Ethereal-dev: [Ethereal-dev] problems with packets inside ICMP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jason House <jhouse@xxxxxxxxx>
Date: Wed, 06 Nov 2002 20:24:46 +0000
I hit 2 "issues" yesterday
1. can't filter on the copy of the packet embedded in the ICMP packet
    I wanted to write a filter for fields inside the packet that was
bounced (ICMP supplies a copy of the packet in its payload)... I
discovered that I could not do so.  There is no way to filter fields
that belong to one protocol, but happen to be inside of the tree for
another protocol  (ie. the copied IP packet as the ICMP payload).
    I remember when I've looked at the filtering code in the past, that
a particular subtree was not searched for a filterable field if the
subtree was not for the protocol that "owned" that field.  So items like
"ip.dst" inside of an icmp packet is not filterable.  The easiest "fix"
would make the filtering slower...

2. checksum calculations
    The IP checksum was being marked as incorrect, while it was correct
in the original packet.  I don't think ICMP modifies the header... I
don't know exactly where the problem is, but have not dug down for it
either.