Frame 1 too long (-16711680 bytes) error in Wireshark

Question

I have been using Cooja in Instant Contiki v2.7. I have added the global and pcap header in the write_to_serial() function in tunslip6.c . Later these packets are sent to the named pipe /tmp/myfifo (which will be the interface for wireshark). And then to display it in wireshark. But when the wireshark is opened (wireshark -k -i /tmp/myfifo), it gives the prompt
" Frame 1 too long (-16711680 bytes) "

Below is the code snippet of write_to_serial().

  if(verbose>2) {
    if (timestamp) stamptime();
    printf("Packet from TUN of length %d - write SLIP\n", len);
    if (verbose>4) {
    #if WIRESHARK_IMPORT_FORMAT
      printf("0000");
          for(i = 0; i < len; i++) {
            printf(" %02x",p[i]);
                }
        mkfifo(myfifo,0777);
        fd=open(myfifo,O_WRONLY);

    //add global header only once and packet header

    if(gb==0) //gb globally declared ; int gb=0
{
    header.magic = 0xa1b2c3d4;
header.version_major = 2;
header.version_minor = 4;
header.thiszone =0;
header.sigfigs = 0;
header.snaplen = 65535;
header.linktype = 113;

bufg[0]=header.magic ;
bufg[1]=header.version_major ;
bufg[2]=header.version_minor ;
bufg[3]=header.thiszone ;
bufg[4]=header.sigfigs ;
bufg[5]=header.snaplen ;
bufg[6]=header.linktype;

// pcap packet header 
gettimeofday(&time,0);
pcap_header.ts.tv_sec = time.tv_sec;
pcap_header.ts.tv_usec = time.tv_usec;
pcap_header.caplen = len;
pcap_header.len = len;
bufp[0]=pcap_header.ts.tv_sec ;
bufp[1]=pcap_header.ts.tv_usec ;
bufp[2]=pcap_header.caplen ;
bufp[3]=pcap_header.len ;

    if (((write(fd,bufg,7))&&(write(fd,bufp,4))&&(write(fd,p,len)))< 0)
      fputs("write() of bytes failed!\n", stderr);
    else
        printf("\nSuccessfully wrote bytes  ");
gb++;

}

else if(gb>0)
{

gettimeofday(&time,0);
pcap_header.ts.tv_sec = time.tv_sec;
pcap_header.ts.tv_usec = time.tv_usec;
pcap_header.caplen = len;
pcap_header.len = len;

bufp[0]=pcap_header.ts.tv_sec ;
bufp[1]=pcap_header.ts.tv_usec ;
bufp[2]=pcap_header.caplen ;
bufp[3]=pcap_header.len ;

 if (((write(fd,bufp,4))&&(write(fd,p,len)))< 0)
      fputs("write() of bytes failed!\n", stderr);
    else
        printf("Successfully wrote bytes\n");

}
  #endif

The value printed by the pointer p is

    Packet from TUN of length 48 - write SLIP
0000 60 00 00 00 00 08 3a ff fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ff 02 00 00 00 00 00 00 00 00 00 00 00 00 00 02 85 00 7d 36 00 00 00 00

And the fifo is dumped with the values:

0000000 a1b2c3d4 92000002 60567aeb 00000000
0000020 feff3a08 00000080 00000000 00000000
0000040 ff010000 00000002 00000000 00000000
0000060 85020000 00367d00 93000000 60567aeb
0000100 00000000 feff3a08 00000080 00000000
0000120 00000000 ff010000 00000002 00000000
0000140 00000000 85020000 00367d00 97000000
0000160 60567aeb 00000000 feff3a08 00000080
0000200 00000000 00000000 ff010000 00000002
0000220 00000000 00000000 85020000 00367d00

What should be done inorder to rectify this error?

Answer 1

It is because the values assigned are in the array which was previously declared as unsigned long. The exact values got changed when this was done. Instead, I wrote the values directly from the structure to the pipe and also added the ethernet header between the pcap header and the ip header. This is how it looks after editing the code

        fd=open(myfifo,O_WRONLY);
if (fd == -1)
{
 // Could not open the port.
 perror(" Unable to open named pipe");
}
else 
    printf("\nPipe open : Successsful\n");

eth.h_dest[ETH_ALEN]=(unsigned char){0x00 ,0x00 ,0x00 ,0x00,0x00 ,0x00};
eth.h_source[ETH_ALEN]=(unsigned char){0x00 ,0x00 ,0x00 ,0x00,0x00 ,0x00};
eth.h_proto=0xDD86;
   //add global header only once and packet header

if(gb==0)
{
    header.magic = 0xa1b2c3d4;
header.version_major = 2;
header.version_minor = 4;
header.thiszone =0;
header.sigfigs = 0;
header.snaplen = 65535;
header.linktype = 1;


// pcap packet header 
gettimeofday(&time,0);
pcap_header.ts.tv_sec = time.tv_sec;
pcap_header.ts.tv_usec = time.tv_usec;
pcap_header.caplen = len;
pcap_header.len = len;
if (write(fd,&header,sizeof(header))< 0)
      fputs("write() of bytes failed!\n", stderr);
    else
        printf("\nSuccessfully wrote global_header  ");
 if (write(fd,&pcap_header,sizeof(pcap_header))< 0)
       fputs("write() of bytes failed!\n", stderr);
     else
        printf("\nSuccessfully wrote pcap header");      

if (write(fd,&eth,14)< 0)
       fputs("write() of eth bytes failed!\n", stderr);
     else
        printf("\nSuccessfully wrote ethernet header ");      


if (write(fd,p,len)< 0)
       fputs("write() of ip bytes failed!\n", stderr);
     else
        printf("\nSuccessfully wrote ipheader\n "); 
gb++;
}

else if(gb>0)
{

gettimeofday(&time,0);
pcap_header.ts.tv_sec = time.tv_sec;
pcap_header.ts.tv_usec = time.tv_usec;
pcap_header.caplen = len;
pcap_header.len = len;

 if (write(fd,&pcap_header,sizeof(pcap_header))< 0)
       fputs("write() of bytes failed!\n", stderr);
     else
        printf("\nSuccessfully wrote pcap header");      

if (write(fd,&eth,14)< 0)
       fputs("write() of eth bytes failed!\n", stderr);
     else
        printf("\nSuccessfully wrote ethernet header ");      

if (write(fd,p,len)< 0)
       fputs("write() of ip bytes failed!\n", stderr);
     else
        printf("\nSuccessfully wrote ipheader\n ");}      

And later the packets sent to the pipe is:

0000000 a1b2c3d4 00040002 00000000 00000000
0000020 0000ffff 00000001 56808fb9 000ed0b2
0000040 00000030 00000030 41880000 3600bf8e
0000060 4188b77c 0060dd86 08000000 80feff3a
0000100 00000000 00000000 00000000 02ff0100
0000120 00000000 00000000 00000000 00850200
0000140 0000367d 8fbd0000 ad725680 0030000e
0000160 00300000 00000000 bf8e4188 b77c3600
0000200 dd864188 00000060 ff3a0800 000080fe
0000220 00000000 00000000 01000000 000002ff
0000240 00000000 00000000 02000000 367d0085
0000260 00000000 56808fc1 000eccfe 00000030
0000300 00000030 41880000 3600bf8e 4188b77c
0000320 0060dd86 08000000 80feff3a 00000000
0000340 00000000 00000000 02ff0100 00000000
0000360 00000000 00000000 00850200 0000367d

Answer 2

Based on the binary dump, "a1b2c3d4" means that it's big endianness. But the frame length of ff010000 doesn't make sense. I guess you meant to use little endianess, which starts with "d4c3b2a1". Good luck.