forked from osmocom/wireshark
tshark: improve robustness for PCAPNGs not starting with IDBs
The PCAPNG code assumes that PCAPNGs start with IDBs, which might not be true. This patch adds a workaround for Tshark to process such files.
This commit is contained in:
parent
800524131f
commit
ef43fd48b4
18
tshark.c
18
tshark.c
|
@ -3625,11 +3625,24 @@ process_cap_file(capture_file *cf, char *save_file, int out_file_type,
|
||||||
wtap_dump_params params = WTAP_DUMP_PARAMS_INIT;
|
wtap_dump_params params = WTAP_DUMP_PARAMS_INIT;
|
||||||
char *shb_user_appl;
|
char *shb_user_appl;
|
||||||
pass_status_t first_pass_status, second_pass_status;
|
pass_status_t first_pass_status, second_pass_status;
|
||||||
|
gboolean pcapng_pcapng_workaround = false;
|
||||||
|
wtapng_iface_descriptions_t if_tmp;
|
||||||
|
|
||||||
if (save_file != NULL) {
|
if (save_file != NULL) {
|
||||||
/* Set up to write to the capture file. */
|
/* Set up to write to the capture file. */
|
||||||
wtap_dump_params_init_no_idbs(¶ms, cf->provider.wth);
|
wtap_dump_params_init_no_idbs(¶ms, cf->provider.wth);
|
||||||
|
|
||||||
|
/* workaround for pcapng -> pcapng (e.g., when pcapng starts with a custom block) */
|
||||||
|
if (out_file_type == wtap_pcapng_file_type_subtype() && params.encap == WTAP_ENCAP_UNKNOWN) {
|
||||||
|
pcapng_pcapng_workaround = true;
|
||||||
|
params.encap = WTAP_ENCAP_PER_PACKET;
|
||||||
|
params.dont_copy_idbs = true; /* make sure this stay true */
|
||||||
|
if (params.idb_inf->interface_data != NULL) {
|
||||||
|
/* lets fake an interface, which is not copied anyway */
|
||||||
|
g_array_insert_val(params.idb_inf->interface_data, 0, if_tmp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* If we don't have an application name add TShark */
|
/* If we don't have an application name add TShark */
|
||||||
if (wtap_block_get_string_option_value(g_array_index(params.shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, &shb_user_appl) != WTAP_OPTTYPE_SUCCESS) {
|
if (wtap_block_get_string_option_value(g_array_index(params.shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, &shb_user_appl) != WTAP_OPTTYPE_SUCCESS) {
|
||||||
/* this is free'd by wtap_block_unref() later */
|
/* this is free'd by wtap_block_unref() later */
|
||||||
|
@ -3653,6 +3666,11 @@ process_cap_file(capture_file *cf, char *save_file, int out_file_type,
|
||||||
&err, &err_info);
|
&err, &err_info);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (pcapng_pcapng_workaround) {
|
||||||
|
/* remove the fake interface before it will be used */
|
||||||
|
g_array_remove_index((params.idb_inf->interface_data), 0);
|
||||||
|
}
|
||||||
|
|
||||||
g_free(params.idb_inf);
|
g_free(params.idb_inf);
|
||||||
params.idb_inf = NULL;
|
params.idb_inf = NULL;
|
||||||
|
|
||||||
|
|
|
@ -3530,6 +3530,7 @@ pcapng_open(wtap *wth, int *err, gchar **err_info)
|
||||||
ws_debug("Check for more IDBs, block_type 0x%08x",
|
ws_debug("Check for more IDBs, block_type 0x%08x",
|
||||||
bh.block_type);
|
bh.block_type);
|
||||||
|
|
||||||
|
/* XXX - This code expects that the PCAPNG Sections start with IDBs but the PCAPNG RFC does not say that!? */
|
||||||
if (bh.block_type != BLOCK_TYPE_IDB) {
|
if (bh.block_type != BLOCK_TYPE_IDB) {
|
||||||
break; /* No more IDBs */
|
break; /* No more IDBs */
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue