On Fri, Apr 25, 2003 at 09:08:30PM +0800, darren wrote:
> Are there any differences in the way Cisco HDLC frames are handled by
> libpcap 0.6.2 and 0.7.2.
(That's more of a libpcap question than an Ethereal question, and the
right place for libpcap questions is tcpdump-workers@xxxxxxxxxxx.
However, there is at least one member of the libpcap/tcpdump core team
on the Ethereal mailing lists, so....)
Yes, if the device uses ARPHRD_HDLC/ARPHDR_CISCO as its device type.
0.6.2 mapped that to "cooked mode"; 0.7.2 maps it to DLT_C_HDLC, under
the assumption that whoever wrote the driver had something approximating
a clue, and supplies Cisco HDLC frames as the raw frame data.
> I cannot seem to capture the frames correctly after upgrading to 0.7.2.
> Used to be fine in 0.6.2.
Perhaps the driver write lacked a clue. Could you send us a network
trace, and an indication of what type of device is supplying the Cisco
HDLC frames *AND* what driver is used?
> In 0.6.2, I see all the IP packets correctly framed in ethereal's
> display. In o.7.2, I see them as DTE and DCE frames.
>
> Is this an enhancement?
For at least some devices supplying Cisco HDLC frames, I infer that it
is; the checkin comment for the libpcap change that altered the way
ARPHRD_HDLC is handled was:
Patch from Marcus Felipe Pereira <marcus@xxxxxxxxxxx> to map ARPHRD_HDLC
to DLT_C_HDLC.
...
so presumably for whatever device *he* had, it *was* an enhancement -
he got to see the full Cisco HDLC frame.
This may mean that whoever wrote the driver for his device (whatever
device that happened to be) had a clue, and whoever wrote the driver for
your device didn't.
