Re: About the netmask (Was:Wireshark-commits: [Wireshark-commits] rev 33461: /trunk/gtk/ /trunk/gtk/: capture_dlg.c)

[Guy Harris <guy () alum mit edu>]

On Jul 6, 2010, at 10:39 PM, Jaap Keuter wrote:

> When working on this parameter I was wondering what was happening here.

What's happening here is that the libpcap filter language (and mechanism) was designed in an era when networking was 
simpler. :-)  No multiple addresses per interface (which can cause the same problem), no VLANs, etc..

> What if I have an interface with:
> 1. untagged 192.168.16.0/24
> 2. tagged 10.0.0.0/28
> and have a filter 'ip broadcast or vlan and ip broadcast'.

On most OSes, there will be separate interfaces for the raw network and the VLAN, and, if you capture on the raw 
network, the only address+netmask will be 192.168.16.0/24, so it'll match only on the first.  (Fixing that would 
require, among other things, that, on at least some platforms, libpcap find the corresponding VLAN interfaces so it can 
find their netmasks.)

> Or even worse, what if I have an interface with:
> 1. tagged 192.168.16.0/24
> 2. tagged 10.0.0.0/28
> and have a filter 'vlan and ip broadcast'.

See previous comment.

> PS: Holland, Holland!!! ;)

Yeah, yeah, yeah.  We just needed more toxoplasmosis:

        http://www.slate.com/id/2259350/pagenum/all/

(U.S. 12%, Ghana 92%).

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe