Currently, if packets were captured using packettruncatebytes=, wireshark's TCP analysis will be confused when parsing these truncated packets and you will see lots of bogus "[TCP Previous segment not captured]" and "[TCP ACKed unseen segment]".
With this PR, etl2pcapng will parse Ethernet and IP headers and infer the original length of packets and assign the length to PCAPNG_ENHANCED_PACKET_BODY::PacketLength. Note that doing so will not increase the converted file size.
Limitations:
Does not work with LSO v2 packets since length is not filled in IPv4/6 headers.
Currently, if packets were captured using packettruncatebytes=, wireshark's TCP analysis will be confused when parsing these truncated packets and you will see lots of bogus "[TCP Previous segment not captured]" and "[TCP ACKed unseen segment]".
With this PR, etl2pcapng will parse Ethernet and IP headers and infer the original length of packets and assign the length to PCAPNG_ENHANCED_PACKET_BODY::PacketLength. Note that doing so will not increase the converted file size.
Limitations:
Does not work with LSO v2 packets since length is not filled in IPv4/6 headers.
This change is