Hi,
Found a bug in :
ethereal 0.8.8, with GTK+ 1.2.7, with libpcap 0.4, with libz 1.1.3, without SNMP
When reporting the Fragmentation offset for IP packets which have been
fragmented, it's out by a factor of 8. Basically it's just reporting the
number in the TCP header as the offset, where this number is actually the
"offset (in 8-byte units)" (from TCP/IP Illustrated vol 1 page 149).
Sample patch below (but I have no idea of your coding styles so no idea
if this is how you'd want to do it.
*** ethereal-0.8.8-orig/packet-ip.c Tue May 9 13:15:24 2000
--- ethereal-0.8.8/packet-ip.c Wed May 24 16:16:01 2000
***************
*** 927,933 ****
proto_tree_add_item(field_tree, hf_ip_flags_mf, offset + 6, 1, flags),
proto_tree_add_item(ip_tree, hf_ip_frag_offset, offset + 6, 2,
! iph.ip_off & IP_OFFSET);
proto_tree_add_item(ip_tree, hf_ip_ttl, offset + 8, 1, iph.ip_ttl);
proto_tree_add_uint_format(ip_tree, hf_ip_proto, offset + 9, 1, iph.ip_p,
"Protocol: %s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p);
--- 927,933 ----
proto_tree_add_item(field_tree, hf_ip_flags_mf, offset + 6, 1, flags),
proto_tree_add_item(ip_tree, hf_ip_frag_offset, offset + 6, 2,
! (iph.ip_off & IP_OFFSET)*8);
proto_tree_add_item(ip_tree, hf_ip_ttl, offset + 8, 1, iph.ip_ttl);
proto_tree_add_uint_format(ip_tree, hf_ip_proto, offset + 9, 1, iph.ip_p,
"Protocol: %s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p);
***************
*** 968,974 ****
col_add_str(fd, COL_PROTOCOL, "IP");
if (check_col(fd, COL_INFO))
col_add_fstr(fd, COL_INFO, "Fragmented IP protocol (proto=%s 0x%02x, off=%u)",
! ipprotostr(iph.ip_p), iph.ip_p, iph.ip_off & IP_OFFSET);
dissect_data(pd, offset, fd, tree);
return;
}
--- 968,974 ----
col_add_str(fd, COL_PROTOCOL, "IP");
if (check_col(fd, COL_INFO))
col_add_fstr(fd, COL_INFO, "Fragmented IP protocol (proto=%s 0x%02x, off=%u)",
! ipprotostr(iph.ip_p), iph.ip_p, (iph.ip_off & IP_OFFSET) * 8);
dissect_data(pd, offset, fd, tree);
return;
}
Otherwise, brilliant product!! keep up the good work!!
Thanks,
Scott.