Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: [Ethereal-dev] problems with direction info of PPP/ vj-compressed TCP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: thingstocome@xxxxxxx
Date: Thu, 24 Jul 2003 13:57:19 +0200 (MEST)
Hi,
I am writing this in the hope that someone here knows how to store
PPP/vj-compressed direction information using wtap_dump() so that it is properly
recognized when loading the capture file with Ethereal.
Although I was able to successfully construct and dump PPP frames that can
be viewed with Ethereal, the direction of vj-compressed packets is always said
to be unknown. My workaround for this was to use the p2p_phdr structure to
provide Ethereal with the appropriate direction information but that data
doesn't seem to get recognized at all.
Since I am not really familiar with the wiretap library I would appreciate
some help on that topic.
My function calls are as follows and although no errors occur I am not
getting the the desired results  :

.... 
w_dumper = wtap_dump_open(filename,WTAP_FILE_PCAP ,
WTAP_ENCAP_PPP_WITH_PHDR,0,&err); /* what is snaplen for ? */
....
....
/* buffer fill... */
....
struct wtap_pkthdr w_hdr = {  time,
			        port->bp, 
                                port->bp,                            /*
bytes in port->buffer */
                                WTAP_ENCAP_PPP_WITH_PHDR
                              };

  union wtap_pseudo_header w_phdr;
  w_phdr.p2p.sent = port->dir;                 /* TRUE or FALSE */
  int err=0;
  if(!wtap_dump(w_dumper,&w_hdr,&w_phdr,(guchar *)  port->buffer , &err))
  {
    if(err != 0) printf("wtap_dump() failed! Errorcode: %i\n",err);
  }
....
if(!wtap_dump_close(w_dumper,&err)) 
  {    
    if(err != 0) printf("[INFO] wtap_dump_close() failed! Error code:
%i\n",err);
  }
.....

When I load the dump file in Ethereal afterwards , the encapsulated packets
(in the PPP frames) that are not TCP VJ-compressed are all properly dissected
(LCP,ICMP, IP etc...). For the VJ-compressed TCP packets only "direction
unknown" is displayed and the packet is not further dissected (decompressed),
although the functionality for this is given in packet-vj.c.  
This is apparently because the according pinfo->p2p_dir is never filled
before, for me it looks like the code where this should happen ( packet-frame.c )
is never reached and I don't know why (since I think I supply the right
encapsulation header).
Does anyone know what I am doing wrong? I could also provide a dump file if
that makes analysis easier.
Thanks in advance,

Philipp M�nner

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++

Jetzt ein- oder umsteigen und USB-Speicheruhr als Pr�mie sichern!
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube