From: guy@xxxxxxxxxxxxx
Date: Wed, 07 Jul 2010 01:55:39 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=33461
User: guy
Date: 2010/07/06 06:55 PM
Log:
I added PCAP_NETMASK_UNKNOWN in libpcap 1.1.0; it's not present in
1.0.0. You're supposed to just use 0 in releases prior to 1.1.0 - in
1.1.0 and later, a netmask of PCAP_NETMASK_UNKNOWN will cause errors if
you try to use "ip broadcast" (as you need the netmask to check for
local broadcasts), but, prior to that, the netmask value is blindly used
even if the filter will always fail.
Guy, first of all thanks for fixing this.
When working on this parameter I was wondering what was happening here.
What if I have an interface with:
1. untagged 192.168.16.0/24
2. tagged 10.0.0.0/28
and have a filter 'ip broadcast or vlan and ip broadcast'.
Or even worse, what if I have an interface with:
1. tagged 192.168.16.0/24
2. tagged 10.0.0.0/28
and have a filter 'vlan and ip broadcast'.
If I understand it correctly either case will only partially match when setting
up the netmask parameter to either /24 or /28.
Thanks,
Jaap
PS: Holland, Holland!!! ;)
