ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 1528] unable to load ulog pcap dumps

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 19 Apr 2008 12:44:48 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1528





--- Comment #12 from Jaap Keuter <jaap.keuter@xxxxxxxxx>  2008-04-19 12:44:39 GMT ---
Netfilter bugzilla seems to be active again, but rolled back to before
bugreport was filed (?).
Refiled bug report and fix here:
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=535
------8<-----
pcap_output() writes this:
        pchdr.caplen = GET_VALUE(1).ui32;
        pchdr.len = GET_VALUE(2).ui32;
but ulogd_BASE.c sets these values:
        /* include pointer to raw ipv4 packet */
        ret[1].value.ptr = pkt->payload;
        ret[1].flags |= ULOGD_RETF_VALID;
        ret[2].value.ui32 = pkt->data_len;
        ret[2].flags |= ULOGD_RETF_VALID;
so pchdr.caplen is filled with (irrelevant) pointer to IPv4 packet i.s.o.
length

The simple fix to ulogd_PCAP.c is this:
 {
        struct pcap_sf_pkthdr pchdr;

-       pchdr.caplen = GET_VALUE(1).ui32;
+       pchdr.caplen = GET_VALUE(2).ui32;
        pchdr.len = GET_VALUE(2).ui32;

        if (GET_FLAGS(3) & ULOGD_RETF_VALID
            && GET_FLAGS(4) & ULOGD_RETF_VALID) {
-------8<-----


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube