Can you gzip the patches, some MUAs (e.g. google mail) mangle the text
attachments in a way that patches become unusable.
Luis.
On 4/13/07, Florian Lohoff <[EMAIL PROTECTED]> wrote:
>
> Hi,
> i took the time to polish the redback dissector a little and decode some
> more protocols:
>
>
> Index: epan/dissectors/packet-redback.c
> ===================================================================
> --- epan/dissectors/packet-redback.c (revision 21405)
> +++ epan/dissectors/packet-redback.c (working copy)
> @@ -6,7 +6,7 @@
> * By Gerald Combs <[EMAIL PROTECTED]>
> *
> * Start of RedBack SE400/800 tcpdump trace disassembly
> - * Copyright 2005,2006 Florian Lohoff <[EMAIL PROTECTED]>
> + * Copyright 2005-2007 Florian Lohoff <[EMAIL PROTECTED]>
> *
> * This program is free software; you can redistribute it and/or
> * modify it under the terms of the GNU General Public License
> @@ -41,6 +41,7 @@
> static dissector_handle_t eth_handle;
> static dissector_handle_t clnp_handle;
> static dissector_handle_t arp_handle;
> +static dissector_handle_t ppp_handle;
>
> /* wrapper for passing the PIC type to the generic ATM dissector */
> static void
> @@ -81,47 +82,58 @@
> "Layer3 Offset: %u", l3off);
> tisub = proto_tree_add_text (subtree, tvb, 22, 2,
> "Data Offset: %u", dataoff);
> - next_tvb = tvb_new_subset(tvb, l3off, -1, -1);
>
> /* Mark the gap as "Data" for now */
> if (dataoff > l3off) {
> proto_tree_add_text (subtree, tvb, 24, l3off-24, "Data (%d bytes)",
> l3off-24);
> }
>
> - /*
> - * Just a guess - In case we see a difference in dataoff vs l3off
> - * we assume there is an ethernet header. Traces from an OC12 didnt
> - * show any header in here
> - */
> - if (dataoff > l3off) {
> - call_dissector(eth_handle, next_tvb, pinfo, tree);
> - } else {
> - switch(proto) {
> - case 0x01:
> + switch(proto) {
> + case 0x01:
> /*
> * IP - We assume IPv6 has a different protocol although
> * i might be wrong - Havent seen any traces
> */
> - call_dissector(ipv4_handle, next_tvb, pinfo, tree);
> - break;
> - case 0x02:
> + next_tvb = tvb_new_subset(tvb, dataoff, -1, -1);
> + call_dissector(ipv4_handle, next_tvb, pinfo, tree);
> + break;
> + case 0x02:
> /*
> * It is CLNP although it seem the Packet Asic fills
> * some data in the packet so we have a "broken" packet in
> * the trace
> */
> - call_dissector(clnp_handle, next_tvb, pinfo, tree);
> - break;
> - case 0x03: /* Unicast Ethernet tx - Seen with PPPoE PADO */
> - case 0x04: /* Unicast Ethernet rx - Seen with ARP */
> - case 0x08: /* Broadcast Ethernet rx - Seen with PPPoE PADI */
> - call_dissector(eth_handle, next_tvb, pinfo, tree);
> - break;
> - default:
> - tisub = proto_tree_add_text (subtree, tvb, 24, length-24,
> + next_tvb = tvb_new_subset(tvb, l3off, -1, -1);
> + call_dissector(clnp_handle, next_tvb, pinfo, tree);
> + break;
> + case 0x06:
> +
> + /* HACK This is a guess - i dont know what this flag means
> + * but my best guess is that it means "incoming" e.g.
> + * the direction of the packet. In case of incoming PPP
> + * packets there seems to be some padding which does
> + * not get reflected in the l3off/dataoff
> + */
> +
> + if (flags & 0x00400000) {
> + next_tvb = tvb_new_subset(tvb, l3off, -1, -1);
> + } else {
> + proto_tree_add_text (subtree, tvb, l3off, 4, "Unknown Data (%d
> bytes)", 4);
> + next_tvb = tvb_new_subset(tvb, l3off+4, -1, -1);
> + }
> +
> + call_dissector(ppp_handle, next_tvb, pinfo, tree);
> + break;
> + case 0x03: /* Unicast Ethernet tx - Seen with PPPoE PADO */
> + case 0x04: /* Unicast Ethernet rx - Seen with ARP */
> + case 0x08: /* Broadcast Ethernet rx - Seen with PPPoE PADI */
> + next_tvb = tvb_new_subset(tvb, l3off, -1, -1);
> + call_dissector(eth_handle, next_tvb, pinfo, tree);
> + break;
> + default:
> + tisub = proto_tree_add_text (subtree, tvb, 24, length-24,
> "Unknown Protocol Data %u", proto);
> - break;
> - }
> + break;
> }
> return;
> }
> @@ -147,6 +159,7 @@
> eth_handle = find_dissector("eth_withoutfcs");
> clnp_handle = find_dissector("clnp");
> arp_handle = find_dissector("arp");
> + ppp_handle = find_dissector("ppp");
>
> redback_handle = create_dissector_handle(dissect_redback, proto_redback);
> dissector_add("wtap_encap", WTAP_ENCAP_REDBACK, redback_handle);
>
>
> Flo
> --
> Florian Lohoff [EMAIL PROTECTED] +49-171-2280134
> Those who would give up a little freedom to get a little
> security shall soon have neither - Benjamin Franklin
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQFGH3aaUaz2rXW+gJcRAlqnAKDYNRmZ9Ncml3hfDFnLnqf7BSib+ACgzteO
> 9mJeGSiuxwmpiDbeurSM8e0=
> =i3yd
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Wireshark-dev mailing list
> [EMAIL PROTECTED]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-dev mailing list
[EMAIL PROTECTED]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
