RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration

From: Yann Samama (ysamama@nortelnetworks.com)
Date: 07/22/03 

Message-ID: <C76021BAF2A6D5119DE500508BCF45520A103228@zctfc004.europe.nortel.com>
From: "Yann Samama" <ysamama@nortelnetworks.com>
Subject: RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration
Date: Tue, 22 Jul 2003 15:37:11 +0200

All,

Please find enclosed in this e-mail the correction to the "hardware
duplicate" issue raised by Can on my patches for PPPoE support in libpcap
capture files.

The root cause was that the "eth_header" structure was not properly cleaned
after dealing with a TCP segment.

This would cause PPP LCP packet to be wrongly handled as TCP segments and
declared as "hardware duplicates".

Please test it and keep me informed on the outcome.

Best regards,

Yann.

-----Original Message-----
From: Desem, Can [mailto:Can.Desem@team.telstra.com]
Sent: mardi 22 juillet 2003 01:21
To: Samama, Yann [CTF:4654:EXCH]; tcptrace@tcptrace.org
Subject: RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with
previous PPP linktype integration

Yann,
 
This is looking good. However, when looking at PPPoE traces, tcptrace now
detects hardware duplicates (not in all cases) when they may not be there.
Looking at these dump files with ethereal or tcpdump, there are no hardware
duplicates (unless tcpdump or ethereal doesn't print these) but tcptrace
reports duplicates. If I filter out one of these tcp flows using ethereal
and put it in a separate file and then apply tcptrace to this file it does
not report any hardware duplicates.
 
Thanks,
 
Can Desem
 
-----Original Message-----
From: Yann Samama [mailto:ysamama@nortelnetworks.com]
Sent: Monday, 21 July 2003 7:06 PM
To: 'tcptrace@tcptrace.org'
Subject: tcptrace PPPoE patches for libpcap (tcpdump) files along with
previous PPP linktype integration

All,

Please find enclosed in this e-mail three patches which add support for
PPPoE capture files encoded in libpcap format.
tcpdump.h.patch
 - added a function to calculate the byte offset with regards to the
encapsulation type :
   => straight Ethernet encapsulation
   => Point-to-Point Protocol over Ethernet encapsulation
tcpdump.c.patch
 - modified the switch case for Ethernet (DLT_EN10MB) to take into account
the calculated offset
tcptrace.h.patch
 - added some PPPoE constants definitions so that my code is more readable
and re-usable for other capture file formats.
Could you please test them and check that it does not break anything ?
Please note that those patches include also the modifications I made
previously to add support for PPP captures.

Best regards,
Yann.
  

----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.

This archive was generated by hypermail 2.1.7 : 07/22/03 EDT