I wrote a small program to modify the first packet’s timestamp in pcap file for test purpose; the code is simple and can be extended for changing other packets’ timestamps.
Category: Technology
The gotcha of logging gdb output
By default, gdb‘s output file is appended, not overwrote. E.g: debug the same program for 2 times:
$ gdb foo
......
(gdb) set logging on
Copying output to gdb.txt.
Copying debug output to gdb.txt.
(gdb) r
......
$ ll gdb.txt
-rw-rw-r-- 1 nanxiao nanxiao 1067 Jul 9 18:06 gdb.txt
$ gdb foo
......
(gdb) set logging on
Copying output to gdb.txt.
Copying debug output to gdb.txt.
(gdb) r
......
$ ll gdb.txt
-rw-rw-r-- 1 nanxiao nanxiao 2134 Jul 9 18:08 gdb.txt
After second debug, the gdb.txt‘s size is doubled. To overwrite the output file, execute set logging overwrite on before set logging on:
$ gdb foo
......
(gdb) set logging overwrite on
(gdb) set logging on
Copying output to gdb.txt.
Copying debug output to gdb.txt.
(gdb) r
......
$ ll gdb.txt
-rw-rw-r-- 1 nanxiao nanxiao 1067 Jul 9 18:10 gdb.txtA trick of setting breakpoint in pdb
When using pdb to debug a python program:
python -m pdb foo.py
I want to set a breakpoint, but meet following error:
(Pdb) b bar.py:46
*** 'bar.py' not found from sys.path
A small trick is setting breakpoint in main first and run the program:
(Pdb) b main
Breakpoint 1 at ......
(Pdb) r
......
After breakpoint set for main is hit, set breakpoint again at bar.py:46. This time it should work:
(Pdb) b bar.py:46
Breakpoint 2 at ......Fix “Invalid byte sequence in conversion input” error in using Meld program
I use Meld as code diff and merge tool, but recently I always meet “Invalid byte sequence in conversion input” error in comparing C source code files:
The solution is simple: select “Unicode (UTF-8)” coding:
The pitfall of using tshark to analyse QUIC protocol
Check the wireshark’s QUIC related code, we will find it heavily depends on 2 macros:
#ifdef HAVE_LIBGCRYPT_AEAD
......
#endif
#ifdef HAVE_LIBGCRYPT_CHACHA20
......
#endif
And these 2 macros rely on the version of libgcrypt (refer here):
/*
* Define HAVE_LIBGCRYPT_AEAD here, because it's used in several source
* files.
*/
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
/* Whether to provide support for authentication in addition to decryption. */
#define HAVE_LIBGCRYPT_AEAD
#endif
/*
* Define some other "do we have?" items as well.
*/
#if GCRYPT_VERSION_NUMBER >= 0x010700 /* 1.7.0 */
/* Whether ChaCh20 PNE can be supported. */
#define HAVE_LIBGCRYPT_CHACHA20
/* Whether AEAD_CHACHA20_POLY1305 can be supported. */
#define HAVE_LIBGCRYPT_CHACHA20_POLY1305
#endif
On CentOS 7, the libgcrypt version is 1.5.3, so the above 2 macros will not be defined, and some functions are not available. While on CentOS 8, the libgcrypt version is 1.8.5, so the functions are fully supported. I met an issue, i.e., for the same pcap file, tshark (I built myself) on CentOS 7 assumes there is an error in decrypting QUIC flow:
$ /home/nanxiao/wireshark/build/run/tshark -nr 435.pcap -Y '(quic.decryption_failed)'
1 0.000000 172.27.232.168 → 216.183.220.159 GTP <QUIC> 1310 Initial, DCID=68a3ee8706f87817
while tshark on CentOS 8 works OK:
$ /home/nanxiao/wireshark/build/run/tshark -nr 435.pcap -Y '(quic.decryption_failed)'
$