Ticket #183 (closed defect: wontfix)

Opened 3 years ago

Last modified 11 months ago

tcprewrite says "skipping packet" but doesn't

Reported by: noel Owned by: aturner
Priority: low Milestone:
Component: tcpreplay Version: 3.0.beta11
Keywords: Cc:
Operating System: Debian GNU/Linux Add to FAQ?: yes
Hardware: All
Output of tcpreplay -V:

Description

forwarded ticket from  http://bugs.debian.org/414622:

as explained in #414613, I'm rewriting DLT_RAW pcap files into DLT_EN10MB ones. The input files have IP packets longer than the default Ethernet MTU (~1500 bytes). This is recognized by tcprewrite (with the patch from #414613 to make the '--dlt' option work):

% tcpdump -n -r ~/ulogd.pcap reading from file /home/niko/ulogd.pcap, link-type RAW (Raw IP) 22:09:27.498937 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 1, length 64 22:09:28.497930 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 2, length 64 22:09:29.496935 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 3, length 64 22:09:33.319169 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 50242, seq 1, length 2008 22:09:34.320310 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 50242, seq 2, length 2008

% tcprewrite --dlink=ff,ff,de,ad,be,ef,00,00,de,ad,be,ef,08,00 --dlt=1 -i ~/ulogd.pcap -o ~/ethernet.pcap Packet length (2042) is greater then MTU (1514); skipping packet. Packet length (2042) is greater then MTU (1514); skipping packet.

Surprisingly, the 'skipping packet' part isn't actually true: tcprewrite is outputting the raw packet rather than skipping it.

% tcpdump -e -n -r ~/ethernet.pcap 22:09:27.498937 00:00:de:ad:be:ef > ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800), length 98: 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 1, length 64 22:09:28.497930 00:00:de:ad:be:ef > ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800), length 98: 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 2, length 64 22:09:29.496935 00:00:de:ad:be:ef > ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800), length 98: 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 3, length 64 22:09:33.319169 00:00:40:01:bf:9d > 45:00:07:ec:30:1c, ethertype Unknown (0xc0a8), length 2028:

0x0000: 0106 c0a8 0101 0800 00cc c442 0001 7db3 ...........B..}.

[etc.]

Looking at the code, there's no check for tcpedit_packet() returning zero. The attached patch works for me, and makes tcprewrite really skip the packets that are too big.

Please consider including the patch.

Cheers, -- Niko Tyni ntyni@…

Attachments

mtu.patch Download (0.8 KB) - added by noel 3 years ago.
patch from Niko Tyni <ntyni@…>

Change History

Changed 3 years ago by noel

patch from Niko Tyni <ntyni@…>

Changed 3 years ago by aturner

  • add_to_faq set
  • status changed from new to closed
  • resolution set to wontfix

Actually, "skipping packet" doesn't mean that the packet is not being outputted, but rather it will not be edited. Clearly though, that's not clear. :) On reason to upgrade to stop using the beta versions.

Anyways, v3.0.1 has a new flag --skip-soft-errors which causes these packets to not be outputted. This is not the default because it would prevent a tcpprep cache file to not be valid for the resulting output file.

Note: See TracTickets for help on using tickets.