The current code is not checking for ethernet type, as it's supposed to,
but link layer device type and it's hard-coded to only accept dumps from
ethernet (ARPHRD_ETHER; 1). We don't care where the dump was fetched
from (wlan, 3G, etc.)
What we care about is the that the ethernet type is IP (ETHERNET_IP;
0x800), which is clearly field 14:
http://www.tcpdump.org/pcap3_man.html
And do a bit of cleanup.
Signed-off-by: Felipe Contreras <felipe.contreras@nokia.com>
return FALSE;
eth_type = GUINT16_FROM_BE (*((guint16 *) (buf + 12)));
- if (eth_type != 0x800)
- return FALSE;
-
buf_ip = buf + ETH_HEADER_LEN;
break;
case DLT_SLL:
if (buf_size < SLL_HEADER_LEN + IP_HEADER_MIN_LEN + UDP_HEADER_LEN)
return FALSE;
- eth_type = GUINT16_FROM_BE (*((guint16 *) (buf + 2)));
-
- if (eth_type != 1)
- return FALSE;
-
+ eth_type = GUINT16_FROM_BE (*((guint16 *) (buf + 14)));
buf_ip = buf + SLL_HEADER_LEN;
break;
}
+ if (eth_type != 0x800)
+ return FALSE;
+
b = *buf_ip;
if (((b >> 4) & 0x0f) != 4)
return FALSE;