diff options
Diffstat (limited to 'epan/dissectors/packet-snort.c')
-rw-r--r-- | epan/dissectors/packet-snort.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/epan/dissectors/packet-snort.c b/epan/dissectors/packet-snort.c index 9e1d2ad88d..d868defec4 100644 --- a/epan/dissectors/packet-snort.c +++ b/epan/dissectors/packet-snort.c @@ -1144,13 +1144,13 @@ snort_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data else { /* We expect alerts from Snort. Pass frame into snort on first pass. */ if (!pinfo->fd->flags.visited && current_session.working) { - wtapng_dump_params params; int write_err = 0; gchar *err_info; wtap_rec rec; /* First time, open current_session.in to write to for dumping into snort with */ if (!current_session.pdh) { + wtap_dump_params params = WTAP_DUMP_PARAMS_INIT; int open_err; /* Older versions of Snort don't support capture file with several encapsulations (like pcapng), @@ -1164,11 +1164,10 @@ snort_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data * versions of Snort" wouldn't handle multiple encapsulation * types. */ - wtap_dump_params_init(¶ms, NULL); + params.encap = pinfo->rec->rec_header.packet_header.pkt_encap; + params.snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; current_session.pdh = wtap_dump_fdopen(current_session.in, WTAP_FILE_TYPE_SUBTYPE_PCAP, - pinfo->rec->rec_header.packet_header.pkt_encap, - WTAP_MAX_PACKET_SIZE_STANDARD, FALSE, /* compressed */ ¶ms, &open_err); |