Get rid of some cruft left in by previous checkins as placeholders.

Get rid of WTAP_ENCAP_NONE; replace it with WTAP_ENCAP_UNKNOWN, which
means "I can't handle that file, it's using an encapsulation I don't
support".

Check for encapsulations we don't support, and return an error (as is
already done in "libpcap.c").

Check for too-large packet sizes, and return an error (as is already
done in "libpcap.c").

Print unsigned quantities in Wiretap messages with "%u", not "%d".

svn path=/trunk/; revision=544

9 files changed, 155 insertions, 116 deletions

diff --git a/wiretap/file.c b/wiretap/file.c
index f120b4ccf4..3e75cf1215 100644
--- a/wiretap/file.c
+++ b/wiretap/file.c
@@ -1,6 +1,6 @@
 /* file.c
  *
- * $Id: file.c,v 1.17 1999/08/19 05:31:33 guy Exp $
+ * $Id: file.c,v 1.18 1999/08/22 02:29:38 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -104,7 +104,7 @@ wtap* wtap_open_offline(const char *filename, int *err)
 	}
 
 	/* initialization */
-	wth->file_encap = WTAP_ENCAP_NONE;
+	wth->file_encap = WTAP_ENCAP_UNKNOWN;
 
 	/* Try all file types */
 	for (i = 0; i < N_FILE_TYPES; i++) {
diff --git a/wiretap/iptrace.c b/wiretap/iptrace.c
index 381d22b0d2..0d6e98d119 100644
--- a/wiretap/iptrace.c
+++ b/wiretap/iptrace.c
@@ -1,6 +1,6 @@
 /* iptrace.c
  *
- * $Id: iptrace.c,v 1.7 1999/08/20 04:07:09 gram Exp $
+ * $Id: iptrace.c,v 1.8 1999/08/22 02:29:40 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -125,7 +125,10 @@ static int iptrace_read(wtap *wth, int *err)
 		wth->phdr.pkt_encap = WTAP_ENCAP_RAW_IP;
 	}
 	else {
-		wth->phdr.pkt_encap = WTAP_ENCAP_NONE;
+		g_message("iptrace: interface type %c%c unknown or unsupported",
+		    if_name1, if_name2);
+		*err = WTAP_ERR_BAD_RECORD;
+		return -1;
 	}
 	return data_offset;
 }
diff --git a/wiretap/lanalyzer.c b/wiretap/lanalyzer.c
index da19d26f7e..b28cfa1444 100644
--- a/wiretap/lanalyzer.c
+++ b/wiretap/lanalyzer.c
@@ -1,6 +1,6 @@
 /* lanalyzer.c
  *
- * $Id: lanalyzer.c,v 1.12 1999/08/20 04:49:18 gram Exp $
+ * $Id: lanalyzer.c,v 1.13 1999/08/22 02:29:40 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -163,7 +163,11 @@ int lanalyzer_open(wtap *wth, int *err)
 						wth->file_encap = WTAP_ENCAP_TR;
 						break;
 					default:
-						wth->file_encap = WTAP_ENCAP_NONE;
+						g_message("lanalyzer: board type %u unknown",
+						    board_type);
+						g_free(wth->capture.lanalyzer);
+						*err = WTAP_ERR_UNSUPPORTED;
+						return -1;
 				}
 				break;
 
@@ -229,6 +233,8 @@ static int lanalyzer_read(wtap *wth, int *err)
 	 * the middle of reading packets.  If any other record type exists
 	 * after a Trace Packet Data Record, mark it as an error. */
 	if (record_type != REC_TRACE_PACKET_DATA) {
+		g_message("lanalyzer: record type %u seen after trace summary record",
+		    record_type);
 		*err = WTAP_ERR_BAD_RECORD;
 		return -1;
 	}
diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c
index 73e0f1acb7..aee592fda7 100644
--- a/wiretap/libpcap.c
+++ b/wiretap/libpcap.c
@@ -1,6 +1,6 @@
 /* libpcap.c
  *
- * $Id: libpcap.c,v 1.11 1999/08/22 00:47:56 guy Exp $
+ * $Id: libpcap.c,v 1.12 1999/08/22 02:29:37 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -78,21 +78,23 @@ static int libpcap_dump_close(wtap_dumper *wdh, int *err);
 /*
  * XXX - this is a bit of a mess.  OpenBSD, and perhaps NetBSD, have
  * different DLT_ codes from FreeBSD (and from the LBL BPF code).
- * For now, we simply treat all except DLT_RAW as "unknown"; this
- * means you won't be able to capture from a network using those
+ * For now, we simply treat those type values with different
+ * meanings on different platforms, except for DLT_RAW, as "unknown";
+ * this means you won't be able to capture from a network using those
  * types in Ethereal (and that capturing from the loopback interface
- * won't necessarily work right on OpenBSD, either).
+ * won't necessarily work right on OpenBSD, either, as it uses
+ * DLT_LOOP, which is the same as DLT_RAW on other platforms).
  *
  * Does anybody know what BSD/OS uses as DLT_ types for SLIP and
  * PPP?  The LBL code, and the OpenBSD code, appear to disagree....
  *
  * Nothing in FreeBSD appears to use DLT_RAW, so it's not clear what
- * link-layer header or fake header appears.  If it's completely
- * unused, or if it behaves the same way OpenBSD DLT_LOOP behaves,
- * i.e. it puts an address family in *network* byte order (as opposed
- * to the *host* byte order that DLT_NULL uses on FreeBSD), then
- * we should just make it WTAP_ENCAP_LOOP and process that as an
- * OpenBSD DLT_LOOP.
+ * link-layer header or fake header appears for DLT_RAW.  If it's
+ * completely unused, or if it behaves the same way OpenBSD DLT_LOOP
+ * behaves, i.e. it puts an address family in *network* byte order
+ * (as opposed to the *host* byte order that DLT_NULL uses on FreeBSD),
+ * then we should just make it WTAP_ENCAP_NULL, which we treat in
+ * such a fashion as to cause it to work with DLT_LOOP headers.
  */
 static const int pcap_encap[] = {
 	WTAP_ENCAP_NULL,	/* null encapsulation */
@@ -166,14 +168,15 @@ int libpcap_open(wtap *wth, int *err)
 	}
 	if (hdr.version_major < 2) {
 		/* We only support version 2.0 and later. */
-		g_message("pcap: major version %d unsupported",
+		g_message("pcap: major version %u unsupported",
 		    hdr.version_major);
 		*err = WTAP_ERR_UNSUPPORTED;
 		return -1;
 	}
 	if (hdr.network >= NUM_PCAP_ENCAPS
 	    || pcap_encap[hdr.network] == WTAP_ENCAP_UNKNOWN) {
-		g_message("pcap: network type %d unknown or unsupported", hdr.network);
+		g_message("pcap: network type %u unknown or unsupported",
+		    hdr.network);
 		*err = WTAP_ERR_UNSUPPORTED;
 		return -1;
 	}
@@ -289,16 +292,17 @@ int libpcap_dump_open(wtap_dumper *wdh, int *err)
 	static const guint32 pcap_magic = PCAP_MAGIC;
 	struct pcap_hdr file_hdr;
 	static const int wtap_encap[] = {
-		0,		/* WTAP_ENCAP_NONE */
-		1,		/* WTAP_ENCAP_ETHERNET */
-		6,		/* WTAP_ENCAP_TR */
-		8,		/* WTAP_ENCAP_SLIP */
-		9,		/* WTAP_ENCAP_PPP */
-		10,		/* WTAP_ENCAP_FDDI */
-		12,		/* WTAP_ENCAP_RAW_IP */
-		7,		/* WTAP_ENCAP_ARCNET */
-		11,		/* WTAP_ENCAP_ATM_RFC1483 */
-		19		/* WTAP_ENCAP_LINUX_ATM_CLIP */
+		0,		/* WTAP_ENCAP_UNKNOWN -> DLT_NULL */
+		1,		/* WTAP_ENCAP_ETHERNET -> DLT_EN10MB */
+		6,		/* WTAP_ENCAP_TR -> DLT_IEEE802 */
+		8,		/* WTAP_ENCAP_SLIP -> DLT_SLIP */
+		9,		/* WTAP_ENCAP_PPP -> DLT_PPP */
+		10,		/* WTAP_ENCAP_FDDI -> DLT_FDDI */
+		12,		/* WTAP_ENCAP_RAW_IP -> DLT_RAW */
+		7,		/* WTAP_ENCAP_ARCNET -> DLT_ARCNET */
+		11,		/* WTAP_ENCAP_ATM_RFC1483 -> DLT_ATM_RFC1483 */
+		19,		/* WTAP_ENCAP_LINUX_ATM_CLIP */
+		0		/* WTAP_ENCAP_NULL -> DLT_NULL */
 	};
 	int nwritten;
 
diff --git a/wiretap/netmon.c b/wiretap/netmon.c
index 77afdaeaf2..cf6567e01d 100644
--- a/wiretap/netmon.c
+++ b/wiretap/netmon.c
@@ -1,6 +1,6 @@
 /* netmon.c
  *
- * $Id: netmon.c,v 1.10 1999/08/19 05:31:36 guy Exp $
+ * $Id: netmon.c,v 1.11 1999/08/22 02:29:40 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -99,18 +99,18 @@ int netmon_open(wtap *wth, int *err)
 	struct netmon_hdr hdr;
 	int file_type;
 	static const int netmon_encap[] = {
-		WTAP_ENCAP_NONE,
+		WTAP_ENCAP_UNKNOWN,
 		WTAP_ENCAP_ETHERNET,
 		WTAP_ENCAP_TR,
 		WTAP_ENCAP_FDDI,
-		WTAP_ENCAP_NONE,	/* WAN */
-		WTAP_ENCAP_NONE,	/* LocalTalk */
-		WTAP_ENCAP_NONE,	/* "DIX" - should not occur */
-		WTAP_ENCAP_NONE,	/* ARCNET raw */
-		WTAP_ENCAP_NONE,	/* ARCNET 878.2 */
-		WTAP_ENCAP_NONE,	/* ATM */
-		WTAP_ENCAP_NONE,	/* Wireless WAN */
-		WTAP_ENCAP_NONE		/* IrDA */
+		WTAP_ENCAP_UNKNOWN,	/* WAN */
+		WTAP_ENCAP_UNKNOWN,	/* LocalTalk */
+		WTAP_ENCAP_UNKNOWN,	/* "DIX" - should not occur */
+		WTAP_ENCAP_UNKNOWN,	/* ARCNET raw */
+		WTAP_ENCAP_UNKNOWN,	/* ARCNET 878.2 */
+		WTAP_ENCAP_UNKNOWN,	/* ATM */
+		WTAP_ENCAP_UNKNOWN,	/* Wireless WAN */
+		WTAP_ENCAP_UNKNOWN	/* IrDA */
 	};
 	#define NUM_NETMON_ENCAPS (sizeof netmon_encap / sizeof netmon_encap[0])
 	struct tm tm;
@@ -155,14 +155,16 @@ int netmon_open(wtap *wth, int *err)
 		break;
 
 	default:
-		g_message("netmon: major version %d unsupported", hdr.ver_major);
+		g_message("netmon: major version %u unsupported", hdr.ver_major);
 		*err = WTAP_ERR_UNSUPPORTED;
 		return -1;
 	}
 
 	hdr.network = pletohs(&hdr.network);
-	if (hdr.network >= NUM_NETMON_ENCAPS) {
-		g_message("netmon: network type %d unknown", hdr.network);
+	if (hdr.network >= NUM_NETMON_ENCAPS
+	    || netmon_encap[hdr.network] == WTAP_ENCAP_UNKNOWN) {
+		g_message("netmon: network type %u unknown or unsupported",
+		    hdr.network);
 		*err = WTAP_ERR_UNSUPPORTED;
 		return -1;
 	}
@@ -219,7 +221,7 @@ int netmon_open(wtap *wth, int *err)
 /* Read the next packet */
 static int netmon_read(wtap *wth, int *err)
 {
-	int	packet_size = 0;
+	guint32	packet_size = 0;
 	int	bytes_read;
 	union {
 		struct netmonrec_1_x_hdr hdr_1_x;
@@ -274,6 +276,16 @@ static int netmon_read(wtap *wth, int *err)
 		packet_size = pletohl(&hdr.hdr_2_x.incl_len);
 		break;
 	}
+	if (packet_size > WTAP_MAX_PACKET_SIZE) {
+		/*
+		 * Probably a corrupt capture file; don't blow up trying
+		 * to allocate space for an immensely-large packet.
+		 */
+		g_message("netmon: File has %u-byte packet, bigger than maximum of %u",
+		    packet_size, WTAP_MAX_PACKET_SIZE);
+		*err = WTAP_ERR_BAD_RECORD;
+		return -1;
+	}
 	buffer_assure_space(wth->frame_buffer, packet_size);
 	errno = WTAP_ERR_CANT_READ;
 	bytes_read = fread(buffer_start_ptr(wth->frame_buffer), 1,
diff --git a/wiretap/netxray.c b/wiretap/netxray.c
index 1f8391d41f..e3cd643089 100644
--- a/wiretap/netxray.c
+++ b/wiretap/netxray.c
@@ -1,6 +1,6 @@
 /* netxray.c
  *
- * $Id: netxray.c,v 1.10 1999/08/19 05:31:35 guy Exp $
+ * $Id: netxray.c,v 1.11 1999/08/22 02:29:39 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -102,14 +102,14 @@ int netxray_open(wtap *wth, int *err)
 		WTAP_ENCAP_ETHERNET,
 		WTAP_ENCAP_TR,
 		WTAP_ENCAP_FDDI,
-		WTAP_ENCAP_NONE,	/* WAN */
-		WTAP_ENCAP_NONE,	/* LocalTalk */
-		WTAP_ENCAP_NONE,	/* "DIX" - should not occur */
-		WTAP_ENCAP_NONE,	/* ARCNET raw */
-		WTAP_ENCAP_NONE,	/* ARCNET 878.2 */
-		WTAP_ENCAP_NONE,	/* ATM */
-		WTAP_ENCAP_NONE,	/* Wireless WAN */
-		WTAP_ENCAP_NONE		/* IrDA */
+		WTAP_ENCAP_UNKNOWN,	/* WAN */
+		WTAP_ENCAP_UNKNOWN,	/* LocalTalk */
+		WTAP_ENCAP_UNKNOWN,	/* "DIX" - should not occur */
+		WTAP_ENCAP_UNKNOWN,	/* ARCNET raw */
+		WTAP_ENCAP_UNKNOWN,	/* ARCNET 878.2 */
+		WTAP_ENCAP_UNKNOWN,	/* ATM */
+		WTAP_ENCAP_UNKNOWN,	/* Wireless WAN */
+		WTAP_ENCAP_UNKNOWN	/* IrDA */
 	};
 	#define NUM_NETXRAY_ENCAPS (sizeof netxray_encap / sizeof netxray_encap[0])
 
@@ -167,8 +167,10 @@ int netxray_open(wtap *wth, int *err)
 	}
 
 	hdr.network = pletohs(&hdr.network);
-	if (hdr.network >= NUM_NETXRAY_ENCAPS) {
-		g_message("netxray: network type %d unknown", hdr.network);
+	if (hdr.network >= NUM_NETXRAY_ENCAPS
+	    || netxray_encap[hdr.network] == WTAP_ENCAP_UNKNOWN) {
+		g_message("netxray: network type %u unknown or unsupported",
+		    hdr.network);
 		*err = WTAP_ERR_UNSUPPORTED;
 		return -1;
 	}
@@ -204,7 +206,7 @@ int netxray_open(wtap *wth, int *err)
 /* Read the next packet */
 static int netxray_read(wtap *wth, int *err)
 {
-	int	packet_size;
+	guint32	packet_size;
 	int	bytes_read;
 	union {
 		struct netxrayrec_1_x_hdr hdr_1_x;
diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c
index bc897b2b4e..53066089d8 100644
--- a/wiretap/ngsniffer.c
+++ b/wiretap/ngsniffer.c
@@ -1,6 +1,6 @@
 /* ngsniffer.c
  *
- * $Id: ngsniffer.c,v 1.18 1999/08/20 23:11:05 guy Exp $
+ * $Id: ngsniffer.c,v 1.19 1999/08/22 02:29:39 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -87,7 +87,7 @@ struct vers_rec {
 	gint16	time;		/* DOS-format time */
 	gint16	date;		/* DOS-format date */
 	gint8	type;		/* what type of records follow */
-	gint8	network;	/* network type */
+	guint8	network;	/* network type */
 	gint8	format;		/* format version (we only support version 1!) */
 	guint8	timeunit;	/* timestamp units */
 	gint8	cmprs_vers;	/* compression version */
@@ -238,22 +238,6 @@ struct frame4_rec {
 #define NUM_NGSNIFF_TIMEUNITS 7
 static double Usec[] = { 15.0, 0.838096, 15.0, 0.5, 2.0, 0.0, 0.1 };
 
-#define NGSNIFF_ENCAP_ATM 10
-#define NUM_NGSNIFF_ENCAPS 11
-static int sniffer_encap[] = {
-		WTAP_ENCAP_TR,
-		WTAP_ENCAP_ETHERNET,
-		WTAP_ENCAP_ARCNET,
-		WTAP_ENCAP_NONE,	/* StarLAN */
-		WTAP_ENCAP_NONE,	/* PC Network broadband */
-		WTAP_ENCAP_NONE,	/* LocalTalk */
-		WTAP_ENCAP_NONE,	/* Znet */
-		WTAP_ENCAP_LAPB,	/* Internetwork analyzer */
-		WTAP_ENCAP_NONE,	/* type 8 not defined in Sniffer */
-		WTAP_ENCAP_FDDI,
-		WTAP_ENCAP_ATM_SNIFFER	/* ATM */
-};
-
 static int ngsniffer_read(wtap *wth, int *err);
 
 int ngsniffer_open(wtap *wth, int *err)
@@ -267,6 +251,20 @@ int ngsniffer_open(wtap *wth, int *err)
 	struct vers_rec version;
 	guint16	start_date;
 	guint16	start_time;
+	static const int sniffer_encap[] = {
+		WTAP_ENCAP_TR,
+		WTAP_ENCAP_ETHERNET,
+		WTAP_ENCAP_ARCNET,
+		WTAP_ENCAP_UNKNOWN,	/* StarLAN */
+		WTAP_ENCAP_UNKNOWN,	/* PC Network broadband */
+		WTAP_ENCAP_UNKNOWN,	/* LocalTalk */
+		WTAP_ENCAP_UNKNOWN,	/* Znet */
+		WTAP_ENCAP_LAPB,	/* Internetwork analyzer */
+		WTAP_ENCAP_UNKNOWN,	/* type 8 not defined in Sniffer */
+		WTAP_ENCAP_FDDI,
+		WTAP_ENCAP_ATM_SNIFFER	/* ATM */
+	};
+	#define NUM_NGSNIFF_ENCAPS (sizeof sniffer_encap / sizeof sniffer_encap[0])
 	struct tm tm;
 
 	/* Read in the string that should be at the start of a Sniffer file */
@@ -329,15 +327,17 @@ int ngsniffer_open(wtap *wth, int *err)
 	}
 
 	/* Check the data link type */
-	if (version.network >= NUM_NGSNIFF_ENCAPS) {
-		g_message("ngsniffer: network type %d unknown", version.network);
+	if (version.network >= NUM_NGSNIFF_ENCAPS
+	    || sniffer_encap[version.network] == WTAP_ENCAP_UNKNOWN) {
+		g_message("ngsniffer: network type %u unknown or unsupported",
+		    version.network);
 		*err = WTAP_ERR_UNSUPPORTED;
 		return -1;
 	}
 
 	/* Check the time unit */
 	if (version.timeunit >= NUM_NGSNIFF_TIMEUNITS) {
-		g_message("ngsniffer: Unknown timeunit %d", version.timeunit);
+		g_message("ngsniffer: Unknown timeunit %u", version.timeunit);
 		*err = WTAP_ERR_UNSUPPORTED;
 		return -1;
 	}
@@ -390,13 +390,13 @@ int ngsniffer_open(wtap *wth, int *err)
 static int ngsniffer_read(wtap *wth, int *err)
 {
 	int	bytes_read;
-	char record_type[2];
-	char record_length[4]; /* only 1st 2 bytes are length */
-	guint16 type, length;
+	char	record_type[2];
+	char	record_length[4]; /* only 1st 2 bytes are length */
+	guint16	type, length;
 	struct frame2_rec frame2;
 	struct frame4_rec frame4;
-	double t;
-	guint16 time_low, time_med, time_high, true_size, size;
+	double	t;
+	guint16	time_low, time_med, time_high, true_size, size;
 	int	data_offset;
 
 	for (;;) {
diff --git a/wiretap/snoop.c b/wiretap/snoop.c
index c5661049ba..eee3b242fa 100644
--- a/wiretap/snoop.c
+++ b/wiretap/snoop.c
@@ -1,6 +1,6 @@
 /* snoop.c
  *
- * $Id: snoop.c,v 1.6 1999/08/19 05:31:35 guy Exp $
+ * $Id: snoop.c,v 1.7 1999/08/22 02:29:38 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -62,16 +62,16 @@ int snoop_open(wtap *wth, int *err)
 	char magic[sizeof snoop_magic];
 	struct snoop_hdr hdr;
 	static const int snoop_encap[] = {
-		WTAP_ENCAP_NONE,	/* IEEE 802.3 */
-		WTAP_ENCAP_NONE,	/* IEEE 802.4 Token Bus */
+		WTAP_ENCAP_UNKNOWN,	/* IEEE 802.3 */
+		WTAP_ENCAP_UNKNOWN,	/* IEEE 802.4 Token Bus */
 		WTAP_ENCAP_TR,
-		WTAP_ENCAP_NONE,	/* IEEE 802.6 Metro Net */
+		WTAP_ENCAP_UNKNOWN,	/* IEEE 802.6 Metro Net */
 		WTAP_ENCAP_ETHERNET,
-		WTAP_ENCAP_NONE,	/* HDLC */
-		WTAP_ENCAP_NONE,	/* Character Synchronous */
-		WTAP_ENCAP_NONE,	/* IBM Channel-to-Channel */
+		WTAP_ENCAP_UNKNOWN,	/* HDLC */
+		WTAP_ENCAP_UNKNOWN,	/* Character Synchronous */
+		WTAP_ENCAP_UNKNOWN,	/* IBM Channel-to-Channel */
 		WTAP_ENCAP_FDDI,
-		WTAP_ENCAP_NONE		/* Other */
+		WTAP_ENCAP_UNKNOWN	/* Other */
 	};
 	#define NUM_SNOOP_ENCAPS (sizeof snoop_encap / sizeof snoop_encap[0])
 
@@ -105,13 +105,15 @@ int snoop_open(wtap *wth, int *err)
 	hdr.version = ntohl(hdr.version);
 	if (hdr.version != 2) {
 		/* We only support version 2. */
-		g_message("snoop: version %d unsupported", hdr.version);
+		g_message("snoop: version %u unsupported", hdr.version);
 		*err = WTAP_ERR_UNSUPPORTED;
 		return -1;
 	}
 	hdr.network = ntohl(hdr.network);
-	if (hdr.network >= NUM_SNOOP_ENCAPS) {
-		g_message("snoop: network type %d unknown", hdr.network);
+	if (hdr.network >= NUM_SNOOP_ENCAPS
+	    || snoop_encap[hdr.network] == WTAP_ENCAP_UNKNOWN) {
+		g_message("snoop: network type %u unknown or unsupported",
+		    hdr.network);
 		*err = WTAP_ERR_UNSUPPORTED;
 		return -1;
 	}
@@ -127,7 +129,7 @@ int snoop_open(wtap *wth, int *err)
 /* Read the next packet */
 static int snoop_read(wtap *wth, int *err)
 {
-	int	packet_size;
+	guint32	packet_size;
 	int	bytes_read;
 	struct snooprec_hdr hdr;
 	int	data_offset;
@@ -148,6 +150,16 @@ static int snoop_read(wtap *wth, int *err)
 	}
 
 	packet_size = ntohl(hdr.incl_len);
+	if (packet_size > WTAP_MAX_PACKET_SIZE) {
+		/*
+		 * Probably a corrupt capture file; don't blow up trying
+		 * to allocate space for an immensely-large packet.
+		 */
+		g_message("snoop: File has %u-byte packet, bigger than maximum of %u",
+		    packet_size, WTAP_MAX_PACKET_SIZE);
+		*err = WTAP_ERR_BAD_RECORD;
+		return -1;
+	}
 	buffer_assure_space(wth->frame_buffer, packet_size);
 	data_offset = ftell(wth->fh);
 	errno = WTAP_ERR_CANT_READ;
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 78ee772f39..fcfd0c11b1 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -1,6 +1,6 @@
 /* wtap.h
  *
- * $Id: wtap.h,v 1.30 1999/08/22 00:47:55 guy Exp $
+ * $Id: wtap.h,v 1.31 1999/08/22 02:29:38 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
@@ -27,6 +27,14 @@
 /* Encapsulation types. Choose names that truly reflect
  * what is contained in the packet trace file.
  *
+ * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
+ * "wtap_dump_fdopen()" to indicate that there is no single encapsulation
+ * type for all packets in the file; this may cause those routines to
+ * fail if the capture file format being written can't support that.
+ *
+ * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
+ * if it's handed an unknown encapsulation.
+ *
  * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
  * ATM on Linux code from <http://lrcwww.epfl.ch/linux-atm/>;
  * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
@@ -34,22 +42,24 @@
  * presumably used on some BSD systems, which we turn into
  * WTAP_ENCAP_ATM_RFC1483.
  *
- * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
- * "wtap_dump_fdopen()" to indicate that there is no single encapsulation
- * type for all packets in the file; this may cause those routines to
- * fail if the capture file format being written can't support that.
+ * WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap".  This
+ * corresponds to
  *
- * WTAP_ENCAP_NULL is the DLT_NULL some BSD systems use; at least with
- * many drivers on FreeBSD (and the loopback driver in 4.4-Lite, so
- * hopefully most BSD drivers, at least, model their DLT_NULL after it),
- * it puts a 4-byte field containing the AF_ address family value,
- * in *host* byte order, at the beginning of the packet.
+ *	1) PPP-over-HDLC encapsulation, at least with some versions
+ *	   of ISDN4BSD (but not the current ones, it appears, unless
+ *	   I've missed something);
  *
- * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
- * if it's handed an unknown encapsulation. */
-#define WTAP_ENCAP_UNKNOWN			-2
+ *	2) a 4-byte header containing the AF_ address family, in
+ *	   the byte order of the machine that saved the capture,
+ *	   for the packet, as used on many BSD systems for the
+ *	   loopback device and some other devices;
+ *
+ *	3) a 4-byte header containing 2 octets of 0 and an Ethernet
+ *	   type in the byte order from an Ethernet header, that being
+ *	   what "libpcap" on Linux turns the Ethernet header for
+ *	   loopback interfaces into. */
 #define WTAP_ENCAP_PER_PACKET			-1
-#define WTAP_ENCAP_NONE				0
+#define WTAP_ENCAP_UNKNOWN			0
 #define WTAP_ENCAP_ETHERNET			1
 #define WTAP_ENCAP_TR				2
 #define WTAP_ENCAP_SLIP				3
@@ -220,16 +230,6 @@ struct wtap_pkthdr {
 	union pseudo_header pseudo_header;
 };
 
-/*
- * Header that OpenBSD (and possibly other BSDs) DLT_ENC prepends to
- * a packet.
- */
-struct dlt_enc_hdr {
-	guint32	af;
-	guint32	spi;
-	guint32 flags;
-};
-
 typedef void (*wtap_handler)(u_char*, const struct wtap_pkthdr*,
 		int, const u_char *);