From ea60a57826624bcdf8f955af85af7130c8864018 Mon Sep 17 00:00:00 2001 From: John Thacker Date: Fri, 12 Mar 2021 22:12:40 -0500 Subject: [PATCH] tshark, export_pdu: Allow tshark to export PDUs to other file types The export PDU API now allows writing to a different file type. tshark already has a -F flag for the output file type. If that option is given, respect it for export PDU. Also, rec.rec_header.packet_header.pkt_encap expects WTAP encapsulation types, not PCAP encapsulation types, so don't call wtap_wtap_encap_to_pcap_encap(), or else it won't actually write to pcap files, only pcapng (using the wrong sort of encap numbers eventually leads to WTAP_ENCAP_PER_PACKET, which we don't write to non-pcapng.) --- tshark.c | 10 ++++------ ui/tap_export_pdu.c | 6 +++--- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/tshark.c b/tshark.c index da261ab4e2..6b9ac73382 100644 --- a/tshark.c +++ b/tshark.c @@ -759,7 +759,6 @@ main(int argc, char *argv[]) gchar *output_only = NULL; gchar *volatile pdu_export_arg = NULL; char *volatile exp_pdu_filename = NULL; - int exp_pdu_file_type_subtype; exp_pdu_t exp_pdu_tap_data; const gchar* elastic_mapping_filter = NULL; @@ -2066,18 +2065,17 @@ main(int argc, char *argv[]) } /* Activate the export PDU tap */ - /* Write a pcapng file... */ - exp_pdu_file_type_subtype = wtap_pcapng_file_type_subtype(); - /* ...with this comment */ + /* Write to our output file with this comment (if the type supports it, + * otherwise exp_pdu_open() will ignore the comment) */ comment = g_strdup_printf("Dump of PDUs from %s", cf_name); exp_pdu_status = exp_pdu_open(&exp_pdu_tap_data, - exp_pdu_file_type_subtype, exp_fd, comment, + out_file_type, exp_fd, comment, &err, &err_info); g_free(comment); if (!exp_pdu_status) { cfile_dump_open_failure_message("TShark", exp_pdu_filename, err, err_info, - exp_pdu_file_type_subtype); + out_file_type); exit_status = INVALID_EXPORT; goto clean_exit; } diff --git a/ui/tap_export_pdu.c b/ui/tap_export_pdu.c index ce65d72869..a71e9db1c3 100644 --- a/ui/tap_export_pdu.c +++ b/ui/tap_export_pdu.c @@ -148,7 +148,7 @@ exp_pdu_open(exp_pdu_t *exp_pdu_tap_data, int file_type_subtype, int fd, /* create the fake interface data */ int_data = wtap_block_create(WTAP_BLOCK_IF_ID_AND_INFO); int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data); - int_data_mand->wtap_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU; + int_data_mand->wtap_encap = exp_pdu_tap_data->pkt_encap; int_data_mand->time_units_per_second = 1000000000; /* default nanosecond resolution */ int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD; @@ -161,7 +161,7 @@ exp_pdu_open(exp_pdu_t *exp_pdu_tap_data, int file_type_subtype, int fd, } const wtap_dump_params params = { - .encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU, + .encap = exp_pdu_tap_data->pkt_encap, .snaplen = WTAP_MAX_PACKET_SIZE_STANDARD, .shb_hdrs = exp_pdu_tap_data->shb_hdrs, .idb_inf = exp_pdu_tap_data->idb_inf, @@ -200,7 +200,7 @@ exp_pdu_pre_open(const char *tap_name, const char *filter, exp_pdu_t *exp_pdu_ta GString *error_string; /* XXX: can we always assume WTAP_ENCAP_WIRESHARK_UPPER_PDU? */ - exp_pdu_tap_data->pkt_encap = wtap_wtap_encap_to_pcap_encap(WTAP_ENCAP_WIRESHARK_UPPER_PDU); + exp_pdu_tap_data->pkt_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU; /* Register this tap listener now */ error_string = register_tap_listener(tap_name, /* The name of the tap we want to listen to */