ndpiReader: fix packet dissection (CAPWAP and TSO) (#1878)

Fix decapsulation of CAPWAP; we are interested only in "real" user data tunneled via CAPWAP. When Tcp Segmentation Offload is enabled in the NIC, the received packet might have 0 as "ip length" in the IPv4 header (see https://osqa-ask.wireshark.org/questions/16279/why-are-the-bytes-00-00-but-wireshark-shows-an-ip-total-length-of-2016/) The effect of these two bugs was that some packets were discarded. Be sure that flows order is deterministic
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-01-30 10:59:18 +0100
committer: GitHub <noreply@github.com> 2023-01-30 10:59:18 +0100
commit: 9f27cd56b01db4c45fd5c3de8375b5287f9c72ce (patch)
tree: 4af215bd4812f4e3498e5cece20f2041b4824f2c /example/ndpiReader.c
parent: 3e6cadbb76a3ebe9af7ff1b858f129116fbbb878 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 66706044a..925592de9 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -656,6 +656,7 @@ int cmpFlows(const void *_a, const void *_b) {
   if(htons(fa->src_port) < htons(fb->src_port)) return(-1); else { if(htons(fa->src_port) > htons(fb->src_port)) return(1); }
   if(htonl(fa->dst_ip)   < htonl(fb->dst_ip)  ) return(-1); else { if(htonl(fa->dst_ip)   > htonl(fb->dst_ip)  ) return(1); }
   if(htons(fa->dst_port) < htons(fb->dst_port)) return(-1); else { if(htons(fa->dst_port) > htons(fb->dst_port)) return(1); }
+  if(fa->vlan_id < fb->vlan_id) return(-1); else { if(fa->vlan_id > fb->vlan_id) return(1); }
   return(0);
 }
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-01-30 10:59:18 +0100
committer	GitHub <noreply@github.com>	2023-01-30 10:59:18 +0100
commit	9f27cd56b01db4c45fd5c3de8375b5287f9c72ce (patch)
tree	4af215bd4812f4e3498e5cece20f2041b4824f2c /example/ndpiReader.c
parent	3e6cadbb76a3ebe9af7ff1b858f129116fbbb878 (diff)