diff options
-rw-r--r-- | doc/editcap.pod | 7 | ||||
-rw-r--r-- | editcap.c | 23 |
2 files changed, 21 insertions, 9 deletions
diff --git a/doc/editcap.pod b/doc/editcap.pod index a122332f1d..0eff2c943d 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -178,9 +178,10 @@ opened. The default is to use a single output file. =item -I E<lt>bytes to ignoreE<gt> -Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation -Useful to remove duplicated packets taken on several routers(differents mac addresses for example) -e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)). +Ignore the specified number of bytes at the beginning of the frame during MD5 hash calculation, +unless the frame is too short, then the full frame is used. +Useful to remove duplicated packets taken on several routers (different mac addresses for example) +e.g. -I 26 in case of Ether/IP will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)). The default value is 0. =item -L @@ -581,11 +581,16 @@ is_duplicate(guint8* fd, guint32 len) { md5_state_t ms; /*Hint to ignore some bytes at the start of the frame for the digest calculation(-I option) */ + guint32 offset = ignored_bytes; guint32 new_len; guint8 *new_fd; - new_fd = &fd[ignored_bytes]; - new_len = len - (ignored_bytes); + if (len <= ignored_bytes) { + offset = 0; + } + + new_fd = &fd[offset]; + new_len = len - (offset); cur_dup_entry++; if (cur_dup_entry >= dup_window) @@ -618,11 +623,16 @@ is_duplicate_rel_time(guint8* fd, guint32 len, const nstime_t *current) { md5_state_t ms; /*Hint to ignore some bytes at the start of the frame for the digest calculation(-I option) */ + guint32 offset = ignored_bytes; guint32 new_len; guint8 *new_fd; - new_fd = &fd[ignored_bytes]; - new_len = len - (ignored_bytes); + if (len <= ignored_bytes) { + offset = 0; + } + + new_fd = &fd[offset]; + new_len = len - (offset); cur_dup_entry++; if (cur_dup_entry >= dup_window) @@ -752,8 +762,9 @@ print_usage(FILE *output) fprintf(output, " (e.g. 0.000001).\n"); fprintf(output, " -a <framenum>:<comment> Add or replace comment for given frame number\n"); fprintf(output, "\n"); - fprintf(output, " -I <bytes to ignore> ignore the specified bytes at the beginning of\n"); - fprintf(output, " the frame during MD5 hash calculation.\n"); + fprintf(output, " -I <bytes to ignore> ignore the specified number of bytes at the beginning\n"); + fprintf(output, " of the frame during MD5 hash calculation, unless the\n"); + fprintf(output, " frame is too short, then the full frame is used.\n"); fprintf(output, " Useful to remove duplicated packets taken on\n"); fprintf(output, " several routers (different mac addresses for\n"); fprintf(output, " example).\n"); |