June 2026 - gerrit-log - lists.osmocom.org

[XS] Change in osmo-pcap[master]: client: Fix 32-bit overflow when computing pcapng EPB timestamp
by fixeria 17 Jun '26

17 Jun '26

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42842?usp=email ) Change subject: client: Fix 32-bit overflow when computing pcapng EPB timestamp ...................................................................... client: Fix 32-bit overflow when computing pcapng EPB timestamp tv_sec * 1000 * 1000 was evaluated in int arithmetic. Where time_t / tv_sec is 32-bit, this overflows for any tv_sec > ~2147, corrupting the 64-bit timestamp_usec well before the year 2038. Cast tv_sec to uint64_t before the multiplication so the whole expression is computed in 64 bits. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply(a)anthropic.com> Change-Id: I20d3282b8cba1675ce2d0860e66027e5ee8245ef --- M src/osmo_client_network.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-pcap refs/changes/42/42842/1 diff --git a/src/osmo_client_network.c b/src/osmo_client_network.c index 4b91429..69308fe 100644 --- a/src/osmo_client_network.c +++ b/src/osmo_client_network.c @@ -207,7 +207,7 @@ int rc; epb_pars = (struct osmo_pcapng_file_epb_pars){ - .timestamp_usec = (pkthdr->ts.tv_sec * 1000 * 1000) + pkthdr->ts.tv_usec, + .timestamp_usec = ((uint64_t)pkthdr->ts.tv_sec * 1000 * 1000) + pkthdr->ts.tv_usec, .interface_id = ph->idx, .captured_data = data, .captured_len = pkthdr->caplen, -- To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42842?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-pcap Gerrit-Branch: master Gerrit-Change-Id: I20d3282b8cba1675ce2d0860e66027e5ee8245ef Gerrit-Change-Number: 42842 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>

1 0

[XS] Change in osmo-pcap[master]: server: fix msgb leak on duplicate link header
by fixeria 17 Jun '26

17 Jun '26

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42844?usp=email ) Change subject: server: fix msgb leak on duplicate link header ...................................................................... server: fix msgb leak on duplicate link header rx_link_hdr() takes ownership of msg on success (rx_link() only frees it on failure). Both branches that call update_conn_file_hdr_msg() free msg, but when an identical link header was already stored neither branch ran and msg was leaked. This happens on every duplicate PKT_LINK_HDR, e.g. a client that periodically resends its header. Free msg explicitly in that case. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply(a)anthropic.com> Change-Id: I79344fe942342f2a736878142b3cf036fc982eef --- M src/osmo_server_network.c 1 file changed, 3 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-pcap refs/changes/44/42844/1 diff --git a/src/osmo_server_network.c b/src/osmo_server_network.c index 5c0fc36..90b8b54 100644 --- a/src/osmo_server_network.c +++ b/src/osmo_server_network.c @@ -173,6 +173,9 @@ memcmp(msgb_l2(conn->file_hdr_msg), msgb_l2(msg), msgb_l2len(msg)) != 0) { /* Client changed the link hdr in conn */ update_conn_file_hdr_msg(conn, msg); + } else { + /* Identical link hdr already stored, nothing to do but free msg */ + msgb_free(msg); } return 1; -- To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42844?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-pcap Gerrit-Branch: master Gerrit-Change-Id: I79344fe942342f2a736878142b3cf036fc982eef Gerrit-Change-Number: 42844 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>

1 0

[S] Change in osmo-pcap[master]: client: honor IPv4 header length in GPRS filter
by fixeria 17 Jun '26

17 Jun '26

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42845?usp=email ) Change subject: client: honor IPv4 header length in GPRS filter ...................................................................... client: honor IPv4 header length in GPRS filter The GPRS-NS/BSSGP filter assumed a fixed 20-byte IPv4 header (IP_LEN) when locating the UDP header and payload. When the captured packet carries IPv4 options (ip_hl > 5), udp_data/payload_data pointed into the middle of the headers and check_gprs() parsed garbage, classifying packets incorrectly. Use the actual header length from ip_hl, reject malformed headers (ip_hl < 5), and re-validate that the larger headers fit within the captured length before computing the payload. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply(a)anthropic.com> Change-Id: Iac1fa9cc2a3c06cbe19c3e7799a0b335f2e3dda9 --- M src/osmo_client_core.c 1 file changed, 13 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-pcap refs/changes/45/42845/1 diff --git a/src/osmo_client_core.c b/src/osmo_client_core.c index dbc2588..61e7cc0 100644 --- a/src/osmo_client_core.c +++ b/src/osmo_client_core.c @@ -108,6 +108,7 @@ { int ll_type; int offset; + size_t ip_hdr_len; struct ip *ip_hdr; const u_char *ip_data; const u_char *udp_data; @@ -145,9 +146,19 @@ if (ip_hdr->ip_p != 17) return 1; - udp_data = ip_data + IP_LEN; + /* Honour the actual IPv4 header length (ip_hl), which may be larger + * than IP_LEN when IP options are present. */ + ip_hdr_len = ip_hdr->ip_hl * 4; + if (ip_hdr_len < IP_LEN) + return 1; /* malformed IPv4 header */ + + /* Re-check that the (possibly larger) headers fit within the capture */ + if (offset + ip_hdr_len + UDP_LEN + NS_LEN > hdr->caplen) + return 1; + + udp_data = ip_data + ip_hdr_len; payload_data = udp_data + UDP_LEN; - payload_len = hdr->caplen - offset - IP_LEN - UDP_LEN; + payload_len = hdr->caplen - offset - ip_hdr_len - UDP_LEN; return check_gprs(payload_data, payload_len); } -- To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42845?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-pcap Gerrit-Branch: master Gerrit-Change-Id: Iac1fa9cc2a3c06cbe19c3e7799a0b335f2e3dda9 Gerrit-Change-Number: 42845 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>

1 0

[XS] Change in osmo-pcap[master]: tls: do not treat GNUTLS_E_AGAIN/INTERRUPTED as fatal on read
by fixeria 17 Jun '26

17 Jun '26

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42846?usp=email ) Change subject: tls: do not treat GNUTLS_E_AGAIN/INTERRUPTED as fatal on read ...................................................................... tls: do not treat GNUTLS_E_AGAIN/INTERRUPTED as fatal on read osmo_tls_client_bfd_cb() treated any non-positive return from gnutls_record_recv() as a fatal error and tore down the session. On a non-blocking socket gnutls_record_recv() can return GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED (both negative but non-fatal), which would drop an otherwise healthy TLS session. Handle them as retryable, mirroring the existing logic in tls_write(). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply(a)anthropic.com> Change-Id: If2f842b202dd08c07dffe3770c51cf0ce886beee --- M src/osmo_tls.c 1 file changed, 5 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-pcap refs/changes/46/42846/1 diff --git a/src/osmo_tls.c b/src/osmo_tls.c index 8524ee3..f06f50e 100644 --- a/src/osmo_tls.c +++ b/src/osmo_tls.c @@ -264,7 +264,11 @@ if (what & OSMO_FD_READ) { int rc = tls_read(sess); - if (rc <= 0) { + /* A non-blocking read may legitimately return GNUTLS_E_AGAIN or + * GNUTLS_E_INTERRUPTED; these are not errors, just retry later. */ + if (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN) { + /* nothing to do, wait for the next read event */ + } else if (rc <= 0) { sess->error(sess); return rc; } -- To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42846?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-pcap Gerrit-Branch: master Gerrit-Change-Id: If2f842b202dd08c07dffe3770c51cf0ce886beee Gerrit-Change-Number: 42846 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>

1 0

[S] Change in osmo-pcap[master]: tls: fix broken certificate hostname verification
by fixeria 17 Jun '26

17 Jun '26

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42849?usp=email ) Change subject: tls: fix broken certificate hostname verification ...................................................................... tls: fix broken certificate hostname verification verify_cert_cb() retrieved the gnutls session pointer and passed it to gnutls_certificate_verify_peers3() as the expected hostname. But the session pointer is set to the osmo_tls_session struct (it is needed by cert_callback()), not a hostname string. Hostname matching was therefore performed against raw struct bytes, rendering verification meaningless and potentially reading out of bounds, even when "tls verify-cert" was enabled. Store the configured hostname in struct osmo_tls_session and have verify_cert_cb() read it from there. Also drop the stray gnutls_certificate_verify_peers3() call in the client setup: it ran before any handshake (so there were no peer certificates yet) and its result was ignored; the real verification happens via the registered callback during the handshake. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply(a)anthropic.com> Change-Id: If64950a698bfcfbf556a37ef1be3e68abc124384 --- M include/osmo-pcap/osmo_tls.h M src/osmo_tls.c 2 files changed, 15 insertions(+), 4 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-pcap refs/changes/49/42849/1 diff --git a/include/osmo-pcap/osmo_tls.h b/include/osmo-pcap/osmo_tls.h index 716604e..6afbe71 100644 --- a/include/osmo-pcap/osmo_tls.h +++ b/include/osmo-pcap/osmo_tls.h @@ -38,6 +38,9 @@ bool need_resend; gnutls_session_t session; + /* expected peer hostname for certificate verification (may be NULL) */ + const char *tls_hostname; + /* any credentials */ bool anon_alloc; gnutls_anon_client_credentials_t anon_cred; diff --git a/src/osmo_tls.c b/src/osmo_tls.c index f06f50e..9502dbc 100644 --- a/src/osmo_tls.c +++ b/src/osmo_tls.c @@ -139,11 +139,15 @@ static int verify_cert_cb(gnutls_session_t session) { + const struct osmo_tls_session *sess; const char *hostname; unsigned int status; int ret; - hostname = gnutls_session_get_ptr(session); + /* The session ptr is the osmo_tls_session (see gnutls_session_set_ptr()); + * the expected hostname is stored inside it. */ + sess = gnutls_session_get_ptr(session); + hostname = sess ? sess->tls_hostname : NULL; ret = gnutls_certificate_verify_peers3(session, hostname, &status); if (ret != 0) @@ -448,7 +452,6 @@ { struct osmo_tls_session *sess = &client->tls_session; struct osmo_wqueue *wq = &client->wqueue; - unsigned int status; int rc; gnutls_global_set_log_level(client->tls_log_level); @@ -518,14 +521,19 @@ gnutls_certificate_set_retrieve_function2(sess->cert_cred, cert_callback); /* set the hostname if we have one */ - if (client->tls_hostname) + if (client->tls_hostname) { gnutls_server_name_set(sess->session, GNUTLS_NAME_DNS, client->tls_hostname, strlen(client->tls_hostname)); + /* Remember it so verify_cert_cb() can match it against the peer + * certificate during the handshake. */ + sess->tls_hostname = client->tls_hostname; + } /* do the verification */ if (client->tls_verify) { + /* The actual verification happens during the handshake via the + * registered callback; there are no peer certificates yet here. */ gnutls_certificate_set_verify_function(sess->cert_cred, verify_cert_cb); - gnutls_certificate_verify_peers3(sess->session, client->tls_hostname, &status); } else LOGP(DTLS, LOGL_NOTICE, "Not going to validate certs as configured\n"); -- To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42849?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-pcap Gerrit-Branch: master Gerrit-Change-Id: If64950a698bfcfbf556a37ef1be3e68abc124384 Gerrit-Change-Number: 42849 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>

1 0

[XS] Change in osmo-pcap[master]: server: fix NULL deref of file_hdr_msg when store is disabled
by fixeria 17 Jun '26

17 Jun '26

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42848?usp=email ) Change subject: server: fix NULL deref of file_hdr_msg when store is disabled ...................................................................... server: fix NULL deref of file_hdr_msg when store is disabled When a connection has storing disabled (no store), conn->file_hdr_msg is never populated. The previous link-header handling skipped the first branch (gated on conn->store) and fell through to the comparison branch, which dereferenced the still-NULL conn->file_hdr_msg, crashing the server on the first PKT_LINK_HDR from such a client. Gate the whole header tracking on conn->store and simply free the message when not storing, since osmo_pcap_conn_restart_trace() already no-ops in that case. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply(a)anthropic.com> Change-Id: I419e1b66d07307c3e49294984887c153cd8494c3 --- M src/osmo_server_network.c 1 file changed, 4 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-pcap refs/changes/48/42848/1 diff --git a/src/osmo_server_network.c b/src/osmo_server_network.c index 90b8b54..4aaa324 100644 --- a/src/osmo_server_network.c +++ b/src/osmo_server_network.c @@ -166,7 +166,10 @@ if ((rc = validate_link_hdr(conn, data)) < 0) return rc; - if (conn->store && !conn->wrf) { + if (!conn->store) { + /* Not storing to a file: no link header to track or compare. */ + msgb_free(msg); + } else if (!conn->wrf) { /* First received link hdr in conn */ update_conn_file_hdr_msg(conn, msg); } else if (msgb_l2len(conn->file_hdr_msg) != msgb_l2len(msg) || -- To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42848?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-pcap Gerrit-Branch: master Gerrit-Change-Id: I419e1b66d07307c3e49294984887c153cd8494c3 Gerrit-Change-Number: 42848 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>

1 0

[XS] Change in osmo-pcap[master]: server: vty: validate rotate-localtime modulus against the new interval
by fixeria 17 Jun '26

17 Jun '26

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42847?usp=email ) Change subject: server: vty: validate rotate-localtime modulus against the new interval ...................................................................... server: vty: validate rotate-localtime modulus against the new interval apply_rotate_localtime() computed the maximum allowed modulus from pcap_server->rotate_localtime.intv, the currently-stored (old) interval, rather than the intv argument being applied. On first configuration the stored interval is the default 0, so the switch hit the default case and rejected an otherwise valid command; when changing intervals the modulus was bounds-checked against the wrong interval. Switch on intv instead. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply(a)anthropic.com> Change-Id: I0b367d4e255db3208b41e12adec682026b99cc18 --- M src/osmo_server_vty.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-pcap refs/changes/47/42847/1 diff --git a/src/osmo_server_vty.c b/src/osmo_server_vty.c index dfe9857..aa21411 100644 --- a/src/osmo_server_vty.c +++ b/src/osmo_server_vty.c @@ -289,7 +289,7 @@ static int apply_rotate_localtime(struct vty *vty, enum time_interval intv, unsigned int modulus) { unsigned int max_mod = 0; - switch (pcap_server->rotate_localtime.intv) { + switch (intv) { case TIME_INTERVAL_SEC: max_mod = 60; break; -- To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42847?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-pcap Gerrit-Branch: master Gerrit-Change-Id: I0b367d4e255db3208b41e12adec682026b99cc18 Gerrit-Change-Number: 42847 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>

1 0

[S] Change in osmo-pcap[master]: server: vty: fix docs for cfg_server_rotate_localtime[_mod_n]
by fixeria 17 Jun '26

17 Jun '26

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42837?usp=email ) Change subject: server: vty: fix docs for cfg_server_rotate_localtime[_mod_n] ...................................................................... server: vty: fix docs for cfg_server_rotate_localtime[_mod_n] Change-Id: I6fd1d081bba035fbd9d72a1705ab58194edf274e Fixes: 18747641 ("pcap-server: Make rotate-localtime feature configurable through VTY") --- M src/osmo_server_vty.c 1 file changed, 7 insertions(+), 3 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-pcap refs/changes/37/42837/1 diff --git a/src/osmo_server_vty.c b/src/osmo_server_vty.c index fcf1db1..5b70015 100644 --- a/src/osmo_server_vty.c +++ b/src/osmo_server_vty.c @@ -331,7 +331,9 @@ "Rotate every Second\n" "Rotate every Minute\n" "Rotate every Hour\n" - "Rotate every Day\n") + "Rotate every Day\n" + "Rotate every Month\n" + "Rotate every Year\n") { return apply_rotate_localtime(vty, get_string_value(time_interval_names, argv[0]), 1); } @@ -344,8 +346,10 @@ "Rotate every Minute\n" "Rotate every Hour\n" "Rotate every Day\n" - "Rotate every Nth second/minute/hour/day/month/year" - "Nth second/minute/hour/day/month/year") + "Rotate every Month\n" + "Rotate every Year\n" + "Rotate every Nth second/minute/hour/day/month/year\n" + "Nth second/minute/hour/day/month/year\n") { unsigned long long modulus = strtoull(argv[1], NULL, 10); return apply_rotate_localtime(vty, get_string_value(time_interval_names, argv[0]), modulus); -- To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42837?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-pcap Gerrit-Branch: master Gerrit-Change-Id: I6fd1d081bba035fbd9d72a1705ab58194edf274e Gerrit-Change-Number: 42837 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>

1 0

[S] Change in osmo-pcap[master]: doc: clarify 'pcap snaplen' / 'max-snaplen'
by fixeria 17 Jun '26

17 Jun '26

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42835?usp=email ) Change subject: doc: clarify 'pcap snaplen' / 'max-snaplen' ...................................................................... doc: clarify 'pcap snaplen' / 'max-snaplen' Change-Id: Ic2c82173c12814d61f0ee9f7454b9e5dcb0c13f4 Related: SYS#8099 --- M doc/manuals/chapters/client.adoc M doc/manuals/chapters/server.adoc 2 files changed, 15 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-pcap refs/changes/35/42835/1 diff --git a/doc/manuals/chapters/client.adoc b/doc/manuals/chapters/client.adoc index 1769b60..d9885d1 100644 --- a/doc/manuals/chapters/client.adoc +++ b/doc/manuals/chapters/client.adoc @@ -49,6 +49,7 @@ pcap device eth2 <3> pcap filter udp port 23000 <4> pcap detect-loop 1 <5> + pcap snaplen 9000 <6> ---- <1> Prepare records in pcapng format. <2> The network device from which to obtain a capture. @@ -57,6 +58,14 @@ <5> Instruct osmo-pcap-client to automatically add a filter that prevents capturing the traffic between osmo-pcap-client and osmo-pcap-server, which would create a loop. +<6> Maximum number of bytes captured per packet (snapshot length). + +Packets longer than the configured `snaplen` are captured truncated, and +osmo-pcap-client logs an error for each such packet. Note that kernel receive +offloading (GRO/LRO/GSO) can hand libpcap coalesced "super-frames" much larger +than the link MTU; either raise `snaplen` accordingly or disable offloading on +the captured interface (e.g. `ethtool -K <iface> gro off lro off gso off tso +off`). Adding or removing new recording network devices during operation is not really supported, and a restart of osmo-pcap-client is expected for the new diff --git a/doc/manuals/chapters/server.adoc b/doc/manuals/chapters/server.adoc index e0d9ff4..5d6ed32 100644 --- a/doc/manuals/chapters/server.adoc +++ b/doc/manuals/chapters/server.adoc @@ -46,6 +46,12 @@ <3> TCP port number to which to bind/listen <4> maximum pcap snapshot length (per packet, in bytes; default: 9000) +The `max-snaplen` value acts as an upper bound (ceiling) for all connected +clients: a client is accepted as long as its own configured `snaplen` does not +exceed the server's `max-snaplen`. It is therefore perfectly fine to configure a +larger `max-snaplen` on the server than the `snaplen` used by some clients; each +client's trace is recorded using that client's own snaplen. + The received packets are stored to a pcap file below the `base-path` using a filename encoding both the client name and the date/time at time of file creation. -- To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42835?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-pcap Gerrit-Branch: master Gerrit-Change-Id: Ic2c82173c12814d61f0ee9f7454b9e5dcb0c13f4 Gerrit-Change-Number: 42835 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>

1 0

[S] Change in osmo-pcap[master]: vty: clamp configured snaplen to the wire-framing limit
by fixeria 17 Jun '26

17 Jun '26

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcap/+/42836?usp=email ) Change subject: vty: clamp configured snaplen to the wire-framing limit ...................................................................... vty: clamp configured snaplen to the wire-framing limit osmo-pcap carries each captured packet in a frame whose length field (struct osmo_pcap_data.len) is a uint16_t, so any snaplen above ~64 KiB cannot be transported and is silently clamped by the server when sizing its receive buffer (calc_data_max_len() caps at UINT16_MAX). The VTY, however, advertised libpcap's MAXIMUM_SNAPLEN (262144), misleading users into configuring values that never take effect. Introduce OSMO_PCAP_MAX_SNAPLEN (65535) and, in both the client "pcap snaplen" and server "max-snaplen" handlers, warn and cap the value to it when a larger one is given. The command syntax keeps the <1-262144> range for backwards compatibility so existing configs still parse; the help text now documents the effective 64 KiB limit. Related: SYS#8099 Related: 6d2f7c52 ("server: Limit rx buffer size to UINT16_MAX") Co-Authored-By: Claude Opus 4.8 (1M context) <noreply(a)anthropic.com> Change-Id: Ia56cad48e8cefe8ae103f2f7d2e037bf28438b71 --- M doc/manuals/chapters/client.adoc M doc/manuals/chapters/server.adoc M include/osmo-pcap/common.h M src/osmo_client_vty.c M src/osmo_server_vty.c 5 files changed, 43 insertions(+), 5 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-pcap refs/changes/36/42836/1 diff --git a/doc/manuals/chapters/client.adoc b/doc/manuals/chapters/client.adoc index d9885d1..87682c5 100644 --- a/doc/manuals/chapters/client.adoc +++ b/doc/manuals/chapters/client.adoc @@ -67,6 +67,12 @@ the captured interface (e.g. `ethtool -K <iface> gro off lro off gso off tso off`). +NOTE:: Even though larger values are accepted for backwards compatibility, the +osmo-pcap wire framing limits the effective snapshot length to 64 KiB +(65535 bytes). Configuring a `snaplen` above 65535 is capped to 65535 with a +warning on the VTY. The server's `max-snaplen` must be greater than or equal to +the `snaplen` configured here. + Adding or removing new recording network devices during operation is not really supported, and a restart of osmo-pcap-client is expected for the new configuration to be properly set up. diff --git a/doc/manuals/chapters/server.adoc b/doc/manuals/chapters/server.adoc index 5d6ed32..f7a8290 100644 --- a/doc/manuals/chapters/server.adoc +++ b/doc/manuals/chapters/server.adoc @@ -39,7 +39,7 @@ base-path /var/lib/osmo-pcap-server <1> server ip 192.168.11.20 <2> server port 54321 <3> - max-snaplen 100000 <4> + max-snaplen 65535 <4> ---- <1> directory to which the pcap files are stored <2> IP address to which to bind/listen @@ -52,6 +52,11 @@ larger `max-snaplen` on the server than the `snaplen` used by some clients; each client's trace is recorded using that client's own snaplen. +NOTE: Even though larger values are accepted for backwards compatibility, the +osmo-pcap wire framing limits the effective snapshot length to 64 KiB +(65535 bytes). Configuring a `max-snaplen` above 65535 is capped to 65535 with a +warning on the VTY. + The received packets are stored to a pcap file below the `base-path` using a filename encoding both the client name and the date/time at time of file creation. diff --git a/include/osmo-pcap/common.h b/include/osmo-pcap/common.h index 5916c48..b976a20 100644 --- a/include/osmo-pcap/common.h +++ b/include/osmo-pcap/common.h @@ -62,6 +62,13 @@ #define MAXIMUM_SNAPLEN 262144 #endif +/* osmo-pcap transports each captured packet inside a frame whose length field + * (struct osmo_pcap_data.len) is a uint16_t. Hence the largest snaplen that can + * actually be carried over the wire is bounded by UINT16_MAX, far below + * libpcap's MAXIMUM_SNAPLEN (262144). The server enforces the same ceiling when + * sizing its per-connection receive buffer (see calc_data_max_len()). */ +#define OSMO_PCAP_MAX_SNAPLEN 65535 + #define DEFAULT_SNAPLEN 9000 #endif diff --git a/src/osmo_client_vty.c b/src/osmo_client_vty.c index 127e52f..6bee983 100644 --- a/src/osmo_client_vty.c +++ b/src/osmo_client_vty.c @@ -198,9 +198,19 @@ DEFUN(cfg_client_snaplen, cfg_client_snaplen_cmd, "pcap snaplen <1-262144>", /* MAXIMUM_SNAPLEN */ - PCAP_STRING "snapshot length\n" "Bytes\n") + PCAP_STRING "snapshot length\n" + "Bytes (effectively limited to 64 KiB by the osmo-pcap wire framing)\n") { - pcap_client->snaplen = atoi(argv[0]); + int snaplen = atoi(argv[0]); + + if (snaplen > OSMO_PCAP_MAX_SNAPLEN) { + vty_out(vty, "%% snaplen %d exceeds the limit imposed by the " + "osmo-pcap wire framing, capping to %d%s", + snaplen, OSMO_PCAP_MAX_SNAPLEN, VTY_NEWLINE); + snaplen = OSMO_PCAP_MAX_SNAPLEN; + } + + pcap_client->snaplen = snaplen; return CMD_SUCCESS; } diff --git a/src/osmo_server_vty.c b/src/osmo_server_vty.c index dfe9857..fcf1db1 100644 --- a/src/osmo_server_vty.c +++ b/src/osmo_server_vty.c @@ -373,9 +373,19 @@ DEFUN(cfg_server_max_snaplen, cfg_server_max_snaplen_cmd, "max-snaplen <1-262144>", /* MAXIMUM_SNAPLEN */ - "Maximum pcap snapshot length\n" "Bytes\n") + "Maximum pcap snapshot length\n" + "Bytes (effectively limited to 64 KiB by the osmo-pcap wire framing)\n") { - pcap_server->max_snaplen = atoi(argv[0]); + int snaplen = atoi(argv[0]); + + if (snaplen > OSMO_PCAP_MAX_SNAPLEN) { + vty_out(vty, "%% max-snaplen %d exceeds the limit imposed by the " + "osmo-pcap wire framing, capping to %d%s", + snaplen, OSMO_PCAP_MAX_SNAPLEN, VTY_NEWLINE); + snaplen = OSMO_PCAP_MAX_SNAPLEN; + } + + pcap_server->max_snaplen = snaplen; return CMD_SUCCESS; } -- To view, visit https://gerrit.osmocom.org/c/osmo-pcap/+/42836?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-pcap Gerrit-Branch: master Gerrit-Change-Id: Ia56cad48e8cefe8ae103f2f7d2e037bf28438b71 Gerrit-Change-Number: 42836 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de>

1 0

2026

2025

2024

2023

2022

gerrit-log June 2026