At 07:59 AM 6/4/99 +0000, John McDermott <jjm@xxxxxxxxxx> wrote:
>
>Richard,
>
>I could be wrong, I only looked at this briefly, but it seems that calling
the
>IP decode from the ICMP code currently would try to decode the entire
packet.
>This could cause a problem. Right now, for instance, I have a device
sending
>illegal DNS packets. When I try to decode those, Ethereal seems to mostly
>hang up. I am not sure the code is strong enough right now to try to decode
>potentially illegal packets. I also know of no way to tell it to only do
the
>header. Maybe I am missing something.
No, I think you are right. It would try to decode the whole packet, and
would possibly fly off the end of the ICMP packet and decode whatever crap
was in memory after the end of the ICMP packet.
>What we probably need to do is modify the IP decode routine so that it is
>passed a flag saying: Decode it all or decode only the IP header. This
might
>solve the issue.
I thought about a flag, but we have too many flags. What we need, as Guy
seems to agree, is more smarts in the decode routines, such that they bail
out if they are not given enough to deal with.
Over time we are going to have more situations where there are packets
within packets (L2TP and PPTP come to mind), as well as cases where people
don't capture enought of the packets to make total sense of them. We
should try to handle that case gracefully.
>--john
Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, NS Computer Software and Services P/L,
Samba (Team member www.samba.org), Ethereal (Team member www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author, First Australian Linux Course
