Wireshark-bugs: [Wireshark-bugs] [Bug 2359] Failure to detect/open valid ERF files
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 17 Mar 2008 21:11:22 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2359





--- Comment #7 from Stephen Donnelly <stephen@xxxxxxxxxx>  2008-03-17 21:11:21 GMT ---
(In reply to comment #6)

The new patch appears to be correct as written (and has been accepted
already?).

> I did update the calculation of phdr->caplen, since the value of rlen can now
> be lower than wlen. (see bug 1983, when only wlen was used).

It has always been the case that rlen can be less than wlen, but the Wireshark
implementation may have been incorrect in the past.

> I did comment the TYPE_ERF_INFINIBAND case, for the same reason. 

The code commented out in the INFINIBAND case code can be removed.

It is always true that phdr->caplen = min( g_htons(erf_header->wlen),
g_htons(erf_header->rlen) - sizeof(*erf_header) - skiplen );

> Could you confirm it is right? (in your sample, we do not have wlen=rlen-16,
> but wlen=rlen-18)

That is correct, in this case caplen = wlen as above. There is no requirement
that wlen=rlen-16.

The ERF format allows records to have arbitrary amounts of padding appended.
Current implementations generally pad records to ensure their length is a
multiple of 8 bytes, so 0-7 bytes of padding are appended.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.