On Aug 11, 2017, at 9:26 AM, Nalini J Elkins <nalini.elk...@insidethestack.com> 

> I am testing some test code for the new PDM IPv6 Destination Option 
> (https://datatracker.ietf.org/doc/draft-ietf-ippm-6man-pdm-option/) which is 
> now in the RFC Editor's queue, so should get an RFC number soon!
> Anyway, what is happening is that we have a bug in the record length (I 
> suspect!) when there is IP fragmentation.  At least, we are trying to fix our 
> issues with an IP fragmentation bug in our code.  The message I get from 
> Wireshark is:
> "The capture file appears to be damaged or corrupt. (pcap: File has 
> 172958905-byte packet, bigger than maximum of 262144)"
> I suspect that is an invalid packet that we have created.

No, it's an invalid *file*.  As the message says, "The capture file appears to 
be damaged or corrupt."

It's not a problem with the packet, it's a problem with the record in the file 
that *contains* the packet; it claims that the packet is 172,958,905 bytes 
long, but we - and libpcap - limit the maximum packet size to 262,144 bytes, to 
prevent an attempt to read a capture file from allocating a huge chunk of 
memory from a possibly-damaged file.

How did you create that capture file?

If you created it with a normal capture program, such as tcpdump, TShark, 
Wireshark, or dumpcap, what version of that program was used, and, if the file 
was transferred between machines, how was it transferred?

If you created it with your own program, did it use its own code to write out 
the pcap file format, or did it use, for example, libpcap to handle the pcap 
file format?
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev

Reply via email to