diff options
author | Guy Harris <guy@alum.mit.edu> | 2017-06-04 18:58:40 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2017-06-05 05:28:26 +0000 |
commit | d0865fd619454a9ac06b1c7d287dc438aff50bb0 (patch) | |
tree | 91efc24ec72d274b1529342041641b36939236f2 /wiretap/pcapng.c | |
parent | 17965f57f178aa7e4027f2d363658098e2f1abb3 (diff) |
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap/pcapng.c')
-rw-r--r-- | wiretap/pcapng.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c index f21e028c94..9217781341 100644 --- a/wiretap/pcapng.c +++ b/wiretap/pcapng.c @@ -737,14 +737,14 @@ pcapng_read_if_descr_block(wtap *wth, FILE_T fh, pcapng_block_header_t *bh, wtap_encap_string(if_descr_mand->wtap_encap), if_descr_mand->snap_len); - if (if_descr_mand->snap_len > WTAP_MAX_PACKET_SIZE) { - /* This is unrealistic, but text2pcap currently uses 102400. + if (if_descr_mand->snap_len > wtap_max_snaplen_for_encap(if_descr_mand->wtap_encap)) { + /* * We do not use this value, maybe we should check the * snap_len of the packets against it. For now, only warn. */ pcapng_debug("pcapng_read_if_descr_block: snapshot length %u unrealistic.", if_descr_mand->snap_len); - /*if_descr_mand->snap_len = WTAP_MAX_PACKET_SIZE;*/ + /*if_descr_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD;*/ } /* Options */ @@ -1164,12 +1164,6 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta } } - if (packet.cap_len > WTAP_MAX_PACKET_SIZE) { - *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup_printf("pcapng_read_packet_block: cap_len %u is larger than WTAP_MAX_PACKET_SIZE %u", - packet.cap_len, WTAP_MAX_PACKET_SIZE); - return FALSE; - } pcapng_debug("pcapng_read_packet_block: packet data: packet_len %u captured_len %u interface_id %u", packet.packet_len, packet.cap_len, @@ -1184,6 +1178,14 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta iface_info = g_array_index(pn->interfaces, interface_info_t, packet.interface_id); + if (packet.cap_len > wtap_max_snaplen_for_encap(iface_info.wtap_encap)) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup_printf("pcapng_read_packet_block: cap_len %u is larger than %u", + packet.cap_len, + wtap_max_snaplen_for_encap(iface_info.wtap_encap)); + return FALSE; + } + wblock->packet_header->rec_type = REC_TYPE_PACKET; wblock->packet_header->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID; @@ -1466,10 +1468,11 @@ pcapng_read_simple_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t * return FALSE; } - if (simple_packet.cap_len > WTAP_MAX_PACKET_SIZE) { + if (simple_packet.cap_len > wtap_max_snaplen_for_encap(iface_info.wtap_encap)) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup_printf("pcapng_read_simple_packet_block: cap_len %u is larger than WTAP_MAX_PACKET_SIZE %u", - simple_packet.cap_len, WTAP_MAX_PACKET_SIZE); + *err_info = g_strdup_printf("pcapng_read_simple_packet_block: cap_len %u is larger than %u", + simple_packet.cap_len, + wtap_max_snaplen_for_encap(iface_info.wtap_encap)); return FALSE; } pcapng_debug("pcapng_read_simple_packet_block: packet data: packet_len %u", @@ -2951,7 +2954,7 @@ pcapng_write_enhanced_packet_block(wtap_dumper *wdh, wtapng_if_descr_mandatory_t *int_data_mand; /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > wtap_max_snaplen_for_encap(wdh->encap)) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } @@ -3140,7 +3143,7 @@ pcapng_write_sysdig_event_block(wtap_dumper *wdh, guint16 event_type; /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } |