Changeset 962aad3


Ignore:
Timestamp:
03/25/10 16:01:33 (11 years ago)
Author:
Shane Alcock <salcock@…>
Branches:
4.0.1-hotfixes, cachetimestamps, develop, dpdk-ndag, etsilive, getfragoff, help, libtrace4, master, ndag_format, pfring, rc-4.0.1, rc-4.0.2, rc-4.0.3, rc-4.0.4, ringdecrementfix, ringperformance, ringtimestampfixes
Children:
74c5dd9
Parents:
b96e2e0
Message:
  • Fixed bug where the capture length could exceed the wire length if we write full payload PCAP traces. Apparently Snort doesn't like this and will discard every packet :(
File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/format_pcapfile.c

    r4811b1e r962aad3  
    438438                if (trace_get_wire_length(packet) >= 4) {
    439439                        hdr.wirelen = trace_get_wire_length(packet)-4;
     440
    440441                }
    441442                else {
     
    448449        assert(hdr.wirelen < LIBTRACE_PACKET_BUFSIZE);
    449450
     451        /* Ensure we have a valid capture length, especially if we're going
     452         * to "remove" the FCS from the wire length */
     453        if (hdr.caplen > hdr.wirelen)
     454                hdr.caplen = hdr.wirelen;
    450455
    451456        /* Write the packet header */
     
    459464        ret=wandio_wwrite(DATAOUT(out)->file,
    460465                        ptr,
    461                         remaining);
    462 
    463         if (ret!=(int)remaining)
     466                        hdr.caplen);
     467
     468        if (ret!=(int)hdr.caplen)
    464469                return -1;
    465470
Note: See TracChangeset for help on using the changeset viewer.