First, thanks for the quick response. The patch work great.
I'm concerned about the first byte I suspect that it is an address that
is entered into the router configuration. The default value it 7 and
I know that all my routers use 7. It I get a chance I will modify the
configuration and see if the first byte changes.
The configuration has a local and remote address parameter. The help
information describes these as the HDLC addresses for the interfaces of
a point to point circuit. The recommend values are 1-255 with 1 for
"remote DTE" and 3 for "remote DTE". For a X.25 circuit use - 1 = DCE,
3 = DTE.
I don't recommend changing the code, I just want to document what little
information that I have.
Thanks again,
Jeff Foster
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: Thursday, December 19, 2002 3:51 PM
To: Richard Sharpe
Cc: ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] Broken Wellfleet LAPB captures ...
On Thu, Dec 19, 2002 at 02:13:01PM -0800, Richard Sharpe wrote:
> On Thu, 19 Dec 2002, Guy Harris wrote:
>
> > RFC 1547 suggests that it merely has an Ethernet type; are you saying
> > that a full Ethernet header, complete with destination and source MAC
> > addresses, follows the first two bytes?
>
> Yes, every frame in the capture sent to me contains:
>
> 07 03 ab cd ef gh ij kl mn op qr st uv wx 08 00 45 ...
Sigh.
I guess we can use 0x07 0x03 as an indicator of Wellfleet PPP, for now.
I'd modify "infer_pkt_encap()" to take a pointer to the first octet of
the packet, and the number of octets in the packet, as arguments, and
have it check for:
0xff 0x03 = PPP
0x07 0x03 = Wellfleet HDLC
0x08 0x00 or 0x8F 0x00 = Cisco HDLC (although RFC 1547 says, in
"4.3.1 Cisco Systems point-to-point protocols", "the second
octet (control byte) is left zero *and is not checked on
reception*, so we *might* have to remove the check of the
second octet at some point)
0x34 or 0x28 as the first octet - Frame Relay
anything else with the low-order bit set in the first byte = LAPB
anything else = LAPD (ISDN)
If there's ever Wellfleet PPP traffic that doesn't start with 0x07 (or
if somebody finds a document specifying the Wellfleet PPP format), we'll
have to rethink that.
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
***
The information in this e-mail is confidential and intended solely for the
individual or entity to whom it is addressed. If you have received this
e-mail in error please notify the sender by return e-mail, delete this
e-mail, and refrain from any disclosure or action based on the information.
****
