2009-02-16 07:24:04 +00:00
|
|
|
/* packetlogger.c
|
|
|
|
* Routines for opening Apple's (Bluetooth) PacketLogger file format captures
|
2009-05-31 05:55:15 +00:00
|
|
|
* Copyright 2008-2009, Stephen Fisher (see AUTHORS file)
|
2009-02-16 07:24:04 +00:00
|
|
|
*
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* Based on commview.c, Linux's BlueZ-Gnome Analyzer program and hexdumps of
|
|
|
|
* the output files from Apple's PacketLogger tool.
|
|
|
|
*
|
2018-02-18 21:40:50 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
|
|
|
*/
|
2009-02-16 07:24:04 +00:00
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
#include "wtap-int.h"
|
|
|
|
#include "file_wrappers.h"
|
|
|
|
#include "packetlogger.h"
|
|
|
|
|
2015-01-17 02:59:12 +00:00
|
|
|
typedef struct {
|
2019-09-02 23:09:24 +00:00
|
|
|
gboolean byte_swapped;
|
2015-01-17 02:59:12 +00:00
|
|
|
} packetlogger_t;
|
|
|
|
|
2009-02-16 07:24:04 +00:00
|
|
|
typedef struct packetlogger_header {
|
|
|
|
guint32 len;
|
2015-01-17 02:59:12 +00:00
|
|
|
guint32 ts_secs;
|
|
|
|
guint32 ts_usecs;
|
2009-02-16 07:24:04 +00:00
|
|
|
} packetlogger_header_t;
|
|
|
|
|
2019-04-05 01:56:27 +00:00
|
|
|
static gboolean packetlogger_read(wtap *wth, wtap_rec *rec, Buffer *buf,
|
|
|
|
int *err, gchar **err_info,
|
2014-05-23 10:50:02 +00:00
|
|
|
gint64 *data_offset);
|
|
|
|
static gboolean packetlogger_seek_read(wtap *wth, gint64 seek_off,
|
2018-02-09 00:19:12 +00:00
|
|
|
wtap_rec *rec,
|
2014-05-23 10:50:02 +00:00
|
|
|
Buffer *buf, int *err, gchar **err_info);
|
2009-02-16 07:24:04 +00:00
|
|
|
static gboolean packetlogger_read_header(packetlogger_header_t *pl_hdr,
|
2019-09-02 23:09:24 +00:00
|
|
|
FILE_T fh, gboolean byte_swapped,
|
2015-01-17 02:59:12 +00:00
|
|
|
int *err, gchar **err_info);
|
2019-09-03 00:41:04 +00:00
|
|
|
static void packetlogger_byte_swap_header(packetlogger_header_t *pl_hdr);
|
|
|
|
static wtap_open_return_val packetlogger_check_record(wtap *wth,
|
|
|
|
packetlogger_header_t *pl_hdr,
|
|
|
|
int *err,
|
|
|
|
gchar **err_info);
|
2018-02-09 00:19:12 +00:00
|
|
|
static gboolean packetlogger_read_packet(wtap *wth, FILE_T fh, wtap_rec *rec,
|
2013-06-17 21:18:47 +00:00
|
|
|
Buffer *buf, int *err,
|
|
|
|
gchar **err_info);
|
2009-02-16 07:24:04 +00:00
|
|
|
|
2019-09-03 00:41:04 +00:00
|
|
|
/*
|
|
|
|
* Number of packets to try reading.
|
|
|
|
*/
|
|
|
|
#define PACKETS_TO_CHECK 5
|
|
|
|
|
2014-10-09 23:44:15 +00:00
|
|
|
wtap_open_return_val packetlogger_open(wtap *wth, int *err, gchar **err_info)
|
2009-02-16 07:24:04 +00:00
|
|
|
{
|
2019-09-02 23:09:24 +00:00
|
|
|
gboolean byte_swapped = FALSE;
|
2009-02-16 07:24:04 +00:00
|
|
|
packetlogger_header_t pl_hdr;
|
2019-09-03 00:41:04 +00:00
|
|
|
wtap_open_return_val ret;
|
2015-01-17 02:59:12 +00:00
|
|
|
packetlogger_t *packetlogger;
|
2009-02-16 07:24:04 +00:00
|
|
|
|
2019-09-03 00:41:04 +00:00
|
|
|
/*
|
|
|
|
* Try to read the first record.
|
|
|
|
*/
|
2019-09-02 23:09:24 +00:00
|
|
|
if(!packetlogger_read_header(&pl_hdr, wth->fh, byte_swapped,
|
2015-01-17 02:59:12 +00:00
|
|
|
err, err_info)) {
|
2019-09-03 00:41:04 +00:00
|
|
|
/*
|
|
|
|
* Either an immediate EOF or a short read indicates
|
|
|
|
* that the file is probably not a PacketLogger file.
|
|
|
|
*/
|
Do not call wtap_file_read_unknown_bytes() or
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
2012-12-27 12:19:25 +00:00
|
|
|
if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
Do not call wtap_file_read_unknown_bytes() or
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
2012-12-27 12:19:25 +00:00
|
|
|
}
|
2010-04-17 10:09:52 +00:00
|
|
|
|
2015-01-17 02:59:12 +00:00
|
|
|
/*
|
|
|
|
* If the upper 16 bits of the length are non-zero and the lower
|
2019-09-02 23:09:24 +00:00
|
|
|
* 16 bits are zero, assume the file is byte-swapped from our
|
|
|
|
* byte order.
|
2015-01-17 02:59:12 +00:00
|
|
|
*/
|
|
|
|
if ((pl_hdr.len & 0x0000FFFF) == 0 &&
|
|
|
|
(pl_hdr.len & 0xFFFF0000) != 0) {
|
|
|
|
/*
|
2019-09-03 00:41:04 +00:00
|
|
|
* Byte-swap the header.
|
2015-01-17 02:59:12 +00:00
|
|
|
*/
|
2019-09-03 00:41:04 +00:00
|
|
|
packetlogger_byte_swap_header(&pl_hdr);
|
2019-09-02 23:09:24 +00:00
|
|
|
byte_swapped = TRUE;
|
2015-01-17 02:59:12 +00:00
|
|
|
}
|
|
|
|
|
2019-09-03 00:41:04 +00:00
|
|
|
/*
|
|
|
|
* Check whether the first record looks like a PacketLogger
|
|
|
|
* record.
|
|
|
|
*/
|
|
|
|
ret = packetlogger_check_record(wth, &pl_hdr, err, err_info);
|
|
|
|
if (ret != WTAP_OPEN_MINE) {
|
|
|
|
/*
|
|
|
|
* Either we got an error or it's not valid.
|
|
|
|
*/
|
|
|
|
if (ret == WTAP_OPEN_NOT_MINE) {
|
|
|
|
/*
|
|
|
|
* Not valid, so not a PacketLogger file.
|
|
|
|
*/
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Error. If it failed with a short read, we don't fail,
|
|
|
|
* so we treat it as a valid file and can then report
|
|
|
|
* it as a truncated file.
|
|
|
|
*/
|
|
|
|
if (*err != WTAP_ERR_SHORT_READ)
|
|
|
|
return WTAP_OPEN_ERROR;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Now try reading a few more packets.
|
|
|
|
*/
|
|
|
|
for (int i = 1; i < PACKETS_TO_CHECK; i++) {
|
|
|
|
/*
|
|
|
|
* Read and check the file header; we've already
|
|
|
|
* decided whether this would be a byte-swapped file
|
|
|
|
* or not, so we swap iff we decided it was.
|
|
|
|
*/
|
|
|
|
if (!packetlogger_read_header(&pl_hdr, wth->fh,
|
|
|
|
byte_swapped, err, err_info)) {
|
|
|
|
if (*err == 0) {
|
|
|
|
/* EOF; no more packets to try. */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* A short read indicates that the file
|
|
|
|
* is probably not a PacketLogger file.
|
|
|
|
*/
|
|
|
|
if (*err != WTAP_ERR_SHORT_READ)
|
|
|
|
return WTAP_OPEN_ERROR;
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check whether this record looks like a PacketLogger
|
|
|
|
* record.
|
|
|
|
*/
|
|
|
|
ret = packetlogger_check_record(wth, &pl_hdr, err,
|
|
|
|
err_info);
|
|
|
|
if (ret != WTAP_OPEN_MINE) {
|
|
|
|
/*
|
|
|
|
* Either we got an error or it's not valid.
|
|
|
|
*/
|
|
|
|
if (ret == WTAP_OPEN_NOT_MINE) {
|
|
|
|
/*
|
|
|
|
* Not valid, so not a PacketLogger
|
|
|
|
* file.
|
|
|
|
*/
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Error. If it failed with a short read,
|
|
|
|
* we don't fail, we just stop checking
|
|
|
|
* records, so we treat it as a valid file
|
|
|
|
* and can then report it as a truncated file.
|
|
|
|
*/
|
|
|
|
if (*err != WTAP_ERR_SHORT_READ)
|
|
|
|
return WTAP_OPEN_ERROR;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2009-02-16 07:24:04 +00:00
|
|
|
|
|
|
|
/* No file header. Reset the fh to 0 so we can read the first packet */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_ERROR;
|
2009-02-16 07:24:04 +00:00
|
|
|
|
2015-01-17 02:59:12 +00:00
|
|
|
/* This is a PacketLogger file */
|
|
|
|
packetlogger = (packetlogger_t *)g_malloc(sizeof(packetlogger_t));
|
2019-09-02 23:09:24 +00:00
|
|
|
packetlogger->byte_swapped = byte_swapped;
|
2015-01-17 02:59:12 +00:00
|
|
|
wth->priv = (void *)packetlogger;
|
|
|
|
|
2009-02-16 07:24:04 +00:00
|
|
|
/* Set up the pointers to the handlers for this file type */
|
2014-05-09 05:18:49 +00:00
|
|
|
wth->subtype_read = packetlogger_read;
|
|
|
|
wth->subtype_seek_read = packetlogger_seek_read;
|
2009-02-16 07:24:04 +00:00
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PACKETLOGGER;
|
|
|
|
wth->file_encap = WTAP_ENCAP_PACKETLOGGER;
|
2014-09-28 18:37:06 +00:00
|
|
|
wth->file_tsprec = WTAP_TSPREC_USEC;
|
2009-02-16 07:24:04 +00:00
|
|
|
|
2014-10-09 23:44:15 +00:00
|
|
|
return WTAP_OPEN_MINE; /* Our kind of file */
|
2009-02-16 07:24:04 +00:00
|
|
|
}
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean
|
2019-04-05 01:56:27 +00:00
|
|
|
packetlogger_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err,
|
|
|
|
gchar **err_info, gint64 *data_offset)
|
2009-02-16 07:24:04 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
*data_offset = file_tell(wth->fh);
|
2009-02-16 07:24:04 +00:00
|
|
|
|
2019-04-05 01:56:27 +00:00
|
|
|
return packetlogger_read_packet(wth, wth->fh, rec, buf, err, err_info);
|
2009-02-16 07:24:04 +00:00
|
|
|
}
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
static gboolean
|
2018-02-09 00:19:12 +00:00
|
|
|
packetlogger_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec,
|
2014-01-02 20:47:21 +00:00
|
|
|
Buffer *buf, int *err, gchar **err_info)
|
2009-02-16 07:24:04 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
if(file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2009-02-16 07:24:04 +00:00
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
if(!packetlogger_read_packet(wth, wth->random_fh, rec, buf, err, err_info)) {
|
2009-02-16 07:24:04 +00:00
|
|
|
if(*err == 0)
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2009-02-16 07:24:04 +00:00
|
|
|
}
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
2009-02-16 07:24:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
2015-01-17 02:59:12 +00:00
|
|
|
packetlogger_read_header(packetlogger_header_t *pl_hdr, FILE_T fh,
|
2019-09-02 23:09:24 +00:00
|
|
|
gboolean byte_swapped, int *err, gchar **err_info)
|
2009-02-16 07:24:04 +00:00
|
|
|
{
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
if (!wtap_read_bytes_or_eof(fh, &pl_hdr->len, 4, err, err_info))
|
|
|
|
return FALSE;
|
2015-01-17 02:59:12 +00:00
|
|
|
if (!wtap_read_bytes(fh, &pl_hdr->ts_secs, 4, err, err_info))
|
|
|
|
return FALSE;
|
|
|
|
if (!wtap_read_bytes(fh, &pl_hdr->ts_usecs, 4, err, err_info))
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
return FALSE;
|
2009-02-16 07:24:04 +00:00
|
|
|
|
2015-01-17 02:59:12 +00:00
|
|
|
/* Convert multi-byte values to host endian */
|
2019-09-03 00:41:04 +00:00
|
|
|
if (byte_swapped)
|
|
|
|
packetlogger_byte_swap_header(pl_hdr);
|
2009-02-16 07:24:04 +00:00
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
2013-06-02 22:17:37 +00:00
|
|
|
|
2019-09-03 00:41:04 +00:00
|
|
|
static void
|
|
|
|
packetlogger_byte_swap_header(packetlogger_header_t *pl_hdr)
|
|
|
|
{
|
|
|
|
pl_hdr->len = GUINT32_SWAP_LE_BE(pl_hdr->len);
|
|
|
|
pl_hdr->ts_secs = GUINT32_SWAP_LE_BE(pl_hdr->ts_secs);
|
|
|
|
pl_hdr->ts_usecs = GUINT32_SWAP_LE_BE(pl_hdr->ts_usecs);
|
|
|
|
}
|
|
|
|
|
|
|
|
static wtap_open_return_val
|
|
|
|
packetlogger_check_record(wtap *wth, packetlogger_header_t *pl_hdr, int *err,
|
|
|
|
gchar **err_info)
|
|
|
|
{
|
|
|
|
guint32 length;
|
|
|
|
guint8 type;
|
|
|
|
|
|
|
|
/* Is the header length valid? If not, assume it's not ours. */
|
|
|
|
if (pl_hdr->len < 8 || pl_hdr->len >= 65536)
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
|
|
|
|
|
|
|
/* Is the microseconds field of the time stap out of range? */
|
|
|
|
if (pl_hdr->ts_usecs >= 1000000)
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we have any payload, it's a type field; read and check it.
|
|
|
|
*/
|
|
|
|
length = pl_hdr->len - 8;
|
|
|
|
if (length != 0) {
|
|
|
|
/*
|
|
|
|
* Check the type field.
|
|
|
|
*/
|
|
|
|
if (!wtap_read_bytes(wth->fh, &type, 1, err, err_info)) {
|
|
|
|
if (*err != WTAP_ERR_SHORT_READ)
|
|
|
|
return WTAP_OPEN_ERROR;
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Verify this file belongs to us */
|
|
|
|
if (!(type < 0x04 || type == 0xFB || type == 0xFC || type == 0xFE || type == 0xFF))
|
|
|
|
return WTAP_OPEN_NOT_MINE;
|
|
|
|
|
|
|
|
length--;
|
|
|
|
|
|
|
|
if (length != 0) {
|
|
|
|
/*
|
|
|
|
* Now try to read past the rest of the packet bytes;
|
|
|
|
* if that fails with a short read, we don't fail,
|
|
|
|
* so that we can report the file as a truncated
|
|
|
|
* PacketLogger file.
|
|
|
|
*/
|
|
|
|
if (!wtap_read_bytes(wth->fh, NULL, length,
|
|
|
|
err, err_info))
|
|
|
|
return WTAP_OPEN_ERROR;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return WTAP_OPEN_MINE;
|
|
|
|
}
|
|
|
|
|
2013-06-02 22:17:37 +00:00
|
|
|
static gboolean
|
2018-02-09 00:19:12 +00:00
|
|
|
packetlogger_read_packet(wtap *wth, FILE_T fh, wtap_rec *rec, Buffer *buf,
|
2013-06-17 21:18:47 +00:00
|
|
|
int *err, gchar **err_info)
|
2013-06-02 22:17:37 +00:00
|
|
|
{
|
2015-01-17 02:59:12 +00:00
|
|
|
packetlogger_t *packetlogger = (packetlogger_t *)wth->priv;
|
2013-06-02 22:17:37 +00:00
|
|
|
packetlogger_header_t pl_hdr;
|
|
|
|
|
2019-09-02 23:09:24 +00:00
|
|
|
if(!packetlogger_read_header(&pl_hdr, fh, packetlogger->byte_swapped,
|
2015-01-17 02:59:12 +00:00
|
|
|
err, err_info))
|
2013-06-02 22:17:37 +00:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
if (pl_hdr.len < 8) {
|
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
|
|
|
*err_info = g_strdup_printf("packetlogger: record length %u is too small", pl_hdr.len);
|
|
|
|
return FALSE;
|
|
|
|
}
|
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-05 01:58:40 +00:00
|
|
|
if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE_STANDARD) {
|
2013-06-02 22:17:37 +00:00
|
|
|
/*
|
|
|
|
* Probably a corrupt capture file; don't blow up trying
|
|
|
|
* to allocate space for an immensely-large packet.
|
|
|
|
*/
|
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
|
|
|
*err_info = g_strdup_printf("packetlogger: File has %u-byte packet, bigger than maximum of %u",
|
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-05 01:58:40 +00:00
|
|
|
pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE_STANDARD);
|
2013-06-02 22:17:37 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
rec->rec_type = REC_TYPE_PACKET;
|
|
|
|
rec->presence_flags = WTAP_HAS_TS;
|
2013-06-02 22:17:37 +00:00
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
rec->rec_header.packet_header.len = pl_hdr.len - 8;
|
|
|
|
rec->rec_header.packet_header.caplen = pl_hdr.len - 8;
|
2013-06-02 22:17:37 +00:00
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
rec->ts.secs = (time_t)pl_hdr.ts_secs;
|
|
|
|
rec->ts.nsecs = (int)(pl_hdr.ts_usecs * 1000);
|
2013-06-02 22:17:37 +00:00
|
|
|
|
2018-02-09 00:19:12 +00:00
|
|
|
return wtap_read_packet_bytes(fh, buf, rec->rec_header.packet_header.caplen, err, err_info);
|
2013-06-02 22:17:37 +00:00
|
|
|
}
|
2015-01-02 00:45:22 +00:00
|
|
|
|
|
|
|
/*
|
2019-07-26 18:43:17 +00:00
|
|
|
* Editor modelines - https://www.wireshark.org/tools/modelines.html
|
2015-01-02 00:45:22 +00:00
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
*/
|