If an IP packet is transmitted with a size smaller than the Ethernet
standard permits, that packet gets padded out to the minimum legal
size. In ethereal, the application-level routines don't really have a
good means of detecting that there is padding at the end of the data.
ethertype.c dispatches to the tcp dissecting routine, so it seems to be
a good place to check for padding (and possibly flagging that this was
done to avoid scaring users that we "Lost" part of the packet).
diff of (new) ethertype.c and original/ethertype.c
79,82d78
< int ip_datagram_len;
< e_ip iph;
<
89,94d84
< /* If Ethernet frame is padded, follow-on routines shouldn't have
to
< worry about it */
< memcpy(&iph, &pd[offset], sizeof(e_ip));
< ip_datagram_len = offset + (int) ntohs(iph.ip_len);
< if (ip_datagram_len < fd->cap_len)
< fd->cap_len = ip_datagram_len;
A couple of notes:
- under pre-0.6.2 versions of ethereal, the e_ip structure was defined
in packet.h,
now it's been moved to packet-ip.c; I'd propose moving it to
packet-ip.h, then
including that file in ethertype.c
- I'm sure that this issue will affect other types of datagrams, but
IPV4 is what I'm using at the moment, so I haven't investigated any of
the other types of messages.
