Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Is snaplen check in editcap.c correct?

From: Martin Mathieson <martin.r.mathieson () googlemail com>
Date: Tue, 19 Jul 2011 12:35:36 +0100
Hi,

I'm using editcap with Catapult DCT2000 log files.  The wiretap module
doesn't set wth->snapshot_len, so its coming out as 0.
It was intentionally left as 0, as I thought this corresponded to "we have
the whole frame, its not truncated".  Most other wiretap modules seem to do
the same.

editcap.c has this test:

        if(phdr->caplen > wtap_snapshot_length(wth)) {
            fprintf(stderr, "Warning: packet %d too big for file type,
skipping it...\n", count);
            count++;
            continue;
        }

which will discard any packet which has the snapshot length set to 0.

I'm happily using this test instead, i.e. only do the comparison if its
non-zero.

        if((wtap_snapshot_length(wth) != 0) && (phdr->caplen >
wtap_snapshot_length(wth))) {
            fprintf(stderr, "Warning: packet %d too big for file type,
skipping it...\n", count);
            count++;
            continue;
        }

Would it be correct to check in this change?
Should the wiretap modules set some large value for the snapshot length
instead?

Thanks,
Martin

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: