diff options
| author | Guy Harris <guy@alum.mit.edu> | 2016-01-22 17:14:50 -0800 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2016-01-23 01:15:54 +0000 |
| commit | e406703c5f8d341153e0b91cc16638c3a556ae49 (patch) | |
| tree | 0a341aa0d6f749d43a05a895bc5f36dfb0b6e9bc | |
| parent | 5fecf1795ef5365db69527e3b64d2234253cd5cb (diff) | |
Fix handling of the byte order magic number.
Just treat it as an array of bytes. When checking for whether it's a
pcapng file, also determine whether it's big-endian or little-endian.
Note that reading it in *host* byte order will tell you whether it's in
your byte order or byte-swapped; you have to know your byte order to
know whether that means little-endian or big-endian.
Have a #define for the byte-order magic number size, as all byte order
magic number values must be that size, and use that as the size of the
magic-number arrays.
Also use a #define for the SHB block type magic number.
Get rid of a now-unused expert info. (If the magic number isn't
something we recognize, we don't treat the file as a pcap file, so it
can never be "unknown".)
Change-Id: Ic74cceac17d1490eb70a28f67cb4dbb512e031ac
Reviewed-on: https://code.wireshark.org/review/13494
Reviewed-by: Guy Harris <guy@alum.mit.edu>
| -rw-r--r-- | epan/dissectors/file-pcapng.c | 54 |
1 files changed, 26 insertions, 28 deletions
diff --git a/epan/dissectors/file-pcapng.c b/epan/dissectors/file-pcapng.c index 7441269e6d..4d491fbd0e 100644 --- a/epan/dissectors/file-pcapng.c +++ b/epan/dissectors/file-pcapng.c @@ -135,7 +135,6 @@ static int hf_pcapng_record_padding = -1; static expert_field ei_invalid_option_length = EI_INIT; static expert_field ei_invalid_record_length = EI_INIT; -static expert_field ei_unknown_encoding = EI_INIT; static gint ett_pcapng = -1; static gint ett_pcapng_section_header_block = -1; @@ -218,12 +217,6 @@ static const value_string block_type_vals[] = { { 0, NULL } }; -static const value_string byte_order_magic_vals[] = { - { 0x1A2B3C4D, "Big-endian" }, - { 0x4D3C2B1A, "Little-endian" }, - { 0, NULL } -}; - static const value_string option_code_section_header_vals[] = { { 0x0000, "End of Options" }, { 0x0001, "Comment" }, @@ -927,6 +920,7 @@ static gint dissect_block(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item *block_item; proto_tree *block_data_tree; proto_item *block_data_item; + proto_item *byte_order_magic_item; proto_item *packet_data_item; gint offset = 0; guint32 length; @@ -961,7 +955,11 @@ static gint dissect_block(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, info->interface_number = 0; info->frame_number = 1; - proto_tree_add_item(block_data_tree, hf_pcapng_section_header_byte_order_magic, tvb, offset, 4, ENC_NA); + byte_order_magic_item = proto_tree_add_item(block_data_tree, hf_pcapng_section_header_byte_order_magic, tvb, offset, 4, ENC_NA); + if (encoding == ENC_BIG_ENDIAN) + proto_item_append_text(byte_order_magic_item, " (Big-endian)"); + else + proto_item_append_text(byte_order_magic_item, " (Little-endian)"); offset += 4; proto_tree_add_item(block_data_tree, hf_pcapng_section_header_major_version, tvb, offset, 2, encoding); @@ -1265,12 +1263,21 @@ static gint dissect_block(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, return offset; } +#define BLOCK_TYPE_SIZE 4 +#define BYTE_ORDER_MAGIC_SIZE 4 + static int dissect_pcapng(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { - static const guint8 pcapng_premagic[] = { 0x0A, 0x0D, 0x0D, 0x0A }; - static const guint8 pcapng_magic[] = { 0x1A, 0x2B, 0x3C, 0x4D }; - static const guint8 pcapng_swapped_magic[] = { 0x4D, 0x3C, 0x2B, 0x1A }; + static const guint8 pcapng_premagic[BLOCK_TYPE_SIZE] = { + 0x0A, 0x0D, 0x0D, 0x0A + }; + static const guint8 pcapng_big_endian_magic[BYTE_ORDER_MAGIC_SIZE] = { + 0x1A, 0x2B, 0x3C, 0x4D + }; + static const guint8 pcapng_little_endian_magic[BYTE_ORDER_MAGIC_SIZE] = { + 0x4D, 0x3C, 0x2B, 0x1A + }; gint offset = 0; guint32 length; guint32 encoding; @@ -1278,13 +1285,15 @@ dissect_pcapng(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ proto_item *main_item; struct info info; - if (tvb_memeql(tvb, 0, pcapng_premagic, sizeof(pcapng_premagic)) != 0) + if (tvb_memeql(tvb, 0, pcapng_premagic, BLOCK_TYPE_SIZE) != 0) return 0; - if (tvb_memeql(tvb, 8, pcapng_magic, sizeof(pcapng_magic)) != 0) { - if (tvb_memeql(tvb, 8, pcapng_swapped_magic, sizeof(pcapng_swapped_magic)) != 0) { - return 0; - } + if (tvb_memeql(tvb, 8, pcapng_big_endian_magic, BYTE_ORDER_MAGIC_SIZE) == 0) { + encoding = ENC_BIG_ENDIAN; + } else if (tvb_memeql(tvb, 8, pcapng_little_endian_magic, BYTE_ORDER_MAGIC_SIZE) == 0) { + encoding = ENC_LITTLE_ENDIAN; + } else { + return 0; } info.file_number = 1; @@ -1295,16 +1304,6 @@ dissect_pcapng(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ main_item = proto_tree_add_item(tree, proto_pcapng, tvb, offset, -1, ENC_NA); main_tree = proto_item_add_subtree(main_item, ett_pcapng); - encoding = tvb_get_guint32(tvb, offset + 8, ENC_HOST_ENDIAN); - if (encoding == 0x1A2B3C4D) { - encoding = ENC_LITTLE_ENDIAN; - } else if (encoding == 0x4D3C2B1A) { - encoding = ENC_BIG_ENDIAN; - } else { - expert_add_info(pinfo, main_item, &ei_unknown_encoding); - return offset; - } - while (tvb_captured_length_remaining(tvb, offset)) { tvbuff_t *next_tvb; @@ -1422,7 +1421,7 @@ proto_register_pcapng(void) }, { &hf_pcapng_section_header_byte_order_magic, { "Byte Order Magic", "pcapng.section_header.byte_order_magic", - FT_UINT32, BASE_HEX, VALS(byte_order_magic_vals), 0x00, + FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_pcapng_section_header_major_version, @@ -1791,7 +1790,6 @@ proto_register_pcapng(void) static ei_register_info ei[] = { { &ei_invalid_option_length, { "pcapng.invalid_option_length", PI_PROTOCOL, PI_ERROR, "Invalid Option Length", EXPFILL }}, { &ei_invalid_record_length, { "pcapng.invalid_record_length", PI_PROTOCOL, PI_ERROR, "Invalid Record Length", EXPFILL }}, - { &ei_unknown_encoding, { "pcapng.unknown_encoding", PI_PROTOCOL, PI_ERROR, "Unknown Encoding", EXPFILL }} }; static gint *ett[] = { |