androiddump: Fix tcpdump encap type signed/unsigned conversion error

androiddump determines encap type by reading the data link type
value from pcap content generated by tcpdump running on the device.
The data link type is converted from an uint type to an int type
because int is what the pcap/wtap API expects. However the signed
to unsigned conversion is performed on an 8-bit data value rather
than the full 32-bit value making DLT values larger than 127 fail.

Fix the unsigned to signed conversion by determining DLT from the
full 32-bit "network" field from pcap global header instead of
the 8-bit data char array. While at it also take caore of device
to host endianness conversion.

Fixes: v2.5.1rc0-65-gbfef57ebb7 ("androiddump: Fix and simplify tcpdump capture")
Fixes: v2.9.0rc0-694-gafd0eef4f6 ("androiddump: Fix tcpdump encap type when libwiretap is used")

Change-Id: I71629b166a6893763b16e9df33408fee8c99cbd2
Reviewed-on: https://code.wireshark.org/review/34788
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

extcap/androiddump.c

@@ -2410,7 +2410,7 @@ static int capture_android_tcpdump(char *interface, char *fifo,
         closesocket(sock);
         return EXIT_CODE_GENERIC;
     }
-    int encap = (int)data[20];
+    int encap = (int)(swap_byte_order ? GUINT32_SWAP_LE_BE(global_header->network) : global_header->network);
 #ifndef ANDROIDDUMP_USE_LIBPCAP
     encap = wtap_pcap_encap_to_wtap_encap(encap);
 #endif