osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Sigh. Tcpdump cannot handle capture files with a snapshot length of 0, 

as BPF filters return either 0 if they fail or the snapshot length if
they succeed, and a snapshot length of 0 means success is
indistinguishable from failure and the filter expression would reject
all packets.

Now that a snapshot length of 0, inside Ethereal, means "snapshot length
unknown", we have to, when opening a libpcap file for output, make the
snapshot length some non-zero value.  We make it WTAP_MAX_PACKET_SIZE,
in case some program uses the snapshot length as a buffer size.  (That
doesn't help if there are packets with more than 65535 bytes of data; if
there are, we'd need to raise WTAP_MAX_PACKET_SIZE just to make those
files readable in Ethereal in any case.)

svn path=/trunk/; revision=4905
This commit is contained in:
Guy Harris 2002-03-09 23:07:26 +00:00
parent 5690265087
commit 7d77975a14
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
wiretap/libpcap.c
View File

@ -1,6 +1,6 @@
/* libpcap.c
*
* $Id: libpcap.c,v 1.70 2002/03/07 21:46:06 guy Exp $
* $Id: libpcap.c,v 1.71 2002/03/09 23:07:26 guy Exp $
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@ -1072,7 +1072,19 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
file_hdr.version_minor = 4;
file_hdr.thiszone = 0; /* XXX - current offset? */
file_hdr.sigfigs = 0; /* unknown, but also apparently unused */
file_hdr.snaplen = wdh->snaplen;
/*
* Tcpdump cannot handle capture files with a snapshot length of 0,
* as BPF filters return either 0 if they fail or the snapshot length
* if they succeed, and a snapshot length of 0 means success is
* indistinguishable from failure and the filter expression would
* reject all packets.
*
* A snapshot length of 0, inside Wiretap, means "snapshot length
* unknown"; if the snapshot length supplied to us is 0, we make
* the snapshot length in the header file WTAP_MAX_PACKET_SIZE.
*/
file_hdr.snaplen = (wdh->snaplen != 0) ? wdh->snaplen :
WTAP_MAX_PACKET_SIZE;
file_hdr.network = wtap_wtap_encap_to_pcap_encap(wdh->encap);
nwritten = fwrite(&file_hdr, 1, sizeof file_hdr, wdh->fh);
if (nwritten != sizeof file_hdr) {