https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16062
Bug ID: 16062
Summary: Wiretap does not write "drop_count" in pcapng format.
Product: Wireshark
Version: 3.0.3
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: Major
Priority: Low
Component: Capture file support (libwiretap)
Assignee: bugzilla-ad...@wireshark.org
Reporter: michalrupr...@gmail.com
Target Milestone: ---
Created attachment 17340
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17340&action=edit
pcapng.cc - used to create a pcapng file with wiretap
Build Information:
Wireshark 3.0.3 (Git commit 6130b92b0ec6)
Copyright 1998-2019 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.11.3, with libpcap, with POSIX capabilities
(Linux),
with libnl 3, with GLib 2.58.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.13.0, without Lua, with GnuTLS 3.6.7 and PKCS #11 support, with Gcrypt 1.8.4,
with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with LZ4,
without Snappy, with libxml2 2.9.8, with QtMultimedia, without SBC, without
SpanDSP, without bcg729.
Running on Linux 5.2.11-100.fc29.x86_64, with Intel(R) Core(TM) i7-6600U CPU @
2.60GHz (with SSE4.2), with 11423 MB of physical memory, with locale
en_US.UTF-8, with libpcap version 1.9.0-PRE-GIT (with TPACKET_V3), with GnuTLS
3.6.7, with Gcrypt 1.8.4, with zlib 1.2.11, binary plugins supported (0
loaded).
Built using gcc 8.3.1 20190223 (Red Hat 8.3.1-2).
--
When using wiretap to create a pcapng file, the drop_count field from the
wtap_packet_header in wiretap/wtap.h is not being dumped to the file in
pcapng_write_enhanced_packet_block function. Function pcapng_read_packet_block,
on the other hand, is prepared to print that value if it is present in the
file:
wblock->rec->presence_flags |= WTAP_HAS_DROP_COUNT;
Steps to reproduce:
1. Download the attached pcapng.cc and build it
# gcc pcapng.cc -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include
-I/usr/local/include -I/usr/include -I/usr/include/wireshark -lwiretap -lstdc++
-g -o create_packet
2. Download the attached main.cpp and built it
# gcc main.cpp -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include
-I/usr/local/include -I/usr/include -I/usr/include/wireshark -lwiretap -lstdc++
-g -o read_count
3. Run the create_packet
# ./create_packet a.pcapng
4. Run the read_count
# ./read_count a.pcapng
Actual results:
Test wiretap drop_count: a.pcapng
drop count: (no drop count)
Expected results:
Test wiretap drop_count: b.pcapng
drop count: 10
--------------------------------
I am adding a patch that adds the drop_count field to the
pcapng_write_enhanced_packet_block.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
