libpcap icon indicating copy to clipboard operation
libpcap copied to clipboard
verified publisher icon the-tcpdump-group

Truncate packet length for offline captures based on BPF return value

Open Astolfi opened this issue 10 years ago • 2 comments

Seems related to this ticket:

https://github.com/the-tcpdump-group/libpcap/issues/438

Astolfi avatar Jun 24 '15 18:06 Astolfi

Fixes #438. Needs a trivial rebase because since commit 1131a7c the check uses pcap_filter() instead of bpf_filter().

infrastation avatar Dec 11 '22 13:12 infrastation

Any particular reason not to handle #438 by doing the truncation in the dump routine, i.e. just adding

/* Truncate packet to a maximum of 64 bytes */
if (pkt_hdr->caplen > 64)
    pkt_hdr->capen = 64;

to dump_packet() before the call to pcap_dump(). This requires no changes to libpcap.

guyharris avatar Dec 12 '22 01:12 guyharris