Opened 10 years ago

Closed 10 years ago

Last modified 8 years ago

#183 closed defect (wontfix)

tcprewrite says "skipping packet" but doesn't

Reported by: noel Owned by: aturner
Priority: low Milestone:
Component: tcpreplay Version: 3.0.beta11
Keywords: Cc:
Operating System: Debian GNU/Linux Add to FAQ?: yes
Hardware: All
Output of tcpreplay -V:

Description

forwarded ticket from http://bugs.debian.org/414622:

as explained in #414613, I'm rewriting DLT_RAW pcap files into DLT_EN10MB
ones. The input files have IP packets longer than the default Ethernet
MTU (~1500 bytes). This is recognized by tcprewrite (with the patch
from #414613 to make the '--dlt' option work):

% tcpdump -n -r ~/ulogd.pcap
reading from file /home/niko/ulogd.pcap, link-type RAW (Raw IP)
22:09:27.498937 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 1, length 64
22:09:28.497930 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 2, length 64
22:09:29.496935 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 3, length 64
22:09:33.319169 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 50242, seq 1, length 2008
22:09:34.320310 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 50242, seq 2, length 2008

% tcprewrite --dlink=ff,ff,de,ad,be,ef,00,00,de,ad,be,ef,08,00 --dlt=1 -i ~/ulogd.pcap -o ~/ethernet.pcap
Packet length (2042) is greater then MTU (1514); skipping packet.
Packet length (2042) is greater then MTU (1514); skipping packet.

Surprisingly, the 'skipping packet' part isn't actually true: tcprewrite
is outputting the raw packet rather than skipping it.

% tcpdump -e -n -r ~/ethernet.pcap
22:09:27.498937 00:00:de:ad:be:ef > ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800), length 98: 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 1, length 64
22:09:28.497930 00:00:de:ad:be:ef > ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800), length 98: 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 2, length 64
22:09:29.496935 00:00:de:ad:be:ef > ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800), length 98: 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 3, length 64
22:09:33.319169 00:00:40:01:bf:9d > 45:00:07:ec:30:1c, ethertype Unknown (0xc0a8), length 2028:

0x0000: 0106 c0a8 0101 0800 00cc c442 0001 7db3 ...........B..}.

[etc.]

Looking at the code, there's no check for tcpedit_packet() returning zero.
The attached patch works for me, and makes tcprewrite really skip the
packets that are too big.

Please consider including the patch.

Cheers,
--
Niko Tyni ntyni@…

Attachments (1)

mtu.patch (787 bytes) - added by noel 10 years ago.
patch from Niko Tyni <ntyni@…>

Download all attachments as: .zip

Change History (2)

Changed 10 years ago by noel

patch from Niko Tyni <ntyni@…>

comment:1 Changed 10 years ago by aturner

  • Add to FAQ? set
  • Resolution set to wontfix
  • Status changed from new to closed

Actually, "skipping packet" doesn't mean that the packet is not being outputted, but rather it will not be edited. Clearly though, that's not clear. :) On reason to upgrade to stop using the beta versions.

Anyways, v3.0.1 has a new flag --skip-soft-errors which causes these packets to not be outputted. This is not the default because it would prevent a tcpprep cache file to not be valid for the resulting output file.

Note: See TracTickets for help on using tickets.