androiddump: Fix tcpdump encap type when libwiretap is used

androiddump determines encap type by parsing pcap global header from tcpdump binary output. Only when libpcap is used with androiddump this (pcap linktype) value can be used right away. Libwiretap uses its own encap values but is feed with pcap linktype values making the whole packet encapsulation invalid. Fix by converting pcap linktype values into wiretap encap values (For pcap linktype definitions see http://www.tcpdump.org/linktypes.html) (For wtap encap defininitions see wiretap/wtap.h) Fixes: bfef57ebb7 ("androiddump: Fix and simplify tcpdump capture") Change-Id: I5ea86204b8e5774fd84d4007db8c2910680dbd53 Reviewed-on: https://code.wireshark.org/review/27747 Petri-Dish: Anders Broman <a.broman58@gmail.com> Reviewed-by: Florian Bezold <florian.bezold@esrlabs.com> Tested-by: Petri Dish Buildbot Reviewed-by: Roland Knall <rknall@gmail.com>
2018-05-23 17:10:27 +02:00 · 2018-05-23 17:10:27 +02:00 · afd0eef4f6
parent c59fae221e
commit afd0eef4f6
1 changed files with 6 additions and 2 deletions
--- a/extcap/androiddump.c
+++ b/extcap/androiddump.c
@ -73,6 +73,7 @@
    #endif
 #else
    #include "wiretap/wtap.h"
+    #include "wiretap/pcap-encap.h"
 #endif

 #ifdef ANDROIDDUMP_USE_LIBPCAP
@ -2412,8 +2413,11 @@ static int capture_android_tcpdump(char *interface, char *fifo,
        closesocket(sock);
        return EXIT_CODE_GENERIC;
    }
-
-    extcap_dumper = extcap_dumper_open(fifo, (int) data[20]);
+    int encap = (int)data[20];
+#ifndef ANDROIDDUMP_USE_LIBPCAP
+    encap = wtap_pcap_encap_to_wtap_encap(encap);
+#endif
+    extcap_dumper = extcap_dumper_open(fifo, encap);

    used_buffer_length = 0;
    while (endless_loop) {