Wireshark-dev: Re: [Wireshark-dev] Packet Size limited during capture message
From: Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Mar 2010 20:19:22 -0400
MartinThanks for the input. Our software flows over tactical wireless networks where the links are broken all the time.
But my question is...if I followed all the wireshark coding standards (i.e. tvb_get_guint8(tvb, offset); proto_tree_add_item(sub_tree, xxx ,tvb , offset, 1, FALSE); etc etc etc ....)
Then shouldn't my dissector automatically handle the "packet size limited during capture" problem that I am having..??
If not... than how would one prepare the code to handle these corrupted or truncated packets..??
Any help is greatly appreciated. Thanks, Brian Martin Visser wrote:
Any dissector needs to be validate it's input and make sure it doesn't make errant conclusions on what is presented.For example many protocols have fields that indicate lengths of data within the frame. However any dissector needs to make sure that it doesn't just believe those fields as being correct. A bad h@x0r might change those fields beyond what the protocol intended either to crash the real application or even wireshark. Also packets might get unintentionally corrupted or truncated with similar consequences. (Broken links, routers, VPNs can all do this). Wireshark dissectors need to be resilient to this.Finally Wireshark (and tcpdump) have always had the ability to only capture a truncated packet (mainly to limit resources required during packet capture). A dissector also needs to cope with this.Regards, Martin MartinVisser99@xxxxxxxxx <mailto:MartinVisser99@xxxxxxxxx>On Wed, Mar 24, 2010 at 2:42 AM, Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx <mailto:oleksab@xxxxxxxxxxxxxxxxxxxxxx>> wrote:Chris I will have to look into why my dissector is crashing when I get the Packet Size Limited during capture message. I am an employee of Dark Corner Software. I am writing the dissector for our clients that use our software. I have fixed the license issue. Attached is the latest updated file that I am still working on. We have open source software and closed source software. I am trying to get the open source dissector submitted through wireshark so it can become a part of the wireshark distribution (this is the attached copy). Our closed source software is for our customers only. I have written a dissector for our closed source software for the client. This is where I am getting the "Packet Size limited during capture " message from. Thanks, Brian Maynard, Chris wrote: As Jakub pointed out, regardless of the snaplen, if Wireshark is crashing, then the bug is in the dissector, although IMO the biggest bug in the dissector is still the incompatible license. Brian, please carefully read http://www.gnu.org/licenses/gpl-faq.html#GPLModuleLicense Gerald et al, consider this e-mail as a report of a violation of the GPL per http://www.gnu.org/licenses/gpl-faq.html#ReportingViolation So until the dissector is properly licensed, I suggest contacting these folks for support on this dissector: http://www.darkcornersoftware.com/contact.html - Chris -----Original Message----- From: wireshark-dev-bounces@xxxxxxxxxxxxx <mailto:wireshark-dev-bounces@xxxxxxxxxxxxx> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx <mailto:wireshark-dev-bounces@xxxxxxxxxxxxx>] On Behalf Of Mike Morrin Sent: Tuesday, March 23, 2010 9:02 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Packet Size limited during capture message -----Original Message----- From: wireshark-dev-bounces@xxxxxxxxxxxxx <mailto:wireshark-dev-bounces@xxxxxxxxxxxxx> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx <mailto:wireshark-dev-bounces@xxxxxxxxxxxxx>] On Behalf Of Brian Oleksa Sent: 23 March 2010 12:23 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Packet Size limited during capture message Chris I just found out that this was captured using tshark.....but nobody knows what the snaplen was. So my questions is.... My code is working correctly then....And that this was just a bad judgment of the wrong snaplen......correct..?? Thanks, Brian -------------------------------------------------------------------- It is possible for a dissector bug to throw this exception even with a perfectly captured packet, see Bug 2855 for example. This message contains confidential information and may be privileged. If you are not the intended recipient, please notify the sender and delete the message immediately. ip.access Ltd, registration number 3400157, Building 2020, Cambourne Business Park, Cambourne, Cambridge CB23 6DW, United Kingdom ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe ------------------------------------------------------------------------ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-dev] Packet Size limited during capture message
- From: Brian Oleksa
- Re: [Wireshark-dev] Packet Size limited during capture message
- From: Mike Morrin
- Re: [Wireshark-dev] Packet Size limited during capture message
- From: Maynard, Chris
- Re: [Wireshark-dev] Packet Size limited during capture message
- From: Brian Oleksa
- Re: [Wireshark-dev] Packet Size limited during capture message
- From: Mike Morrin
- Re: [Wireshark-dev] Packet Size limited during capture message
- From: Maynard, Chris
- Re: [Wireshark-dev] Packet Size limited during capture message
- From: Brian Oleksa
- Re: [Wireshark-dev] Packet Size limited during capture message
- From: Martin Visser
- [Wireshark-dev] Packet Size limited during capture message
- Prev by Date: [Wireshark-dev] Remote Desktop Protocol Dissector
- Next by Date: Re: [Wireshark-dev] Packet Size limited during capture message
- Previous by thread: Re: [Wireshark-dev] Packet Size limited during capture message
- Next by thread: Re: [Wireshark-dev] Packet Size limited during capture message
- Index(es):