On Jul 5, 2004, at 4:51 AM, Darren Reed wrote:
If ppp_hdlc() is called with length < 2, bad things happen.
Should it be called *at all* from "handle_ppp()"?
Or, if this is really just HDLC-over-L2TP, in which case it should be called directly from t
http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-pwe3-hdlc-03.txt
(which is for L2TP version 3, but perhaps there were similar, perhaps private, ways of negotiating the transport of HDLC rather than PPP over L2TP in V2;
http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-l2tp-base-14.txt
says
The Layer Two Tunneling Protocol (L2TP) provides a dynamic mechanism for tunneling Layer 2 (L2) "circuits" across a packet-oriented data network (e.g., over IP). L2TP, as originally defined in RFC 2661, is a standard method for tunneling Point to Point Protocol (PPP) [RFC1661] sessions. L2TP has since been adopted for tunneling a number of other L2 protocols.
so perhaps HDLC was one of the L2 protocols in question, with PPP running atop it in this case) should it be called from "l2tp_print()", which would check for stuff that looked like HDLC rather than PPP and directly call "ppp_hdlc()"?
Or is that heuristic insufficient - in the example you gave, you indicate that the packet might be an empty PPP_VJNC packet rather than an HDLC-over-L2TP packet?
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.