Wireshark · Ethereal-dev: Re: [ethereal-dev] WCCP 1.0 Decoder

Ethereal-dev: Re: [ethereal-dev] WCCP 1.0 Decoder

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>

Date: Sat, 11 Dec 1999 15:16:36 -0800

> +    	guint8 ip_offset;
> +	
> +	proto_tree_add_item_hidden(gre_tree, hf_gre_wccp, offset, sizeof(type), TRUE);
> +    	offset += sizeof(type);    
> +	
> +	ip_offset = pd[offset]; 
> +	if ((ip_offset & 0x45)) {
> +		/* we can assume that all wccp packets are streaming ip */
> +	} else {
> +		/* WCCP 1 and 2 both use the same type, but v2 has an extra 4 octet header */
> +		offset += sizeof(guint32);
> +	}

That should perhaps be done by

	if ((pd[offset] & 0xF0) == 0x40) {
		/* it's WCCPv1 */
	} else {
		/* it's presumably WCCPv2 */
	}

so that IP options don't cause it to misinterpret the packet as WCCP
encapsulation for v2.

Note also that "calc_len()" would have to be changed as well, to include
the extra 4 octets - or perhaps the "calc_len()" code should be pulled
up into "dissect_gre()" itself, above the first
"proto_tree_add_item_format()" call.

Follow-Ups:
- Re: [ethereal-dev] WCCP 1.0 Decoder
  - From: Jerry Talkington

References:
- [ethereal-dev] WCCP 1.0 Decoder
  - From: Jerry Talkington

Prev by Date: Re: [ethereal-dev] WCCP 1.0 Decoder
Next by Date: Re: [ethereal-dev] WCCP 1.0 Decoder
Previous by thread: Re: [ethereal-dev] WCCP 1.0 Decoder
Next by thread: Re: [ethereal-dev] WCCP 1.0 Decoder
Index(es):
- Date
- Thread