diff options
| author | Guy Harris <gharris@sonic.net> | 2020-10-22 01:10:57 -0700 |
|---|---|---|
| committer | Guy Harris <gharris@sonic.net> | 2020-10-22 02:58:07 -0700 |
| commit | d0270415a9d198eae0b8c739b17780e6c347ebcd (patch) | |
| tree | cf745f012fc0e4197558c6acac267704988dd95d /tshark.c | |
| parent | e16ef82d7c4ae292c9a46530124aef268c35011f (diff) | |
editcap, tshark: process IDBs in the middle of input files.
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes #15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
Diffstat (limited to 'tshark.c')
| -rw-r--r-- | tshark.c | 41 |
1 files changed, 40 insertions, 1 deletions
@@ -3235,6 +3235,26 @@ process_packet_second_pass(capture_file *cf, epan_dissect_t *edt, return passed || fdata->dependent_of_displayed; } +static gboolean +process_new_idbs(wtap *wth, wtap_dumper *pdh, int *err, gchar **err_info) +{ + wtap_block_t if_data; + + while ((if_data = wtap_get_next_interface_description(wth)) != NULL) { + /* + * Only add IDBs if we're writing to a file and the output file + * requires interface IDs; otherwise, it doesn't support writing IDBs. + */ + if (pdh != NULL) { + if (wtap_uses_interface_ids(wtap_dump_file_type_subtype(pdh))) { + if (!wtap_dump_add_idb(pdh, if_data, err, err_info)) + return FALSE; + } + } + } + return TRUE; +} + static pass_status_t process_cap_file_second_pass(capture_file *cf, wtap_dumper *pdh, int *err, gchar **err_info, @@ -3249,6 +3269,16 @@ process_cap_file_second_pass(capture_file *cf, wtap_dumper *pdh, epan_dissect_t *edt = NULL; pass_status_t status = PASS_SUCCEEDED; + /* + * Process whatever IDBs we haven't seen yet. This will be all + * the IDBs in the file, as we've finished reading it; they'll + * all be at the beginning of the output file. + */ + if (!process_new_idbs(cf->provider.wth, pdh, err, err_info)) { + *err_framenum = 0; + return PASS_WRITE_ERROR; + } + wtap_rec_init(&rec); ws_buffer_init(&buf, 1514); @@ -3409,6 +3439,15 @@ process_cap_file_single_pass(capture_file *cf, wtap_dumper *pdh, } framenum++; + /* + * Process whatever IDBs we haven't seen yet. + */ + if (!process_new_idbs(cf->provider.wth, pdh, err, err_info)) { + *err_framenum = framenum; + status = PASS_WRITE_ERROR; + break; + } + tshark_debug("tshark: processing packet #%d", framenum); reset_epan_mem(cf, edt, create_proto_tree, print_packet_info && print_details); @@ -3472,7 +3511,7 @@ process_cap_file(capture_file *cf, char *save_file, int out_file_type, if (save_file != NULL) { /* Set up to write to the capture file. */ - wtap_dump_params_init(¶ms, cf->provider.wth); + wtap_dump_params_init_no_idbs(¶ms, cf->provider.wth); /* If we don't have an application name add Tshark */ if (wtap_block_get_string_option_value(g_array_index(params.shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, &shb_user_appl) != WTAP_OPTTYPE_SUCCESS) { |