On Tue, Mar 21, 2000 at 01:02:55PM +0000, Ben Fowler wrote:
> At 02:32 AM 3/21/00 -0800, Guy Harris wrote:
> > > I have just patched my 0.8.3 tree to 0.8.4 using the (tiny)
> > > patch provided. I was unable to compile 0.8.4 in this way
> > > because after the patch aclocal.m4 was out of date and
> > > my system was not strong enough to make it. I got 0.8.4
> > > to compile by 'touch'ing aclocal.m4.
> >
> >Did the patch modify "aclocal.m4"?
>
> As I recall, I checked with diff and found no changes.
Hmm. The 0.8.3-to-0.8.4 patch appears to patch "aclocal.m4" but not
"acinclude.m4" (the change is probably due to a different version of one
of the auto* utilities, or something such as that, being used), so it's
*extremely* surprising that "aclocal.m4" would have been made
out-of-date by the patch.
> So, I am interested in contributing some of these things:
>
> 1) An enhancement to ICMP to report the ports and hosts involved. A Microsoft
> system has taken to asking for the DNS address of real.com every few minutes
> but can't be bothered to wait for a reply, so my DNS server is constantly
> getting
> ICMP packets back. This may be a bad idea in the sense that what is needed
> is a safe recursive way of dissecting IP within IP.
An unsafe recursive way is easy - you can just call the dissector from
the ICMP dissector, although you then may want some way of having the
internal IP packet's fields not show up as "ip.*" fields, although I
think there are other encapsulation schemes with the same problem - and
the only major safety problem is arranging that the IP dissector, *and*
the dissectors called by it, not run past the end of the packet, but
that's something that needs to be done *anyway*, so we can cope with
captures with a snapshot length shorter than the MTU of the network on
which the capture was taken.
