[libtrace-users] Re: Two more libtrace bugs

Perry Lorier perry at cs.waikato.ac.nz
Wed Apr 9 11:08:47 NZST 2008 

Nevil Brownlee wrote:
> 
> Hi Perry, Shane et al:
> 
> 1. I've spent the day making an autoconfigure script for ruby-libtrace.
>    The string LIBTRACE_API_VERSION says 0x030003, but the version I'm
>    using is 3.0.4.

Oops, missed that when I did the most recent release.  My bad sorry :)

> 2. I've been playing with filters and writing output traces.
>    I have a small test file I'm using with a suite of small example
>    ruby programs.  When I set 'udp port 53' as my input filter,
>    it works properly, *except* that the first filtered packet
>    is truncated.  That is, Wireshark says that packet has cature length
>    74 bytes, but libtrace says it has 60.   Doing it with a software
>    filter gets the packet and its length correctly.

Yup, this is a bug which I've just fixed based on your report.  Sorry :)
We cache the length of the packet to avoid having to do math for some of 
the more obscure trace types and this cache wasn't getting properly 
cleaned when we skipped a packet for not matching the filter.

> 
> 1. I'm only implementing three of the possibilities - filter,
>    snaplen, promisc.  All three *always* return 0 from trace_config()
>    back to the C caller.
>    So you can't tell if you gave it a bad argument !!

Most of these can't be checked at the config time.  Configuration is 
setup before you call trace_start(), then when trace_start() is called, 
the configuration is applied.  Most of the configuration can't be 
validated until trace_start() is called. (for instance filters can't be 
compiled until we have opened the interface, and promisc can't be set 
until the interface).  Admittedly snaplen could be validated to be sane 
(which I've just added).

> 2. Trying to set promisc to 0 (i.e. false) doesn't work; the
>    interface always captures in promiscuous ode. 

hrm.  using strace libtrace appears to not try and put the interface 
into promisc mode if asked not to.  Is your interface already in promisc 
mode from something else capturing on it?

> I'm just about ready to release it now, onlhy a little bit more testing,
> and a few more html pages of documentation to finish.

Sweet :)

> I really should be working on other things, but this one keeps
> calling to me, sigh.

Ah yes,  I know how that is :)

More information about the Libtrace-users mailing list