Context Navigation

← Previous Ticket
Next Ticket →

Ticket #183 (closed defect: wontfix)

Last modified 4 months ago

tcprewrite says "skipping packet" but doesn't

Reported by:	noel	Owned by:	aturner
Priority:	low	Milestone:
Component:	tcpreplay	Version:	3.0.beta11
Keywords:		Cc:
Operating System:	Debian GNU/Linux	Add to FAQ?:	yes
Hardware:	All
Output of tcpreplay -V:

Description

forwarded ticket from http://bugs.debian.org/414622:

as explained in #414613, I'm rewriting DLT_RAW pcap files into DLT_EN10MB ones. The input files have IP packets longer than the default Ethernet MTU (~1500 bytes). This is recognized by tcprewrite (with the patch from #414613 to make the '--dlt' option work):

% tcpdump -n -r ~/ulogd.pcap reading from file /home/niko/ulogd.pcap, link-type RAW (Raw IP) 22:09:27.498937 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 1, length 64 22:09:28.497930 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 2, length 64 22:09:29.496935 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 3, length 64 22:09:33.319169 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 50242, seq 1, length 2008 22:09:34.320310 IP 192.168.1.6 > 192.168.1.1: ICMP echo request, id 50242, seq 2, length 2008

% tcprewrite --dlink=ff,ff,de,ad,be,ef,00,00,de,ad,be,ef,08,00 --dlt=1 -i ~/ulogd.pcap -o ~/ethernet.pcap Packet length (2042) is greater then MTU (1514); skipping packet. Packet length (2042) is greater then MTU (1514); skipping packet.

Surprisingly, the 'skipping packet' part isn't actually true: tcprewrite is outputting the raw packet rather than skipping it.

% tcpdump -e -n -r ~/ethernet.pcap 22:09:27.498937 00:00:de:ad:be:ef > ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800), length 98: 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 1, length 64 22:09:28.497930 00:00:de:ad:be:ef > ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800), length 98: 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 2, length 64 22:09:29.496935 00:00:de:ad:be:ef > ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800), length 98: 192.168.1.6 > 192.168.1.1: ICMP echo request, id 49474, seq 3, length 64 22:09:33.319169 00:00:40:01:bf:9d > 45:00:07:ec:30:1c, ethertype Unknown (0xc0a8), length 2028:

0x0000: 0106 c0a8 0101 0800 00cc c442 0001 7db3 ...........B..}.

[etc.]

Looking at the code, there's no check for tcpedit_packet() returning zero. The attached patch works for me, and makes tcprewrite really skip the packets that are too big.

Please consider including the patch.

Cheers, -- Niko Tyni ntyni@…

Attachments

mtu.patch (0.8 kB) - added by noel 16 months ago.: patch from Niko Tyni <ntyni@…>

Change History

Changed 16 months ago by aturner

add_to_faq set
status changed from new to closed
resolution set to wontfix

Actually, "skipping packet" doesn't mean that the packet is not being outputted, but rather it will not be edited. Clearly though, that's not clear. :) On reason to upgrade to stop using the beta versions.

Anyways, v3.0.1 has a new flag --skip-soft-errors which causes these packets to not be outputted. This is not the default because it would prevent a tcpprep cache file to not be valid for the resulting output file.

Add/Change #183 (tcprewrite says "skipping packet" but doesn't)

Author

Your email or username:

Comment (you may use WikiFormatting here):

Action

leave as closed

reopen Next status will be 'reopened'

Note: See TracTickets for help on using tickets.

Download in other formats: