Wireshark mailing list archives
Re: why does wireshark believe that libpcap has a 65535 max packet size?
From: Guy Harris <guy () alum mit edu>
Date: Wed, 23 Nov 2011 17:06:27 -0800
On Nov 23, 2011, at 4:16 PM, Sam Roberts wrote:
See definiton of WTAP_MAX_PACKET_SIZE, and use in wiretap/libpcap.c. Seems to me it should be checking this (untested): if (hdr->hdr.incl_len > wth->snapshot_length) { // not WTAP_MAX_PACKET_SIZE!
There is no guarantee that wth->snapshot_length is non-zero, given that not all capture file formats Wireshark supports put an explicit snapshot length into the file. Checking against a maximum packet size prevents Wireshark from trying to allocate a huge amount of memory if you have a corrupted packet file, but a larger maximum would make sense. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- why does wireshark believe that libpcap has a 65535 max packet size? Sam Roberts (Nov 23)
- Re: why does wireshark believe that libpcap has a 65535 max packet size? Guy Harris (Nov 23)
- Re: why does wireshark believe that libpcap has a 65535 max packet size? Sam Roberts (Nov 23)
- Re: why does wireshark believe that libpcap has a 65535 max packet size? Guy Harris (Nov 23)