Closed mhils closed 9 months ago
Hi, I have a PR that adds the additional bytes needed field to PcapError::Incomplete
: https://github.com/rusticata/pcap-parser/pull/28. You can check this against the current buffer size and grow if needed. Please feel free to use the fork.
Hi, thank you for the report and the test file. I can confirm the problem and will commit a fix soon.
I committed a fix for this problem, which adds a new error type BufferTooSmall
. This error will be raised only if buffer capacity is not enough to store the data, not if there are only missing bytes.
@chifflier Do you reckon it would be useful to also include the new required size of the buffer in the BufferTooSmall
variant (a bit similar to what Incomplete
has)? I believe doing that could allow the application to resize the buffer to a reasonable value. If it's too large then maybe the pcap is malformed and the app could decide to error out.
First off, thank you for the fantastic work here! š :cake:
We've been running into a small footgun where
reader.next()
would returnIncomplete
, but callingrefill()
does not help because the buffer capacity is too small. Here's a repro based on the example code README, which gets stuck in an infinite loop:repro.pcapng.zip
This seems to affect both PCAP and PCAPNG files. Not sure what the right fix is here, I would guess
.refill()
should maybe error?