Skip to content

Commit

Permalink
SNF: Fix packet filtering with low snaplen. [skip ci]
Browse files Browse the repository at this point in the history 
This is the same type of bug as in DAG and elsewhere.  icmp-rfc8335.pcap
consists of short ICMP packets.  tcpreplay is sending the file on myri0,
which is connected to myri1.

 # tcpdump -D
1.myri0 (Myricom snf0)
2.myri1 (Myricom snf1)
 # tcpdump -ni myri1 -xx -c 1 -s 20 icmp

Before:

tcpdump: listening on myri1, link-type EN10MB (Ethernet), snapshot length 20 bytes
^C
0 packets captured
31 packets received by filter
0 packets dropped by kernel

After:

tcpdump: listening on myri1, link-type EN10MB (Ethernet), snapshot length 20 bytes
20:32:31.901409 IP  [|ip]
        0x0000:  5600 04a3 4c83 fe00 04a3 4c83 0800 4500
        0x0010:  0030 29a3
1 packet captured
1 packet received by filter
0 packets dropped by kernel
  • Loading branch information
@infrastation
infrastation committed Nov 11, 2024
1 parent 4c9c9f2 commit 821c1c7
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGES
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,8 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
0 or 16 or 32. Likewise for ERF_DONT_STRIP_FCS (either 0 or 1).
Remove FCS quirks specific to 4.2S and 4.23S.
Fix packet filtering with low snaplen.
SNF:
Fix packet filtering with low snaplen.

DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
Summary for 1.10.6 libpcap release (so far!)
Expand Down
11 changes: 10 additions & 1 deletion pcap-snf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,12 +182,21 @@ snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
}
}

/*
* In this libpcap module the two length arguments of
* pcapint_filter() (the wire length and the captured length)
* are always equal because SNF captures full packets.
*
* The wire and the capture length of this packet is
* req.length, the snapshot length configured for this pcap
* handle is p->snapshot.
*/
caplen = req.length;
if (caplen > p->snapshot)
caplen = p->snapshot;

if ((p->fcode.bf_insns == NULL) ||
pcapint_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) {
pcapint_filter(p->fcode.bf_insns, req.pkt_addr, req.length, req.length)) {
hdr.ts = snf_timestamp_to_timeval(req.timestamp, p->opt.tstamp_precision);
hdr.caplen = caplen;
hdr.len = req.length;
Expand Down

0 comments on commit 821c1c7

Please sign in to comment.