diff options
author | Dr. Lars Völker <lars.voelker@technica-engineering.de> | 2022-01-12 20:17:42 +0100 |
---|---|---|
committer | A Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2022-01-16 08:55:24 +0000 |
commit | ef43fd48b4f981392a0c61b5e9a804e8f9c85eb4 (patch) | |
tree | bed0fd488f5678dd9c4ced3a342c0e1efc63d625 /tshark.c | |
parent | 800524131f869984eca1c8940d4825e68f23cfdd (diff) |
tshark: improve robustness for PCAPNGs not starting with IDBs
The PCAPNG code assumes that PCAPNGs start with IDBs, which might not be
true. This patch adds a workaround for Tshark to process such files.
Diffstat (limited to 'tshark.c')
-rw-r--r-- | tshark.c | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -3625,11 +3625,24 @@ process_cap_file(capture_file *cf, char *save_file, int out_file_type, wtap_dump_params params = WTAP_DUMP_PARAMS_INIT; char *shb_user_appl; pass_status_t first_pass_status, second_pass_status; + gboolean pcapng_pcapng_workaround = false; + wtapng_iface_descriptions_t if_tmp; if (save_file != NULL) { /* Set up to write to the capture file. */ wtap_dump_params_init_no_idbs(¶ms, cf->provider.wth); + /* workaround for pcapng -> pcapng (e.g., when pcapng starts with a custom block) */ + if (out_file_type == wtap_pcapng_file_type_subtype() && params.encap == WTAP_ENCAP_UNKNOWN) { + pcapng_pcapng_workaround = true; + params.encap = WTAP_ENCAP_PER_PACKET; + params.dont_copy_idbs = true; /* make sure this stay true */ + if (params.idb_inf->interface_data != NULL) { + /* lets fake an interface, which is not copied anyway */ + g_array_insert_val(params.idb_inf->interface_data, 0, if_tmp); + } + } + /* If we don't have an application name add TShark */ if (wtap_block_get_string_option_value(g_array_index(params.shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, &shb_user_appl) != WTAP_OPTTYPE_SUCCESS) { /* this is free'd by wtap_block_unref() later */ @@ -3653,6 +3666,11 @@ process_cap_file(capture_file *cf, char *save_file, int out_file_type, &err, &err_info); } + if (pcapng_pcapng_workaround) { + /* remove the fake interface before it will be used */ + g_array_remove_index((params.idb_inf->interface_data), 0); + } + g_free(params.idb_inf); params.idb_inf = NULL; |