Ethereal-dev: Re: [Ethereal-dev] PPP dissector bug

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Irfan Khan <ikhan@xxxxxxxxxxxx>
Date: Mon, 10 Mar 2003 20:15:22 -0700
Guy Harris wrote:

On Mon, Mar 10, 2003 at 07:56:19PM -0700, Irfan Khan wrote:
Yup, these are framing bytes. I thought it better to put the check for any unexpected 0x7e s in packet-ppp to make it more bug-proof :)

But what if there happens to be a PPP protocol with a value 0x7eXX, for
some value of "XX"?  Unlikely, I suspect, but should we be stripping
0x7e's out unconditionally?

(And what were the 0x7e's doing in there?  Incorrect stripping of link
framing by the LAC?)
0x7e is escaped in PPP (preceded by 0x7d). I suspect the escaping extends to the protocol number too though I have to go check my 1661 on that :).

I believe the implementation of L2TP is incorrect for the log I was looking at. A bigger negative of stripping link framing that I can think of is it would hide, in cases like L2TP, the faulty implementation of PPP. I was however more interested in getting to the payload of the PPP packets in this instance and had no good answers to this preceding concern.