Small Bug when using -M Flag #55
Description
Hi, folks.
I noticed that tcpdump or wireshark couldn't properly decode sflow v5 packets generated by sflowtool with -M flag, after further checks I've got into this part of the code:
``
static void writePcapDatagram(SFSample *sample) {
static char dummyEthernet[] = { 0,0,0,0,0,1, 0,0,0,0,0,2 , 0x08,0x00 };
static struct myiphdr dummyIP = { 0x45, 0, 0, 0, 0, 64, 17, 0, 0, 0 };
static struct myudphdr dummyUDP = { 0, 0, 0, 0 };
dummyUDP.uh_sport = dummyUDP.uh_dport = htons(6343);
char buf[SA_MAX_SFLOW_PKT_SIZ];
int bytes = 0;
int pduLen = sample->rawSampleLen;
int totalBytes = sizeof(dummyEthernet) + sizeof(dummyIP) + sizeof(dummyUDP) + pduLen;
struct pcap_pkthdr hdr;
hdr.ts_sec = sample->readTimestamp;
hdr.ts_usec = sample->readTimestamp_uS;
hdr.caplen = hdr.len = totalBytes;
/* prepare the whole thing in a buffer first, in case we are piping the output
to another process and the reader expects it all to appear at once... /
/ pcap hdr /
memcpy(buf, &hdr, sizeof(hdr));
bytes = sizeof(hdr);
/ dummy ethernet /
memcpy(buf+bytes, dummyEthernet, sizeof(dummyEthernet));
bytes += sizeof(dummyEthernet);
/ dummy ip /
dummyIP.tot_len = htons(sizeof(dummyIP) + sizeof(dummyUDP) + pduLen);
memcpy(buf+bytes, &dummyIP, sizeof(dummyIP));
bytes += sizeof(dummyIP);
/ dummy udp /
dummyUDP.uh_ulen = htons(pduLen);
memcpy(buf+bytes, &dummyUDP, sizeof(dummyUDP));
bytes += sizeof(dummyUDP);
/ the datagram */
memcpy(buf+bytes, sample->rawSample, pduLen);
bytes += pduLen;
if(fwrite(buf, bytes, 1, stdout) != 1) {
fprintf(ERROUT, "writePcapPacket: packet write failed: %s\n", strerror(errno));
exit(-3);
}
fflush(stdout);
}
´´
The only change required is in this line:
int pduLen = sample->rawSampleLen;
To:
int pduLen = sample->rawSampleLen+8;
This allowed tcpdump and wireshark to start decoding sflow v5 properly again.
Sincerely,
Fred