Wireshark · Wireshark-dev: Re: [Wireshark-dev] Why the name "Wiretap"?

Wireshark-dev: Re: [Wireshark-dev] Why the name "Wiretap"?

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 28 Sep 2012 14:32:10 -0700

On Sep 28, 2012, at 1:48 PM, Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> wrote:

> On Fri, Sep 28, 2012 at 01:23:16PM -0700, Gilbert Ramirez wrote:
>> Libpcap (...) has a wonderful BPF optimizing engine.
> 
> With lot of bugs...
> 
> http://sourceforge.net/tracker/?func=detail&aid=3054909&group_id=53067&atid=469577
> http://seclists.org/tcpdump/2011/q4/83
> http://permalink.gmane.org/gmane.network.tcpdump.devel/2265 (this one might have been fixed?)

That one might be "fixed" by not generating incorrect un-optimized code; the current code generates

	(008) ldb      [0]

rather than

	(008) ldb      [1]

when looking at the "type" subfield of the Frame Control field - that subfield is in the first octet.  There might still be an underlying optimizer bug (there certainly have been ones in the past that have been fixed).

References:
- [Wireshark-dev] Why the name "Wiretap"?
  - From: robert . bullen
- Re: [Wireshark-dev] Why the name "Wiretap"?
  - From: Gilbert Ramirez
- Re: [Wireshark-dev] Why the name "Wiretap"?
  - From: Jakub Zawadzki

Prev by Date: Re: [Wireshark-dev] converting pcapng to pcap
Next by Date: Re: [Wireshark-dev] converting pcapng to pcap
Previous by thread: Re: [Wireshark-dev] Why the name "Wiretap"?
Next by thread: Re: [Wireshark-dev] [Wireshark-commits] rev 45212: /trunk/ui/gtk/ /trunk/ui/gtk/: gui_utils.c
Index(es):
- Date
- Thread