Wireshark-dev: Re: [Wireshark-dev] Dumpcap 2.x trouble

From: Jasper Bongertz <jasper@xxxxxxxxxxxxxx>
Date: Tue, 19 Apr 2016 11:20:51 +0200
Hello Guy,

Tuesday, April 19, 2016, 1:20:48 AM, you wrote:

> On Apr 18, 2016, at 4:04 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

>> This is a dumpcap bug, and needs to be fixed - "fixed" as in "fixed for 2.0.3".

> Except that (as you already said) it's not present in 2.0.2.

> So...

>> Please file the bug

> ...no need to file the bug.

Hm, I just got confused until I realized you were quoting your own
first answer and replying to it :-)

> Then again, I looked at the code that dumpcap would use to write an
> ISB, and it doesn't seem to have changed since 2.0.x, so *dumpcap*
> should still be writing the ISB correctly.

I just checked - dumpcap does write the ISB correctly. Looks like it's
really Wireshark saving the file with a broken ISB. So I guess I
should file a bug for libwiretap instead.

> It's *libwiretap* that's broken.  The new option-handling code
> treats it as a regular 64-bit quantity, which it is *not* - it's two
> 32-bit quantities, a high part and a low part, *always* written in
> that order, with each of the parts written in host byte order.

Cheers,
Jasper

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature