[Bug] tcprewrite --fixlen not working

[aurimasplu]

Describe the bug
I have packet truncated packet capture file and Wireshark is not interpreting packets correctly. So I am trying tcprewrite --fixlen=pad or trunk to fix capture file, but it just goes through file and does not do anything.
Packet example:

When I do verbose I see this meassage:
11:00:56.1590051656 IP truncated-ip - 565 bytes missing! x.x.x.x.59038 > d.d.d.d.443: Flags [P.], seq 462872182:462873003, ack 2319763168, win 2048, length 821

To Reproduce
Steps to reproduce the behavior:

1. tcprewrite --fixlen=pad -i input.pcap -o output.pcap -v

Expected behavior
Pading added or IP length rewriten

System (please complete the following information):

• OS: RHEL
• OS version 7.6
• Tcpreplay Version 4.3.2-1.el7

[fklassen]

Unable to recreate with version 4.3.3-beta1. May need to get your PCAP file to reproduce this issue.

Here is what I did with the attached pcap file which was captured with a 256 byte snaplen:

tcprewrite --fixlen=pad -i test-truncated-packet.pcap -o test-fixed-packet.pcap -v 
reading from file -, link-type EN10MB (Ethernet)
11:52:50.1591210370 IP 216.58.217.36.443 > 192.168.189.247.47128: Flags [P.], seq 4081210986:4081212234, ack 4052912492, win 64240, length 1248

Possibilities:

1. already fixed in 4.3.3
2. corruption in your pcap file
3. the snaplen in your file is so small that some of the TCP header is corrupted
4. ???

test-truncated-packet.pcap.zip

[RaymondHuang210129]

I have also met the similar bug. After truncating the packets, the total length in the ipv4 header exceeds the actual length by 14 bytes. The problem can be reproduced by prompting:
tcprewrite --infile=10packets.pcap --outfile=10packets_trunc.pcap --dlt=enet --enet-dmac=11:22:33:44:55:66 --enet-smac=00:11:22:33:44:55 --fixlen=trunc
On the other hand, when I prompt "--fixlen=pad", the length shows in Wireshark is correct.
the packets the first 10 packets in the CAIDA passive dataset.
10packets.zip

verison: 4.3.3
system: Bash on windows 4.4.0-19041-Microsoft

[fklassen]

I have also met the similar bug. After truncating the packets, the total length in the ipv4 header exceeds the actual length by 14 bytes. The problem can be reproduced by prompting:
tcprewrite --infile=10packets.pcap --outfile=10packets_trunc.pcap --dlt=enet --enet-dmac=11:22:33:44:55:66 --enet-smac=00:11:22:33:44:55 --fixlen=trunc
On the other hand, when I prompt "--fixlen=pad", the length shows in Wireshark is correct.
the packets the first 10 packets in the CAIDA passive dataset.
10packets.zip

verison: 4.3.3
system: Bash on windows 4.4.0-19041-Microsoft

Thanks for the sample PCAP and exact instructions. I have recreated the bug.

[fklassen]

Fixed in PR #664