	guint8 ip_offset;
> +	
> +	proto_tree_add_item_hidden(gre_tree, hf_gre_wccp, offset, sizeof(type), TRUE);
> +    	offset += sizeof(type);    
> +	
> +	ip_offset = pd[offset]; 
> +	if ((ip_offset & 0x45)) {
> +		/* we can assume that all wccp packets are streaming ip */
> +	} else {
> +		/* WCCP 1 and 2 both use the same type, but v2 has an extra 4 octet header */
> +		offset += sizeof(guint32);
> +	}
>  
> +    }

Perhaps this should be done by adding the encapsulation type as a named
field, so you could do

	gre.type == 0x880b

to look for PPP, etc.  (and, eventually, the display filter code will
probably support

	gre.type == "PPP"

as well, so that enumerated fields can be searched without having to
know the magic number).

References:
- [ethereal-dev] WCCP 1.0 Decoder
  - From: Jerry Talkington

Prev by Date: Re: [ethereal-dev] WCCP 1.0 Decoder
Next by Date: Re: [ethereal-dev] WCCP 1.0 Decoder
Previous by thread: Re: [ethereal-dev] WCCP 1.0 Decoder
Next by thread: Re: [ethereal-dev] WCCP 1.0 Decoder
Index(es):
- Date
- Thread