Closed noriov closed 2 years ago
Hi,
Thanks for the report. This 0x70
looks indeed suspicious. I'm investigating.
The specifications clearly states this, so your patch seems correct.
However, it shows a (previously existing) problem in the code, which is a risk of overflow in the computation of the resolution. Also, it recalculates the resolution at each call, while it is constant for an interface.
I\ll fix this in two steps:
Side note: I could not find any pcapng file with a resolution encoded as power of two. I'd be interested if anyone has one!
Hello,
I just downloaded (git-clone'd) the source code of pcap-parser. I had a glance and found the following code fragment may have a typo.
According to the description of
if_tsresol
in draft-ietf-opsawg-pcapng,if_tsresol
is one-byte and its most significant bit has a special meaning. Hence, I think the mask below should be 0x80 instead of 0x70.Because I don't have test data for this patch, I'm sorry I didn't test it. I'm sorry if I misunderstand something.
The PCAPNG specification I read was https://pcapng.github.io/pcapng/draft-ietf-opsawg-pcapng.html#name-interface-description-block