I have tried to modify libpcap and tcpdump to work with synchronous
serial devices (handled by syncppp.c - the synchronous PPP or Cisco HDLC).
I have written the HDLC printing routines - the output of tcpdump -e looks
like this:
tcpdump: listening on cosa0c1
16:55:41.060181 Mcast ctrl:00 keepalive
0000 0002 e730 1552 0000 0001 ffff 003f
6b1e
16:55:43.306058 Mcast ctrl:00 ip 5.6.7.8 > 1.2.3.4: icmp: echo request
16:55:43.306058 Mcast ctrl:00 ip 5.6.7.8 > 1.2.3.4: icmp: echo request
16:55:43.306395 Mcast ctrl:00 ip 1.2.3.4 > 5.6.7.8: icmp: echo reply
16:55:45.020073 Mcast ctrl:00 keepalive
0000 0002 0000 0002 e730 1552 ffff 524b
8578
(I have not written the keepalive packet parser/printer yet).
What looks strange to me is that all incoming IP packets are
seen by the tcpdump twice (note that the keepalive packets are seen
only once). I think it can be caused by the syncppp.c which calls
netif_rx() to already received packets (iff the packet is of type
IP or IPX).
The above was with Cisco HDLC. The worse problem is with
the PPP mode - the syncppp.c sets the interface type to ARPHRD_PPP,
which causes tcpdump to mis-parse the syncppp packets. Shouldn't
the ARPHRD_HDLC be used even for sync PPP mode?
How can I fix this? Any ideas?
Thanks in advance,
-Yenya
-- \ Jan "Yenya" Kasprzak <kas at fi.muni.cz> http://www.fi.muni.cz/~kas/ \\ PGP: finger kas at aisa.fi.muni.cz 0D99A7FB206605D7 8B35FCDE05B18A5E // \\\ Czech Linux Homepage: http://www.linux.cz/ /// NOTE: I've just returned from 11-days vacation and started reading my Email. I am sorry for the delay caused by this.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/