I noticed that when tcpdumping a DHCP request for option number 160 that this showed up as "T-96" (where 256-96=160). It looks like the problem is that the signed char variable "c" is not large enough to hold the value 160, so it overflows to -96. I also see in that function that a 16-bit quantity is read into "c":
c = EXTRACT_16BITS(bp); This also seems like another good way to lose. I think changing "c" to be an int instead of a signed char would fix these issues, but i don't have time to test this change extensively, so i thought i'd point this out in case anyone else has time. cheers, neal - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe