On Sun, Dec 17, 2000 at 03:32:02PM -0800, Brian J. Murrell wrote:
> I am using an up-to-date-as-of-today snapshot of tcpdump 3.6 on my
> network. I was trying to dump and filter packets on my Internet
> interface which is PPPoE. After I could not get any filters other than
> ethernet filters to work it hit me like a ton of bricks.
>
> libpcap cannot compile working filter code (i.e. ip src host a.b.c.d) if
> there are additional layers between the mac layer and ip layer (as is
> the case of PPPoE) because it's offset values into higher level
> protocols are hardcoded.
>
> I am not sure what can be done about it though?
It could, I guess, for all code in the filter expression that could work
on PPP, generate code to check the link-layer packet type for PPPoE and,
if it matches, check that the code field is 0x00 and, if that matches,
do the appropriate checks for PPPoE.
As I read RFC 2516, for PPP session packets, the PPPoE header is always
6 bytes long, so the generated code wouldn't have to do any
index-register variable-length-header stuff.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
