Gilbert Ramirez wrote:
>
> On Mon, Mar 27, 2000 at 04:49:52AM -0600, Paul Ionescu wrote:
> >
> >
> > I tried to spy a PPTP connection between a linux and a W2K. (The capture
> > is attached to email)
> > I think that maybe there is a bug somwhere because the ppp packed is not
> > dissected correctly.
> > There should be a valid PPP/LCP packet, but instead is reported as
> > unknown PPP.
> > The same capture dissected with Microsoft Netmon 2.0 reports unknown ppp
> > too, but after that it shows the LCP frame.
> >
> > - pptp.cap
>
> I have committed the change to fix this problem. Attached is a patch against
> the current CVS tree.
>
> I changed dissect_ppp() to accept an offset. I change the GRE code to
> call dissect_ppp() instead of dissect_payload_ppp().
>
> I left the PPPoE dissector as it is, calling dissect_payload_ppp(). If someone
> has some traces of PPPoE, perhaps they can fiddle with the code to see
> if its better to call dissect_ppp() now that it takes an offset. The current
> code is this:
>
> /* dissect_ppp is apparently done as a 'top level' dissector,
> * so this doesn't work:
> * dissect_ppp(pd,offset+6,fd,tree);
> * Im gonna try fudging it.
> */
>
> dissect_payload_ppp(pd,offset+6,fd,tree);
I regularly use ethereal to analyse PPPoE traffic and it decodes fine. I'm not
sure what you are wanting to try out here. Are you saying that there may be a
case where the PPP stream has a non-NULL encapsulation? If so, I don't think
this should occur inside a PPPoE stream, but I suppose it is possible. Anyway,
if there is something specific you would like me to try, lemme know.
>
> --gilbert
>
> --------------------------------------------------------------------------------
>
> pppfix.diffName: pppfix.diff
> Type: Plain Text (text/plain)
