IPX and 2.1.103

["Gilbert Ramirez Jr." <gram@verdict.uthscsa.edu>]

I'm taking a closer look at the packet that I captured coming out of
ibmtr/2.1.103:

Packet Number :       3
   0: 18 40 FF FF FF FF FF FF 88 00 5A 68 F0 2C C2 20 |.@........Zh.,.
  10: AA AA 03 00 00 00 00 01 E0 E0 03 FF FF 00 22 00 |..............".
  20: FF FF FF 04 52 C0 A8 2C 00 08 00 5A 68 F0 2C 40 |....R..,...Zh.,@
  30: 00 00 03 00 04                                  |.....

Besides having a SNAP and non-SNAP LLC header (BTW, ethertype 0x0001 is
coming from linux/net/802/p8022tr.c), the IPX packet is also messed up:

Checksum:         FF FF
Length:           00 22   <-- Nope, the IPX packet is not 34 bytes long!
Transport Ctrl:   00      <-- Correct, 0 routers crossed so far.
Packet Type:      FF      <-- No such packet type. Should be 0 or 4

etc.

My Source Network, C0 A8 2C 00, is in the wrong spot. It should start at
the 19th bytes in the IPX part. Counting backwords, guess where the IPX
header should start? :-) Byte 0x13. That means that bytes 0x10 - 0x12
should contain the LLC, or "E0 E0 03". That would also correspond to an IPX
section of 0x22 (34) bytes.

So, not only are there 2 LLC headers, but the non-SNAP header plus the
first 5 bytes of the 802.2 payload (IPX) are being copied over the 802.2
payload.  The bytes difference is 8 bytes.... the same size as a SNAP
header! Some code is assuming too much SNAP.

--gilbert

-- 
Gilbert Ramirez                Voice:  +1 210 358 4032
Technical Services             Fax:    +1 210 358 1122
University Health System       San Antonio, Texas, USA