diff options
author | Guy Harris <guy@alum.mit.edu> | 2004-11-03 20:20:45 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2004-11-03 20:20:45 +0000 |
commit | 0384ceeeb6ff266ca9e6f0ef219f3e4692d2248e (patch) | |
tree | ad9cc04abe7ac8c5f829d7c72bad5d22a0116cc2 /epan/dissectors/packet-eth.c | |
parent | 2a12cdec29db65e22430e35b8d5bc458e8eeca47 (diff) | |
download | wireshark-0384ceeeb6ff266ca9e6f0ef219f3e4692d2248e.tar.gz |
Check for ISL frames before checking for ETHERTYPE_UNK, as ISL fields
might have 0 in what would be the Ethernet type field.
Also, handle the first 5 octets of the destination address of an ISL
frame being 0C-00-0C-00-00.
svn path=/trunk/; revision=12484
Diffstat (limited to 'epan/dissectors/packet-eth.c')
-rw-r--r-- | epan/dissectors/packet-eth.c | 52 |
1 files changed, 29 insertions, 23 deletions
diff --git a/epan/dissectors/packet-eth.c b/epan/dissectors/packet-eth.c index 5d0f617ae5..a286bdd3ce 100644 --- a/epan/dissectors/packet-eth.c +++ b/epan/dissectors/packet-eth.c @@ -89,6 +89,19 @@ capture_eth(const guchar *pd, int offset, int len, packet_counts *ld) etype = pntohs(&pd[offset+12]); + if (etype <= IEEE_802_3_MAX_LEN) { + /* Oh, yuck. Cisco ISL frames require special interpretation of the + destination address field; fortunately, they can be recognized by + checking the first 5 octets of the destination address, which are + 01-00-0C-00-00 or 0C-00-0C-00-00 for ISL frames. */ + if ((pd[offset] == 0x01 || pd[offset] == 0x0C) && pd[offset+1] == 0x00 + && pd[offset+2] == 0x0C && pd[offset+3] == 0x00 + && pd[offset+4] == 0x00) { + capture_isl(pd, offset, len, ld); + return; + } + } + /* * If the type/length field is <= the maximum 802.3 length, * and is not zero, this is an 802.3 frame, and it's a length @@ -121,16 +134,6 @@ capture_eth(const guchar *pd, int offset, int len, packet_counts *ld) ethhdr_type = ETHERNET_802_2; } - /* Oh, yuck. Cisco ISL frames require special interpretation of the - destination address field; fortunately, they can be recognized by - checking the first 5 octets of the destination address, which are - 01-00-0C-00-00 for ISL frames. */ - if (pd[offset] == 0x01 && pd[offset+1] == 0x00 && pd[offset+2] == 0x0C - && pd[offset+3] == 0x00 && pd[offset+4] == 0x00) { - capture_isl(pd, offset, len, ld); - return; - } - /* Convert the LLC length from the 802.3 header to a total frame length, by adding in the size of any data that preceded the Ethernet header, and adding in the Ethernet header size, @@ -199,6 +202,22 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree)) goto end_of_eth; + if (ehdr->type <= IEEE_802_3_MAX_LEN) { + /* Oh, yuck. Cisco ISL frames require special interpretation of the + destination address field; fortunately, they can be recognized by + checking the first 5 octets of the destination address, which are + 01-00-0C-00-00 for ISL frames. */ + if ( (tvb_get_guint8(tvb, 0) == 0x01 || + tvb_get_guint8(tvb, 0) == 0x0C) && + tvb_get_guint8(tvb, 1) == 0x00 && + tvb_get_guint8(tvb, 2) == 0x0C && + tvb_get_guint8(tvb, 3) == 0x00 && + tvb_get_guint8(tvb, 4) == 0x00 ) { + call_dissector(isl_handle, tvb, pinfo, tree); + goto end_of_eth; + } + } + /* * If the type/length field is <= the maximum 802.3 length, * and is not zero, this is an 802.3 frame, and it's a length @@ -216,19 +235,6 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, * an ethernet type of ETHERTYPE_UNK. */ if (ehdr->type <= IEEE_802_3_MAX_LEN && ehdr->type != ETHERTYPE_UNK) { - /* Oh, yuck. Cisco ISL frames require special interpretation of the - destination address field; fortunately, they can be recognized by - checking the first 5 octets of the destination address, which are - 01-00-0C-00-00 for ISL frames. */ - if ( tvb_get_guint8(tvb, 0) == 0x01 && - tvb_get_guint8(tvb, 1) == 0x00 && - tvb_get_guint8(tvb, 2) == 0x0C && - tvb_get_guint8(tvb, 3) == 0x00 && - tvb_get_guint8(tvb, 4) == 0x00 ) { - call_dissector(isl_handle, tvb, pinfo, tree); - goto end_of_eth; - } - /* Is there an 802.2 layer? I can tell by looking at the first 2 bytes after the 802.3 header. If they are 0xffff, then what follows the 802.3 header is an IPX payload, meaning no 802.2. |