| Bug ID |
8765
|
| Summary |
[PATCH] ERF wiretap export multiple extension header fix
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
SVN
|
| Hardware |
All
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Capture file support (libwiretap)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
| Attachment #10921 Flags |
review_for_checkin?
|
Created attachment 10921 [details]
Patch to fix ERF export with multiple extension headers
Build Information:
--
When more than one extension header is present in an ERF record, attempting to
save that record as ERF will always write 8 extension headers, as the check for
more extension headers is based on the first record. This patch corrects this
specific issue. The export now works for up to (and including) 8 extension
headers. The record is currently always padded to its original length.
This means unnecessary padding will still be added when the record is truncated
to 8 extension headers; which is fine (if undesirable) usually but will lead to
an incorrect payload if the record was originally snapped. This behaviour is
not ideal but improves significantly on current behaviour. I could not come up
with a straightforward way to solve this problem robustly without a major
refactor so I went with a simple fix, given having so many extension headers is
unlikely (and they would be stripped anyway). As has been discussed in the
past, a better solution to remove this and many other limitations will be to
move most of the ERF dissection to the ERF dissector, similar to the USB
dissector, at some point. That obviously isn’t possible for 1.10.0 though.
You are receiving this mail because:
- You are watching all bug changes.