Ethereal-dev: Re: [ethereal-dev] Possible bug in TCP filtering

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 18 Feb 2002 16:21:30 -0800
On Mon, Feb 18, 2002 at 06:40:00PM +0100, Biot Olivier wrote:
> Is it possible that there's only a 15bit TCP port filter mapping? On some
> traces, when filtering port numbers > 32767 I'm having "gaps" of missing
> packets.

The TCP port number field in Ethereal is a 16-bit unsigned field, so if
what you're seeing is caused by an Ethereal bug (as opposed to the
packets simply being missing from the capture - or a compiler bug
causing correct Ethereal source code to compile into incorrect binary
code), it's not something as simple as Ethereal processing only the
bottommost 15 bits of the port number (in the protocol tree building
code or in the packet-filter evaluation code).

The types used are all unsigned, so it's not something as simple as sign
extension, either (unless the compiler is generating code that
incorrectly sign-extends values).

Do you have a capture file that demonstrates this?