Closed JulianSchmid closed 8 months ago
NewbiZ
commented
1 year ago Just spent hours of debugging until I found this very problem as well. I am working with 802.1Q (vlan) packets that contain a 4 bytes CRC/FCS after the UDP payload.
My current strategy is of course to reslice the payload by the UDP header length - 8B, which is very hackish and error prone.
JulianSchmid
commented
1 year ago I will try to fix this with the next release. But I will have to find some time and make some breaking changes to fix this.
robs-zeynet
commented
1 year ago Not to make this more complicated, but you can also have IP-level trailers as well, e.g., that transport->len() is less than the IP header's payload. This draft RFC[1] is one example I've seen in the wild [2] but I'm sure more exist out there.
Not saying that you need to solve this problem as well, but throwing it case you want to create a more general solution.
[1] https://datatracker.ietf.org/doc/html/draft-ietf-mpls-icmp-08 [2] More info on seeing it in the wild at http://www.cs.umd.edu/~capveg/discarte-sigcomm08.pdf --> section 3.1
JulianSchmid
commented
8 months ago
Currently the library just assumes that the rest of the packet is always belonging to the lower layer protocol and ignores the lengths specified in IP & UDP. But this is not always the case, there are recordings where the Ethernet Layer also contains a FCS (Frame Check Sequence) which is located at the very end of the packet.
The packet slicing and decoding functions should automatically exclude the FCS from the payload.