ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6718] Wiretap API needs to handle pcap-NG ISB blocks

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 2 Mar 2012 22:19:43 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6718

--- Comment #5 from Jose Pedro Oliveira <jpo@xxxxxxxxxxxx> 2012-03-02 22:19:43 PST ---
Status update as of rev41328:

Steps:
 1) cd ~/sandbox/wireshark-1.7.1-SVN-41328
 2) ./dumpcap -i p132p1 -f tcp -i lo -i p3p1 -f udp -c 1 -w rev41328.pcapng
 3) ./tshark -r rev41328.pcapng -w n.pcapng
    or
    ./editcap -T ether rev41328.pcapng n.pcapng

Result (n.pcapng)

 * the SHB and IDB options are being copied
 * the ISB blocks are still being dropped
 * the IDB if_filter option is being dropped
 * the IDB if_tsresol option is being created by tshark/editcap
   (it is written by the wiretap API with a default value of 6;
    but it is not written by dumpcap API)
 * ERROR: there are strings being corrupted (namely the if_name)

    ---------
@@ -11,55 +11,26 @@
       F: Snaplen          = 65535
       F: Linktype         = 1
       O: Option code  2   = 'p132p1'
-      O: Option code 11   = 'tcp'
+      O: Option code  9   = 6
       O: Option code 12   = 'Linux 3.2.7-1.fc16.x86_64'
 000000C8 Block 0x00000001 - Interface Description Block
-      F: Block total len  = 64 (0x40) bytes
+      F: Block total len  = 72 (0x48) bytes
       F: Snaplen          = 65535
       F: Linktype         = 1
-      O: Option code  2   = 'lo'
+      O: Option code  2   = 'lo32p1'
+      O: Option code  9   = 6
       O: Option code 12   = 'Linux 3.2.7-1.fc16.x86_64'
-00000108 Block 0x00000001 - Interface Description Block
-      F: Block total len  = 76 (0x4c) bytes
+00000110 Block 0x00000001 - Interface Description Block
+      F: Block total len  = 72 (0x48) bytes
       F: Snaplen          = 65535
       F: Linktype         = 1
-      O: Option code  2   = 'p3p1'
-      O: Option code 11   = 'udp'
+      O: Option code  2   = 'p3p1p1'
+      O: Option code  9   = 6
       O: Option code 12   = 'Linux 3.2.7-1.fc16.x86_64'
...
---------

    Note that the if_name in the second and third IDBs don't match the initial
    values.

    This problem "may" be related to the to way string options are being
    handled:
     * dumpcap: the NUL character is written to the file and the option_len 
       reflects this
     * wiretap: the read operation uses the option_length field to read/copy 
       the string but the write operation discards the string NUL character.
       This makes all string option length fields values 1 byte shorter in the 
       new file (the one created with tshark or editcap).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube