pcapparse: fix SLL parsing

The current code is not checking for ethernet type, as it's supposed to,
but link layer device type and it's hard-coded to only accept dumps from
ethernet (ARPHRD_ETHER; 1). We don't care where the dump was fetched
from (wlan, 3G, etc.)

What we care about is the that the ethernet type is IP (ETHERNET_IP;
0x800), which is clearly field 14:

http://www.tcpdump.org/pcap3_man.html

And do a bit of cleanup.

Signed-off-by: Felipe Contreras <felipe.contreras@nokia.com>

diff --git a/gst/pcapparse/gstpcapparse.c b/gst/pcapparse/gstpcapparse.c
index 49a9340..5dc17ee 100644 (file)
--- a/gst/pcapparse/gstpcapparse.c
+++ b/gst/pcapparse/gstpcapparse.c
@@ -367,24 +367,20 @@ gst_pcap_parse_scan_frame (GstPcapParse * self,
         return FALSE;
 
       eth_type = GUINT16_FROM_BE (*((guint16 *) (buf + 12)));
-      if (eth_type != 0x800)
-        return FALSE;
-
       buf_ip = buf + ETH_HEADER_LEN;
       break;
     case DLT_SLL:
       if (buf_size < SLL_HEADER_LEN + IP_HEADER_MIN_LEN + UDP_HEADER_LEN)
         return FALSE;
 
-      eth_type = GUINT16_FROM_BE (*((guint16 *) (buf + 2)));
-
-      if (eth_type != 1)
-        return FALSE;
-
+      eth_type = GUINT16_FROM_BE (*((guint16 *) (buf + 14)));
       buf_ip = buf + SLL_HEADER_LEN;
       break;
   }
 
+  if (eth_type != 0x800)
+    return FALSE;
+
   b = *buf_ip;
   if (((b >> 4) & 0x0f) != 4)
     return FALSE;