tcpdump mailing list archives
Re: Patch to print out IP data in PPP HDLC packets
From: Darren Reed <darrenr () reed wattle id au>
Date: Sat, 3 Jul 2004 12:31:57 +1000 (EST)
In some email I received from Hannes Gredler, sie wrote:
i have some questions wrt to the format based on the .pcap file that you supplied; the 1st byte 0x7e seems to introduce a HDLC frame; after that i can see 4 different frame formats:
Yes. I thought it might be useful to provide a set of the different frames I observed so you have a better grounding for testing, etc.
frame 1 0x0000: 2145 0000 6edc 5a00 006a 2f52 080a 1122
0x0010: 330a 1133 4430 8188 0b00 4ad4 9d5a 5a5a
0x0020: 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a
0x0030: 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a
0x0040: 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a
0x0050: 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a
0x0060: 5a5a 5a5a 5a5a 5a5a 5a5a 5a5a 5a7d 5d7d
0x0070: 5d
this seems to be some sort of shortcut IP frame ... 21 being
codepoint for IPv4; should be use then 0x57 for IPv6 ?
I don't know. Maybe? I've only coded printing of what I could see & understand.
frame 2 0x0000: c021 7d29 5d7d 207d 2860 89ca 54ff this looks like a LCP frame , correct ? so the second format is a fully blown PPP proto-id;
"don't know". I wasn't sure if the HDLC PPP should have LCP in it or not. I suppose it makes sense for it to do so. I couldn't find anything explicitly mentioning that frame format so I punted on it.
frame 6 0x0000: ff7d 23c0 217d 2126 7d20 7d34 7d22 7d26
0x0010: 7d20 7d20 7d20 7d20 7d25 7d26 65f1 b237
0x0020: 7d27 7d22 7d28 7d22 3c6b
ok this one i have some problems with ... 0xc021 looks like LCP
again but what is 0xff7d23 ?
The 7d23 is 03 encoded with bit-stuffing (see RFC 1662 as Guy pointed out.) Just one comment on the code - why not eliminate the "goto cleanup" by including the default case code inside the default switch ? As you know, goto's are evil ;) Maybe nested switch's are too :) Darren - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Patch to print out IP data in PPP HDLC packets Darren Reed (Jul 01)
- Re: Patch to print out IP data in PPP HDLC packets Hannes Gredler (Jul 01)
- Re: Patch to print out IP data in PPP HDLC packets Darren Reed (Jul 01)
- Re: Patch to print out IP data in PPP HDLC packets Hannes Gredler (Jul 02)
- Re: Patch to print out IP data in PPP HDLC packets Guy Harris (Jul 02)
- Re: Patch to print out IP data in PPP HDLC packets Darren Reed (Jul 02)
- Re: Patch to print out IP data in PPP HDLC packets Darren Reed (Jul 01)
- Re: Patch to print out IP data in PPP HDLC packets Hannes Gredler (Jul 01)
- Re: Patch to print out IP data in PPP HDLC packets Hannes Gredler (Jul 02)
- Re: Patch to print out IP data in PPP HDLC packets Stephen Donnelly (Jul 04)
- Re: Patch to print out IP data in PPP HDLC packets Darren Reed (Jul 05)
- Re: Patch to print out IP data in PPP HDLC packets Guy Harris (Jul 05)
- Re: Patch to print out IP data in PPP HDLC packets Stephen Donnelly (Jul 04)