tcpdump mailing list archives
Re: Patch to print out IP data in PPP HDLC packets
From: Stephen Donnelly <stephen () endace com>
Date: Mon, 05 Jul 2004 08:54:00 +1200
Normally a NIC or interface providing access to an HDLC link/network would perform de-bytestuffing internally before the packets ever get to libpcap. Obviously de-bytestuffing a packet twice can corrupt data. Do we really want to have de-bytestuffing code in libpcap?
Surely at minimum it should be off by default and selectable as an option perhaps, if necessary?
Stephen. Hannes Gredler wrote:
On Thu, Jul 01, 2004 at 09:32:26PM +1000, Darren Reed wrote: | I've been using this patch to print IP packets inside PPP HDLC | frames found in raw 1xRTT traffic. I've been able to find few | details on the actual PPP header format apart from what "0x7eff" | means and observing traffic for 0x7e21. The end result is extra | output of the form "{ PPP HDLC IP 1.2.3.4 > 2.3.4.5: GREv1call 0....}"| | It may not be particularly efficient because it malloc's a new| buffer for each packet (rather than using a static buffer) but | better that than limit the program's capabilities w.r.t recursive | decoding was what I decided.| | Darrendarren, thanks for your submission - i have checked in the attached patch; /hannes ------------------------------------------------------------------------ Index: print-ppp.c =================================================================== RCS file: /tcpdump/master/tcpdump/print-ppp.c,v retrieving revision 1.95 diff -u -r1.95 print-ppp.c --- print-ppp.c 2 Jul 2004 06:32:47 -0000 1.95 +++ print-ppp.c 2 Jul 2004 20:15:32 -0000 @@ -47,6 +47,7 @@#include <pcap.h>#include <stdio.h> +#include <stdlib.h>#include "interface.h"#include "extract.h" @@ -370,6 +371,7 @@ static int print_ccp_config_options (const u_char *p, int); static int print_bacp_config_options (const u_char *p, int); static void handle_ppp (u_int proto, const u_char *p, int length); +static void ppp_hdlc(const u_char *p, int length);/* generic Control Protocol (e.g. LCP, IPCP, CCP, etc.) handler */static void @@ -1052,10 +1054,81 @@ }+static void+ppp_hdlc(const u_char *p, int length) +{ + u_char *b, *s, *t, c; + int i, proto; + const void *se; + + b = (u_int8_t *)malloc(length); + if (b == NULL) + return; + + /* + * Unescape all the data into a temporary, private, buffer. + * Do this so that we dont overwrite the original packet + * contents. + */ + for (s = (u_char *)p, t = b, i = length; i > 0; i--) { + c = *s++; + if (c == 0x7d) { + if (i > 1) { + i--; + c = *s++ ^ 0x20; + } else + continue; + } + *t++ = c; + } + + se = snapend; + snapend = t; + + /* now lets guess about the payload codepoint format */ + proto = *b; /* start with a one-octet codepoint guess */+ + switch (proto) {+ case PPP_IP: + ip_print(b+1, t - b - 1); + goto cleanup; +#ifdef INET6 + case PPP_IPV6: + ip6_print(b+1, t - b - 1); + goto cleanup; +#endif + default: /* no luck - try next guess */ + break; + } + + proto = EXTRACT_16BITS(b); /* next guess - load two octets */ + + switch (proto) { + case 0xff03: /* looks like a PPP frame */ + proto = EXTRACT_16BITS(b+2); /* load the PPP proto-id */ + handle_ppp(proto, b+4, t - b - 4); + break; + default: /* last guess - proto must be a PPP proto-id */ + handle_ppp(proto, b+2, t - b - 2); + break; + } + +cleanup: + snapend = se; + free(b); + return; +} + + /* PPP */ static void handle_ppp(u_int proto, const u_char *p, int length) { + if ((proto & 0xff00) == 0x7e00) {/* is this an escape code ? */ + ppp_hdlc(p-1, length); + return; + } + switch (proto) { case PPP_LCP: case PPP_IPCP:
-- ----------------------------------------------------------------------- Stephen Donnelly BCMS PhD email: sfd () endace com Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378 ----------------------------------------------------------------------- - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Patch to print out IP data in PPP HDLC packets Darren Reed (Jul 01)
- Re: Patch to print out IP data in PPP HDLC packets Hannes Gredler (Jul 01)
- Re: Patch to print out IP data in PPP HDLC packets Darren Reed (Jul 01)
- Re: Patch to print out IP data in PPP HDLC packets Hannes Gredler (Jul 02)
- Re: Patch to print out IP data in PPP HDLC packets Guy Harris (Jul 02)
- Re: Patch to print out IP data in PPP HDLC packets Darren Reed (Jul 02)
- Re: Patch to print out IP data in PPP HDLC packets Darren Reed (Jul 01)
- Re: Patch to print out IP data in PPP HDLC packets Hannes Gredler (Jul 01)
- Re: Patch to print out IP data in PPP HDLC packets Hannes Gredler (Jul 02)
- Re: Patch to print out IP data in PPP HDLC packets Stephen Donnelly (Jul 04)
- Re: Patch to print out IP data in PPP HDLC packets Darren Reed (Jul 05)
- Re: Patch to print out IP data in PPP HDLC packets Guy Harris (Jul 05)
- Re: Patch to print out IP data in PPP HDLC packets Stephen Donnelly (Jul 04)