Guy Harris wrote:
James Menzies wrote:
It would be greatly appreciated it if the following minor patch could be
applied. This corrects two long standing issues with the Visual
Networks file type in PPP and ML-PPP environments.
And causes bug 2005:
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2005
so I'll back the change out.
The problem is that you cannot rely on PPP frames beginning with 0xff
0x03, as Address-and-Control-Field-Compression might have been turned on
(and *is* negotiated on in the capture in bug 2005). Another scheme is
required to distinguish PPP frames from Cisco HDLC frames.
Do you have any examples of capture files that aren't handled correctly
by the old code, so we can try to figure out code that handles both
those files and the files attached to bug 2005?
Thanks for the patch in bug 2005; I've checked that in.
Is there any documentation on the Visual Networks file format?
The media type values appear to be the same as SNMP ifType values, as
found in http://www.iana.org/assignments/smi-numbers:
Ethernet 6
Token Ring 9
LAPB 16
"Proprietary point-to-point serial" 22
Frame relay 32
ATM 37
HDLC 118
which would explain why they're not some dense set of integral values.
The only encapsulation hint value given is 14, for PPP; do you know any
other encapsulation hint values?
Also, should we be using WTAP_ENCAP_PER_PACKET for media type values of
22 (propPointToPointSerial) and 118 (HDLC)?
