From a child analyzer like NTP, the IP_Hdr pointer in the DeliverPacket method is empty and unusable causing a segmentation fault as soon as you try to access it.
To recreate the bug, just add an "assert(ip)" inside the DeliverPacket method of a UDP child analyzer and the execution will fail (instead of the segmentation fault).
Thanks for your quick reply.
There's a fix in git on branch topic/jsiwek/bit-1298
I think the original reason for not buffering the header was a performance concern: this code can execute a lot. However, measuring execution time on the test suite with this branch, I don't see a noticeable increase, so that looks fine.
the copy ctor for the IP header worries me a bit: the constraint that it must not be truncated seems easy to miss. One way around that would be having the header store the capture length of the packet as well, so that it knows how much data is valid. On the other hand, not sure that effort/memory is justified. Alternatively, I would be more comfortable if the copy operation were a method one has to call explicitly, rather a copy constructor that's easy to have run implicitly. What do you think?
Nit: You lost me on the swap() operation: why's the copy constructor doing a swap on the fields rather than just an assignment?
I was going for the "copy-and-swap" idiom (or I think also called "unified assignment" for C++11 since it takes the place of both copy and move ctor) –
Ah, thanks for the explanation. Expect more C++ old-timer questions in the future.
Changed to the explicit copy method; same branch.