From: Desem, Can (Can.Desem@team.telstra.com)
Date: 07/23/03
Subject: RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration Date: Wed, 23 Jul 2003 14:47:58 +1000 Message-ID: <231DAA6464F5D311B0A30008C7F90735046C5DCD@ntmsg0134.corpmail.telstra.com.au> From: "Desem, Can" <Can.Desem@team.telstra.com>
Yann,
This works now. I am really impressed how quickly you came up with a fix to include PPPoE support.
Thanks,
Can Desem
-----Original Message-----
From: Yann Samama [mailto:ysamama@nortelnetworks.com]
Sent: Tuesday, 22 July 2003 11:37 PM
To: Desem, Can; tcptrace@tcptrace.org
Subject: RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration
All,
Please find enclosed in this e-mail the correction to the "hardware duplicate" issue raised by Can on my patches for PPPoE support in libpcap capture files.
The root cause was that the "eth_header" structure was not properly cleaned after dealing with a TCP segment.
This would cause PPP LCP packet to be wrongly handled as TCP segments and declared as "hardware duplicates".
Please test it and keep me informed on the outcome.
Best regards,
Yann.
-----Original Message-----
From: Desem, Can [ mailto:Can.Desem@team.telstra.com]
Sent: mardi 22 juillet 2003 01:21
To: Samama, Yann [CTF:4654:EXCH]; tcptrace@tcptrace.org
Subject: RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration
Yann,
This is looking good. However, when looking at PPPoE traces, tcptrace now detects hardware duplicates (not in all cases) when they may not be there. Looking at these dump files with ethereal or tcpdump, there are no hardware duplicates (unless tcpdump or ethereal doesn't print these) but tcptrace reports duplicates. If I filter out one of these tcp flows using ethereal and put it in a separate file and then apply tcptrace to this file it does not report any hardware duplicates.
Thanks,
Can Desem
-----Original Message-----
From: Yann Samama [ mailto:ysamama@nortelnetworks.com]
Sent: Monday, 21 July 2003 7:06 PM
To: 'tcptrace@tcptrace.org'
Subject: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration
All,
Please find enclosed in this e-mail three patches which add support for PPPoE capture files encoded in libpcap format.
tcpdump.h.patch
- added a function to calculate the byte offset with regards to the encapsulation type :
=> straight Ethernet encapsulation
=> Point-to-Point Protocol over Ethernet encapsulation
tcpdump.c.patch
- modified the switch case for Ethernet (DLT_EN10MB) to take into account the calculated offset
tcptrace.h.patch
- added some PPPoE constants definitions so that my code is more readable and re-usable for other capture file formats.
Could you please test them and check that it does not break anything ?
Please note that those patches include also the modifications I made previously to add support for PPP captures.
Best regards,
Yann.
----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.
This archive was generated by hypermail 2.1.7 : 07/23/03 EDT