tcpflow icon indicating copy to clipboard operation
tcpflow copied to clipboard
verified publisher icon simsong

Introduced change creates problem with spurious data

Open aasselin opened this issue 3 years ago • 3 comments

Hello

https://github.com/simsong/tcpflow/blob/6fd956d27f2293d7c05ff593a61eb03a0134ae46/src/tcpdemux.cpp#L748

the old code here would read : uint16_t ip_payload_len = ip_len - ip_header_len;

it was changed to: uint16_t ip_payload_len = pi.ip_datalen - ip_header_len;

but the new codes just ignores the header information. In our use case, there are 2 to 6 paddings bytes at the end of the IP data packet, introduce by some hardware device.

Please revert the code. Regards

aasselin avatar Jul 07 '22 16:07 aasselin

Thanks for the patch. I'll do something better. Can you share with me some packets for testing? I've added a lot of unit tests to bulk_extractor. For tcpflow I should do the same. I should also upgrade it to use the be20_api rather than the be16_api.

simsong avatar Jul 07 '22 16:07 simsong

I check if I can provide you with a .pcap, the data flow is a private flow, I am not sure that I have the right to provide it.

aasselin avatar Jul 08 '22 07:07 aasselin

Don’t provide it if is private!

simsong avatar Jul 08 '22 08:07 simsong