Don't limit the on-the-wire length of packets to 64KB, there are larger packets

out there (especially over USB) and we should be able to load them as long as
they are snapped to a sane length.

Also validate that packets do not specify a snapshot length larger than the one
in the file header, though only make it a warning, as this is not necessarily a
fatally corrupt packet.

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808

svn path=/trunk/; revision=49999

wiretap/libpcap.c

@@ -765,21 +765,8 @@ static int libpcap_read_header(wtap *wth, FILE_T fh, int *err, gchar **err_info,
 		return -1;
 	}
 
-	if (hdr->hdr.orig_len > WTAP_MAX_PACKET_SIZE) {
-		/*
-		 * Probably a corrupt capture file; return an error,
-		 * so that our caller doesn't blow up trying to
-		 * cope with a huge "real" packet length, and so that
-		 * the code to try to guess what type of libpcap file
-		 * this is can tell when it's not the type we're guessing
-		 * it is.
-		 */
-		*err = WTAP_ERR_BAD_FILE;
-		if (err_info != NULL) {
-			*err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u",
-			    hdr->hdr.orig_len, WTAP_MAX_PACKET_SIZE);
-		}
-		return -1;
+	if (hdr->hdr.incl_len > wth->snapshot_length) {
+		g_warning("pcap: File has packet larger than file's snapshot length.");
 	}
 
 	return bytes_read;
@@ -929,7 +916,7 @@ static gboolean libpcap_dump(wtap_dumper *wdh,
 	rec_hdr.hdr.incl_len = phdr->caplen + phdrsize;
 	rec_hdr.hdr.orig_len = phdr->len + phdrsize;
 
-	if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE || rec_hdr.hdr.orig_len > WTAP_MAX_PACKET_SIZE) {
+	if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
 		*err = WTAP_ERR_BAD_FILE;
 		return FALSE;
 	}