Wireshark · Ethereal-users: Re: [ethereal-users] ethereal-0.8.8: frame-problem with device ippp1

Ethereal-users: Re: [ethereal-users] ethereal-0.8.8: frame-problem with device ippp1

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxx>

Date: Tue, 23 May 2000 07:34:00 -0500

On Tue, May 23, 2000 at 12:53:02PM +0200, Reinhard Nissl wrote:
> Hi,
> 
> Attached is a capture of some ping packets.
> 
> Bye.
> --
> Dipl.-Inform. (FH) Reinhard Nissl
> mailto:rnissl@xxxxxx

Try this patch. It's against Ethereal 0.8.8. Right now it just skips that
fake MAC address at the beginning and starts decoding at the PPP header.
It correctly decodes the sample trace you sent.

--gilbert

--- ../a/ethereal-0.8.8/packet-ppp.c	Mon May  8 22:15:24 2000
+++ packet-ppp.c	Tue May 23 07:27:58 2000
@@ -1134,11 +1134,11 @@
   /* populate a tree in the second pane with the status of the link
      layer (ie none) */
   if(tree) {
-    ti = proto_tree_add_item(tree, proto_ppp, 0, 4, NULL);
+    ti = proto_tree_add_item(tree, proto_ppp, offset, 4, NULL);
     fh_tree = proto_item_add_subtree(ti, ett_ppp);
     if (pd[offset] == 0xff) {
-      proto_tree_add_text(fh_tree, 0, 1, "Address: %02x", ph.ppp_addr);
-      proto_tree_add_text(fh_tree, 1, 1, "Control: %02x", ph.ppp_ctl);
+      proto_tree_add_text(fh_tree, offset+0, 1, "Address: %02x", ph.ppp_addr);
+      proto_tree_add_text(fh_tree, offset+1, 1, "Control: %02x", ph.ppp_ctl);
     }
   }
 
--- ../a/ethereal-0.8.8/packet-raw.c	Mon May  8 22:15:24 2000
+++ packet-raw.c	Tue May 23 07:25:58 2000
@@ -35,6 +35,7 @@
 #include <glib.h>
 #include "packet.h"
 #include "packet-ip.h"
+#include "packet-ppp.h"
 
 static gint ett_raw = -1;
 
@@ -49,10 +50,17 @@
   /* Currently, the Linux 2.1.xxx PPP driver passes back some of the header
    * sometimes.  This check should be removed when 2.2 is out.
    */
-  if (pd[0] == 0xff && pd[1] == 0x03)
+  if (BYTES_ARE_IN_FRAME(0, 2) && pd[0] == 0xff && pd[1] == 0x03) {
     capture_ip(pd, 4, ld);
-  else
+  }
+  /* The Linux ISDN driver sends a fake MAC address before the PPP header
+   * on its ippp interfaces. */
+  else if (BYTES_ARE_IN_FRAME(0,10) && pd[6] == 0xff && pd[7] == 0x03 && pd[8] == 0x00 && pd[9] == 0x21) {
+    capture_ip(pd, 10, ld);
+  }
+  else {
     capture_ip(pd, 0, ld);
+  }
 }
 
 void
@@ -87,10 +95,17 @@
   /* Currently, the Linux 2.1.xxx PPP driver passes back some of the header
    * sometimes.  This check should be removed when 2.2 is out.
    */
-  if (pd[0] == 0xff && pd[1] == 0x03)
+  if (BYTES_ARE_IN_FRAME(0, 2) && pd[0] == 0xff && pd[1] == 0x03) {
     dissect_ip(pd, 4, fd, tree);
-  else
+  }
+  /* The Linux ISDN driver sends a fake MAC address before the PPP header
+   * on its ippp interfaces. */
+  else if (BYTES_ARE_IN_FRAME(0,8) && pd[6] == 0xff && pd[7] == 0x03) {
+    dissect_ppp(pd, 6, fd, tree);
+  }
+  else {
     dissect_ip(pd, 0, fd, tree);
+  }
 }
 
 void

Follow-Ups:
- Re: [ethereal-users] ethereal-0.8.8: frame-problem with device ippp1
  - From: Reinhard Nissl

References:
- Re: [ethereal-users] ethereal-0.8.8: frame-problem with device ippp1
  - From: Gilbert Ramirez
- Re: [ethereal-users] ethereal-0.8.8: frame-problem with device ippp1
  - From: Claus Wagner
- Re: [ethereal-users] ethereal-0.8.8: frame-problem with device ippp1
  - From: Gilbert Ramirez
- Re: [ethereal-users] ethereal-0.8.8: frame-problem with device ippp1
  - From: Reinhard Nissl

Prev by Date: Re: [ethereal-users] ethereal-0.8.8: frame-problem with device ippp1
Next by Date: [ethereal-users] error compiling -current with latest snmp from ucsd
Previous by thread: Re: [ethereal-users] ethereal-0.8.8: frame-problem with device ippp1
Next by thread: Re: [ethereal-users] ethereal-0.8.8: frame-problem with device ippp1
Index(es):
- Date
- Thread