diff options
author | Guy Harris <guy@alum.mit.edu> | 2002-03-09 23:07:26 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2002-03-09 23:07:26 +0000 |
commit | 7d77975a145af88705fb131591f3188210ba8d59 (patch) | |
tree | d99e650e546c162c194f9b15b0fa12411ceff084 /wiretap/libpcap.c | |
parent | 56902650875cd87e16ccbd9207f4041311421dc5 (diff) |
Sigh. Tcpdump cannot handle capture files with a snapshot length of 0,
as BPF filters return either 0 if they fail or the snapshot length if
they succeed, and a snapshot length of 0 means success is
indistinguishable from failure and the filter expression would reject
all packets.
Now that a snapshot length of 0, inside Ethereal, means "snapshot length
unknown", we have to, when opening a libpcap file for output, make the
snapshot length some non-zero value. We make it WTAP_MAX_PACKET_SIZE,
in case some program uses the snapshot length as a buffer size. (That
doesn't help if there are packets with more than 65535 bytes of data; if
there are, we'd need to raise WTAP_MAX_PACKET_SIZE just to make those
files readable in Ethereal in any case.)
svn path=/trunk/; revision=4905
Diffstat (limited to 'wiretap/libpcap.c')
-rw-r--r-- | wiretap/libpcap.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index 58805598eb..e319c0912a 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -1,6 +1,6 @@ /* libpcap.c * - * $Id: libpcap.c,v 1.70 2002/03/07 21:46:06 guy Exp $ + * $Id: libpcap.c,v 1.71 2002/03/09 23:07:26 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -1072,7 +1072,19 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err) file_hdr.version_minor = 4; file_hdr.thiszone = 0; /* XXX - current offset? */ file_hdr.sigfigs = 0; /* unknown, but also apparently unused */ - file_hdr.snaplen = wdh->snaplen; + /* + * Tcpdump cannot handle capture files with a snapshot length of 0, + * as BPF filters return either 0 if they fail or the snapshot length + * if they succeed, and a snapshot length of 0 means success is + * indistinguishable from failure and the filter expression would + * reject all packets. + * + * A snapshot length of 0, inside Wiretap, means "snapshot length + * unknown"; if the snapshot length supplied to us is 0, we make + * the snapshot length in the header file WTAP_MAX_PACKET_SIZE. + */ + file_hdr.snaplen = (wdh->snaplen != 0) ? wdh->snaplen : + WTAP_MAX_PACKET_SIZE; file_hdr.network = wtap_wtap_encap_to_pcap_encap(wdh->encap); nwritten = fwrite(&file_hdr, 1, sizeof file_hdr, wdh->fh); if (nwritten != sizeof file_hdr) { |