Catch attempts to write multiple encapsulation types if unsupported.
If, in the process of opening the input file, we determine that it has packets of more than one link-layer type, we can catch attempts to write that file to a file of a format that doesn't support more than one link-layer type at the time we try to open the output file. If, however, we don't discover that the file has more than one link-layer type until we've already created the output file - for example, if we have a pcapng file with a new IDB, with a different link-layer type from previous IDBs, after packet blocks for the earlier interfces - we can't catch that until we try to write the packet. Currently, that causes the packet's data to be written out as is, so the output file claims it's of the file's link-layer type, causing programs reading the file to misdissect the packet. Report WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on the write attempt instead, and have a nicer error message for WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on a write. Change-Id: Ic41f2e4367cfe5667eb30c88cc6d3bfe422462f6 Reviewed-on: https://code.wireshark.org/review/30617 Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
parent
25bbbd7c5c
commit
3aec5e1a28
|
@ -350,6 +350,17 @@ cfile_write_failure_alert_box(const char *in_filename, const char *out_filename,
|
|||
wtap_file_type_subtype_string(file_type_subtype));
|
||||
break;
|
||||
|
||||
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
|
||||
/*
|
||||
* This is a problem with the particular frame we're writing and
|
||||
* the file type and subtype we're writing; note that, and report
|
||||
* the frame number and file type/subtype.
|
||||
*/
|
||||
simple_error_message_box(
|
||||
"Frame %u%s has a network type that differs from the network type of earlier packets, which isn't supported in a \"%s\" file.",
|
||||
framenum, in_file_string,
|
||||
wtap_file_type_subtype_string(file_type_subtype));
|
||||
|
||||
case WTAP_ERR_PACKET_TOO_LARGE:
|
||||
/*
|
||||
* This is a problem with the particular frame we're writing and
|
||||
|
|
|
@ -325,6 +325,17 @@ cfile_write_failure_message(const char *progname, const char *in_filename,
|
|||
wtap_file_type_subtype_short_string(file_type_subtype));
|
||||
break;
|
||||
|
||||
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
|
||||
/*
|
||||
* This is a problem with the particular frame we're writing and
|
||||
* the file type and subtype we're writing; note that, and report
|
||||
* the frame number and file type/subtype.
|
||||
*/
|
||||
cmdarg_err("Frame%s has a network type that differs from the network type of earlier packets, which isn't supported in a \"%s\" file.",
|
||||
in_frame_string,
|
||||
wtap_file_type_subtype_string(file_type_subtype));
|
||||
break;
|
||||
|
||||
case WTAP_ERR_PACKET_TOO_LARGE:
|
||||
/*
|
||||
* This is a problem with the particular frame we're writing
|
||||
|
|
|
@ -348,6 +348,15 @@ static gboolean _5views_dump(wtap_dumper *wdh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* Don't write out something bigger than we can read. */
|
||||
if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
|
||||
*err = WTAP_ERR_PACKET_TOO_LARGE;
|
||||
|
|
|
@ -310,6 +310,15 @@ static gboolean btsnoop_dump_h1(wtap_dumper *wdh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Don't write out anything bigger than we can read.
|
||||
* (This will also fail on a caplen of 0, as it should.)
|
||||
|
@ -355,6 +364,16 @@ static gboolean btsnoop_dump_h4(wtap_dumper *wdh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* Don't write out anything bigger than we can read. */
|
||||
if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
|
||||
*err = WTAP_ERR_PACKET_TOO_LARGE;
|
||||
|
|
|
@ -1274,6 +1274,15 @@ static gboolean k12_dump(wtap_dumper *wdh, const wtap_rec *rec,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (k12->num_of_records == 0) {
|
||||
k12_t* file_data = (k12_t*)pseudo_header->k12.stuff;
|
||||
/* XXX: We'll assume that any fwrite errors in k12_dump_src_setting will */
|
||||
|
|
|
@ -638,6 +638,15 @@ static gboolean lanalyzer_dump(wtap_dumper *wdh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (wdh->bytes_dumped + thisSize > LA_ProFileLimit) {
|
||||
/* printf(" LA_ProFileLimit reached\n"); */
|
||||
*err = EFBIG;
|
||||
|
|
|
@ -966,6 +966,15 @@ static gboolean libpcap_dump(wtap_dumper *wdh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Don't write anything we're not willing to read.
|
||||
* (The cast is to prevent an overflow.)
|
||||
|
|
|
@ -316,6 +316,15 @@ static gboolean logcat_binary_dump(wtap_dumper *wdh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
caplen = rec->rec_header.packet_header.caplen;
|
||||
|
||||
/* Skip EXPORTED_PDU*/
|
||||
|
|
|
@ -449,6 +449,15 @@ static gboolean logcat_text_dump_text(wtap_dumper *wdh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
switch (wdh->encap) {
|
||||
case WTAP_ENCAP_WIRESHARK_UPPER_PDU:
|
||||
{
|
||||
|
|
|
@ -708,6 +708,15 @@ static gboolean observer_dump(wtap_dumper *wdh, const wtap_rec *rec,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* The captured size field is 16 bits, so there's a hard limit of
|
||||
65535. */
|
||||
if (rec->rec_header.packet_header.caplen > 65535) {
|
||||
|
|
|
@ -1733,6 +1733,15 @@ netxray_dump_1_1(wtap_dumper *wdh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* The captured length field is 16 bits, so there's a hard
|
||||
limit of 65535. */
|
||||
if (rec->rec_header.packet_header.caplen > 65535) {
|
||||
|
@ -1912,6 +1921,15 @@ netxray_dump_2_0(wtap_dumper *wdh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* Don't write anything we're not willing to read. */
|
||||
if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
|
||||
*err = WTAP_ERR_PACKET_TOO_LARGE;
|
||||
|
|
|
@ -2026,6 +2026,15 @@ ngsniffer_dump(wtap_dumper *wdh, const wtap_rec *rec,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* The captured length field is 16 bits, so there's a hard
|
||||
limit of 65535. */
|
||||
if (rec->rec_header.packet_header.caplen > 65535) {
|
||||
|
|
|
@ -818,6 +818,15 @@ static gboolean snoop_dump(wtap_dumper *wdh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (wdh->encap == WTAP_ENCAP_ATM_PDUS)
|
||||
atm_hdrsize = sizeof (struct snoop_atm_hdr);
|
||||
else
|
||||
|
|
|
@ -639,6 +639,15 @@ static gboolean visual_dump(wtap_dumper *wdh, const wtap_rec *rec,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this packet doesn't have a link-layer type that
|
||||
* differs from the one for the file.
|
||||
*/
|
||||
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
|
||||
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* Don't write anything we're not willing to read. */
|
||||
if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
|
||||
*err = WTAP_ERR_PACKET_TOO_LARGE;
|
||||
|
|
Loading…
Reference in New Issue