tcpdump mailing list archives
Re: pcap files with file header snaplen < packet
From: Jefferson Ogata <Jefferson.Ogata () noaa gov>
Date: Wed, 06 Dec 2006 00:58:27 -0500
Aaron Turner wrote:
Perhaps I'm confused... how does an application using the libpcap API get access to the snaplen? I don't see any way to do that.
int pcap_snapshot (pcap_t *)
Furthermore, all the libpcap functions seem to return a pointer to the packet buffer, and said buffer is allocated by libpcap, not the application. I guess I don't see the danger.
Yes, but an application could have allocated another buffer to copy that into based on snap. Of course it should check caplen, but there are a lot of lousy programmers out there. Like I say, I could go either way. But I think there is a potential problem. -- Jefferson Ogata <Jefferson.Ogata () noaa gov> NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov> "Never try to retrieve anything from a bear."--National Park Service - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: pcap files with file header snaplen < packet, (continued)
- Re: pcap files with file header snaplen < packet Harley Stenzel (Dec 04)
- Re: pcap files with file header snaplen < packet Jefferson Ogata (Dec 04)
- Re: pcap files with file header snaplen < packet Harley Stenzel (Dec 04)
- Re: pcap files with file header snaplen < packet Gerald Combs (Dec 04)
- Re: pcap files with file header snaplen < packet Harley Stenzel (Dec 04)
- Re: pcap files with file header snaplen < packet Gianluca Varenni (Dec 04)
- Re: pcap files with file header snaplen < packet Guy Harris (Dec 04)
- Re: pcap files with file header snaplen < packet Aaron Turner (Dec 04)
- Re: pcap files with file header snaplen < packet Jefferson Ogata (Dec 05)
- Re: pcap files with file header snaplen < packet Aaron Turner (Dec 05)
- Re: pcap files with file header snaplen < packet Jefferson Ogata (Dec 05)
- Re: pcap files with file header snaplen < packet Aaron Turner (Dec 05)