Wireshark-bugs: [Wireshark-bugs] [Bug 1858] New: IP packets captured on TSO hardware are uninter
Date: Wed, 19 Sep 2007 20:31:37 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1858

           Summary: IP packets captured on TSO hardware are uninterpretted
           Product: Wireshark
           Version: 0.99.6
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jonathan@xxxxxxxxxx


Build Information:
wireshark 0.99.6

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.4.13, with GLib 2.4.7, with libpcap 0.8.3, with libz
1.2.1.2, without libpcre, without Net-SNMP, without ADNS, without Lua, without
GnuTLS, without Gcrypt, with MIT Kerberos, without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.9-55.ELsmp, with libpcap version 0.8.3.

Built using gcc 3.4.6 20060404 (Red Hat 3.4.6-8).

--
Capture files generated on TCP segmentation offload (TSO) hardware have an 
all-zero IP-length field in outbound packets.
Wireshark errors out on the small length and refuses to parse the packet
further.

I will attach a patch that adds an option to avoid this problem.  I have never
coded Wireshark/ethereal before, and was stabbing in the dark a little, but the
results seem to be valid in my testing.

For those unfamiliar with TSO, oversized packets are sent to the hardware to 
dissect itself.  These packets are sent with a template IP and TCP headers (in 
this case, that template specifically includes a zeroed-out IP length field).
The hardware then modifies the template header as needed to perform its own
segmentation.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.