Wireshark-dev: Re: [Wireshark-dev] Get "Malformed Packet" for 802.11 Beacon frames on Windows

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 14 Apr 2016 12:09:59 -0700
On Apr 14, 2016, at 8:22 AM, Gianluca Varenni <Gianluca.Varenni@xxxxxxxxxxxx> wrote:

> Yes, but it’s rooted pretty deep in some of the libpcap sources. That code was actually working at some point on linux and there was some idea to include it in libpcap vs. being a patch for WinPcap. I don’t know what happened to that plan.

One of the many projects on my list is a re-implementation of that, to be used with pcap_create() and pcap_activate(), to support multiple URI schemes, including but not necessarily limited to rpcap.  Right now, that particular process is not getting much CPU; hopefully the scheduler can boost its process soon. :-)

> AFAIK, there were also some security concerns about the protocol used for transferring the packets (I don’t know the details),

I seem to remember Michael Richardson using the term "attack surface" in his comment, so I suspect the concern was just that it would potentially provide a way for a malicious server to attack a program using libpcap/WinPcap, if the client code wasn't very careful about vetting its input.