diff options
| author | Guy Harris <guy@alum.mit.edu> | 2017-06-04 18:58:40 -0700 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2017-06-05 05:28:26 +0000 |
| commit | d0865fd619454a9ac06b1c7d287dc438aff50bb0 (patch) | |
| tree | 91efc24ec72d274b1529342041641b36939236f2 | |
| parent | 17965f57f178aa7e4027f2d363658098e2f1abb3 (diff) | |
| download | wireshark-d0865fd619454a9ac06b1c7d287dc438aff50bb0.tar.gz | |
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
84 files changed, 322 insertions, 258 deletions
diff --git a/capture_opts.c b/capture_opts.c index 4a7c8f2ac2..ef3e659850 100644 --- a/capture_opts.c +++ b/capture_opts.c @@ -58,7 +58,7 @@ capture_opts_init(capture_options *capture_opts) capture_opts->default_options.descr = NULL; capture_opts->default_options.cfilter = NULL; capture_opts->default_options.has_snaplen = FALSE; - capture_opts->default_options.snaplen = WTAP_MAX_PACKET_SIZE; + capture_opts->default_options.snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; capture_opts->default_options.linktype = -1; /* use interface default */ capture_opts->default_options.promisc_mode = TRUE; capture_opts->default_options.if_type = IF_WIRED; @@ -865,7 +865,7 @@ capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg_ * length, mirroring what tcpdump does. */ if (snaplen == 0) - snaplen = WTAP_MAX_PACKET_SIZE; + snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; if (capture_opts->ifaces->len > 0) { interface_options interface_opts; @@ -994,14 +994,14 @@ capture_opts_trim_snaplen(capture_options *capture_opts, int snaplen_min) interface_opts = g_array_index(capture_opts->ifaces, interface_options, 0); capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, 0); if (interface_opts.snaplen < 1) - interface_opts.snaplen = WTAP_MAX_PACKET_SIZE; + interface_opts.snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; else if (interface_opts.snaplen < snaplen_min) interface_opts.snaplen = snaplen_min; g_array_append_val(capture_opts->ifaces, interface_opts); } } else { if (capture_opts->default_options.snaplen < 1) - capture_opts->default_options.snaplen = WTAP_MAX_PACKET_SIZE; + capture_opts->default_options.snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; else if (capture_opts->default_options.snaplen < snaplen_min) capture_opts->default_options.snaplen = snaplen_min; } diff --git a/caputils/capture-pcap-util.c b/caputils/capture-pcap-util.c index 0f95f7827c..4da5579e3d 100644 --- a/caputils/capture-pcap-util.c +++ b/caputils/capture-pcap-util.c @@ -1213,13 +1213,13 @@ open_capture_device_pcap_open_live(interface_options *interface_opts, snaplen = interface_opts->snaplen; else { /* - * Default - use the old maximum snapshot length, which - * should be big enough (libpcap didn't get D-Bus support - * until after it goet pcap_create()/pcap_activate(), so - * we don't have D-Bus support and don't have to worry - * about really huge packets). + * Default - use the non-D-Bus maximum snapshot length of + * 256KB, which should be big enough (libpcap didn't get + * D-Bus support until after it goet pcap_create() and + * pcap_activate(), so we don't have D-Bus support and + * don't have to worry about really huge packets). */ - snaplen = 262144; + snaplen = 256*1024; } g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcap_open_live() calling using name %s, snaplen %d, promisc_mode %d.", @@ -1344,10 +1344,10 @@ open_capture_device(capture_options *capture_opts, snaplen = interface_opts->snaplen; else { /* - * Default - use the old maximum snapshot length, + * Default - use the non-D-Bus maximum snapshot length, * which should be big enough, except for D-Bus. */ - snaplen = 262144; + snaplen = 256*1024; } g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "Calling pcap_open() using name %s, snaplen %d, promisc_mode %d, datatx_udp %d, nocap_rpcap %d.", @@ -81,7 +81,6 @@ cap_file_init(capture_file *cf) { /* Initialize the capture file struct */ memset(cf, 0, sizeof(capture_file)); - cf->snap = WTAP_MAX_PACKET_SIZE; } /* @@ -87,8 +87,7 @@ typedef struct _capture_file { gboolean drops_known; /* TRUE if we know how many packets were dropped */ guint32 drops; /* Dropped packets */ nstime_t elapsed_time; /* Elapsed time */ - gboolean has_snap; /* TRUE if maximum capture packet length is known */ - int snap; /* Maximum captured packet length */ + int snap; /* Maximum captured packet length; 0 if unknown */ wtap *wth; /* Wiretap session */ dfilter_t *rfcode; /* Compiled read filter program */ dfilter_t *dfcode; /* Compiled display filter program */ @@ -295,6 +295,8 @@ typedef struct _capture_src { gboolean cap_pipe_modified; /**< TRUE if data in the pipe uses modified pcap headers */ gboolean cap_pipe_byte_swapped; /**< TRUE if data in the pipe is byte swapped */ char * cap_pipe_databuf; /**< Pointer to the data buffer we've allocated */ + size_t cap_pipe_databuf_size; /**< Current size of the data buffer */ + guint cap_pipe_max_pkt_size; /**< Maximum packet size allowed */ #if defined(_WIN32) char * cap_pipe_buf; /**< Pointer to the buffer we read into */ DWORD cap_pipe_bytes_to_read; /**< Used by cap_pipe_dispatch */ @@ -478,7 +480,11 @@ print_usage(FILE *output) " rpcap://<host>/<interface>\n" " TCP@<host>:<port>\n"); fprintf(output, " -f <capture filter> packet filter in libpcap filter syntax\n"); - fprintf(output, " -s <snaplen> packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE); +#ifdef HAVE_PCAP_CREATE + fprintf(output, " -s <snaplen> packet snapshot length (def: appropriate maximum)\n"); +#else + fprintf(output, " -s <snaplen> packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE_STANDARD); +#endif fprintf(output, " -p don't capture in promiscuous mode\n"); #ifdef HAVE_PCAP_CREATE fprintf(output, " -I capture in monitor mode, if available\n"); @@ -1677,7 +1683,14 @@ cap_pipe_open_live(char *pipename, } pcap_src->from_cap_pipe = TRUE; - pcap_src->cap_pipe_databuf = (guchar*)g_malloc(WTAP_MAX_PACKET_SIZE); + + /* + * We start with a 2KB buffer for packet data, which should be + * large enough for most regular network packets. We increase it, + * up to the maximum size we allow, as necessary. + */ + pcap_src->cap_pipe_databuf = (guchar*)g_malloc(2048); + pcap_src->cap_pipe_databuf_size = 2048; #ifdef _WIN32 if (pcap_src->from_cap_socket) @@ -1842,6 +1855,16 @@ cap_pipe_open_live(char *pipename, hdr->network = GUINT32_SWAP_LE_BE(hdr->network); } pcap_src->linktype = hdr->network; +#ifdef DLT_DBUS + if (pcap_src->linktype == DLT_DBUS) { + /* + * The maximum D-Bus message size is 128MB, so allow packets up + * to that size. + */ + pcap_src->cap_pipe_max_pkt_size = WTAP_MAX_PACKET_SIZE_DBUS; + } else +#endif + pcap_src->cap_pipe_max_pkt_size = WTAP_MAX_PACKET_SIZE_STANDARD; if (hdr->version_major < 2) { g_snprintf(errmsg, errmsgl, "Unable to read old libpcap format"); @@ -1880,6 +1903,7 @@ cap_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsg wchar_t *err_str; #endif ssize_t b; + guint new_bufsize; #ifdef LOG_CAPTURE_VERBOSE g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_dispatch"); @@ -2024,7 +2048,7 @@ cap_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsg /* We've read the header. Take care of byte order. */ cap_pipe_adjust_header(pcap_src->cap_pipe_byte_swapped, &pcap_src->cap_pipe_hdr, &pcap_src->cap_pipe_rechdr.hdr); - if (pcap_src->cap_pipe_rechdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) { + if (pcap_src->cap_pipe_rechdr.hdr.incl_len > pcap_src->cap_pipe_max_pkt_size) { g_snprintf(errmsg, errmsgl, "Frame %u too long (%d bytes)", ld->packet_count+1, pcap_src->cap_pipe_rechdr.hdr.incl_len); break; @@ -2034,6 +2058,26 @@ cap_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsg pcap_src->cap_pipe_state = STATE_EXPECT_DATA; return 0; } + + if (pcap_src->cap_pipe_rechdr.hdr.incl_len > pcap_src->cap_pipe_databuf_size) { + /* + * Grow the buffer to the packet size, rounded up to a power of + * 2. + */ + new_bufsize = pcap_src->cap_pipe_rechdr.hdr.incl_len; + /* + * http://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2 + */ + new_bufsize--; + new_bufsize |= new_bufsize >> 1; + new_bufsize |= new_bufsize >> 2; + new_bufsize |= new_bufsize >> 4; + new_bufsize |= new_bufsize >> 8; + new_bufsize |= new_bufsize >> 16; + new_bufsize++; + pcap_src->cap_pipe_databuf = (guchar*)g_realloc(pcap_src->cap_pipe_databuf, new_bufsize); + pcap_src->cap_pipe_databuf_size = new_bufsize; + } /* no data to read? */ /* FALLTHROUGH */ case PD_DATA_READ: diff --git a/epan/dissectors/packet-snort.c b/epan/dissectors/packet-snort.c index 1df1a0564f..def0941a63 100644 --- a/epan/dissectors/packet-snort.c +++ b/epan/dissectors/packet-snort.c @@ -1149,7 +1149,7 @@ snort_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data current_session.pdh = wtap_dump_fdopen(current_session.in, WTAP_FILE_TYPE_SUBTYPE_PCAP, pinfo->pkt_encap, - WTAP_MAX_PACKET_SIZE, + WTAP_MAX_PACKET_SIZE_STANDARD, FALSE, /* compressed */ &open_err); if (!current_session.pdh) { diff --git a/epan/wslua/wslua_capture_info.c b/epan/wslua/wslua_capture_info.c index 690133402b..9014552744 100644 --- a/epan/wslua/wslua_capture_info.c +++ b/epan/wslua/wslua_capture_info.c @@ -112,7 +112,7 @@ WSLUA_ATTRIBUTE_NAMED_NUMBER_SETTER(CaptureInfo,time_precision,wth->file_tsprec, /* WSLUA_ATTRIBUTE CaptureInfo_snapshot_length RW The maximum packet length that could be recorded. - Setting it to `0` means unknown. Wireshark cannot handle anything bigger than WTAP_MAX_PACKET_SIZE (262144) bytes. + Setting it to `0` means unknown. */ WSLUA_ATTRIBUTE_NAMED_NUMBER_GETTER(CaptureInfo,snapshot_length,wth->snapshot_length); WSLUA_ATTRIBUTE_NAMED_NUMBER_SETTER(CaptureInfo,snapshot_length,wth->snapshot_length,guint); @@ -342,12 +342,6 @@ cf_open(capture_file *cf, const char *fname, unsigned int type, gboolean is_temp cf->drops_known = FALSE; cf->drops = 0; cf->snap = wtap_snapshot_length(cf->wth); - if (cf->snap == 0) { - /* Snapshot length not known. */ - cf->has_snap = FALSE; - cf->snap = WTAP_MAX_PACKET_SIZE; - } else - cf->has_snap = TRUE; /* Allocate a frame_data_sequence for the frames in this file */ cf->frames = new_frame_data_sequence(); @@ -4236,12 +4230,6 @@ rescan_file(capture_file *cf, const char *fname, gboolean is_tempfile) cf->linktypes = g_array_sized_new(FALSE, FALSE, (guint) sizeof(int), 1); cf->snap = wtap_snapshot_length(cf->wth); - if (cf->snap == 0) { - /* Snapshot length not known. */ - cf->has_snap = FALSE; - cf->snap = WTAP_MAX_PACKET_SIZE; - } else - cf->has_snap = TRUE; name_ptr = g_filename_display_basename(cf->filename); diff --git a/rawshark.c b/rawshark.c index 6454ab1a78..7612207bc4 100644 --- a/rawshark.c +++ b/rawshark.c @@ -940,7 +940,7 @@ raw_pipe_read(struct wtap_pkthdr *phdr, guchar * pd, int *err, gchar **err_info, printf("caplen: %d (%04x)\n", phdr->caplen, phdr->caplen); printf("len: %d (%04x)\n", phdr->len, phdr->len); #endif - if (bytes_needed > WTAP_MAX_PACKET_SIZE) { + if (bytes_needed > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("Bad packet length: %lu\n", (unsigned long) bytes_needed); @@ -981,7 +981,7 @@ load_cap_file(capture_file *cf) epan_dissect_init(&edt, cf->epan, TRUE, FALSE); - pd = (guchar*)g_malloc(WTAP_MAX_PACKET_SIZE); + pd = (guchar*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); while (raw_pipe_read(&phdr, pd, &err, &err_info, &data_offset)) { process_packet(cf, &edt, data_offset, &phdr, pd); } @@ -1537,8 +1537,7 @@ raw_cf_open(capture_file *cf, const char *fname) cf->count = 0; cf->drops_known = FALSE; cf->drops = 0; - cf->has_snap = FALSE; - cf->snap = WTAP_MAX_PACKET_SIZE; + cf->snap = 0; nstime_set_zero(&cf->elapsed_time); ref = NULL; prev_dis = NULL; @@ -465,12 +465,6 @@ cf_open(capture_file *cf, const char *fname, unsigned int type, gboolean is_temp cf->drops_known = FALSE; cf->drops = 0; cf->snap = wtap_snapshot_length(cf->wth); - if (cf->snap == 0) { - /* Snapshot length not known. */ - cf->has_snap = FALSE; - cf->snap = WTAP_MAX_PACKET_SIZE; - } else - cf->has_snap = TRUE; nstime_set_zero(&cf->elapsed_time); ref = NULL; prev_dis = NULL; @@ -148,7 +148,6 @@ summary_fill_in(capture_file *cf, summary_tally *st) st->is_tempfile = cf->is_tempfile; st->file_encap_type = cf->lnk_t; st->packet_encap_types = cf->linktypes; - st->has_snap = cf->has_snap; st->snap = cf->snap; st->elapsed_time = nstime_to_sec(&cf->elapsed_time); st->packet_count = cf->count; @@ -179,7 +178,6 @@ summary_fill_in(capture_file *cf, summary_tally *st) iface.drops_known = FALSE; iface.drops = 0; iface.snap = wtapng_if_descr_mand->snap_len; - iface.has_snap = (iface.snap != 65535); iface.encap_type = wtapng_if_descr_mand->wtap_encap; iface.isb_comment = NULL; if(wtapng_if_descr_mand->num_stat_entries == 1){ @@ -222,7 +220,6 @@ summary_fill_in_capture(capture_file *cf,capture_options *capture_opts, summary_ iface.descr = g_strdup(device.display_name); iface.drops_known = cf->drops_known; iface.drops = cf->drops; - iface.has_snap = device.has_snaplen; iface.snap = device.snaplen; iface.encap_type = wtap_pcap_encap_to_wtap_encap(device.active_dlt); g_array_append_val(st->ifaces, iface); @@ -38,8 +38,7 @@ typedef struct iface_options_tag { char *isb_comment; guint64 drops; /**< number of packet drops */ gboolean drops_known; /**< TRUE if number of packet drops is known */ - gboolean has_snap; /**< TRUE if maximum capture packet length is known */ - int snap; /**< Maximum captured packet length */ + int snap; /**< Maximum captured packet length; 0 if not known */ int encap_type; /**< wiretap encapsulation type */ } iface_options; @@ -69,8 +68,7 @@ typedef struct _summary_tally { int iscompressed; /**< TRUE if file is compressed */ int file_encap_type; /**< wiretap encapsulation type for file */ GArray *packet_encap_types; /**< wiretap encapsulation types for packets */ - gboolean has_snap; /**< TRUE if maximum capture packet length is known */ - int snap; /**< Maximum captured packet length */ + int snap; /**< Maximum captured packet length; 0 if not known */ gboolean drops_known; /**< TRUE if number of packet drops is known */ guint64 drops; /**< number of packet drops */ const char *dfilter; /**< display filter */ diff --git a/text2pcap.c b/text2pcap.c index 87a3e90680..3bdd33748f 100644 --- a/text2pcap.c +++ b/text2pcap.c @@ -209,11 +209,11 @@ static guint32 direction = 0; /*--- Local date -----------------------------------------------------------------*/ /* This is where we store the packet currently being built */ -static guint8 packet_buf[WTAP_MAX_PACKET_SIZE]; +static guint8 packet_buf[WTAP_MAX_PACKET_SIZE_STANDARD]; static guint32 header_length; static guint32 ip_offset; static guint32 curr_offset; -static guint32 max_offset = WTAP_MAX_PACKET_SIZE; +static guint32 max_offset = WTAP_MAX_PACKET_SIZE_STANDARD; static guint32 packet_start = 0; static int start_new_packet(gboolean); @@ -460,7 +460,7 @@ write_bytes (const char bytes[], guint32 nbytes) { guint32 i; - if (curr_offset + nbytes < WTAP_MAX_PACKET_SIZE) { + if (curr_offset + nbytes < WTAP_MAX_PACKET_SIZE_STANDARD) { for (i = 0; i < nbytes; i++) { packet_buf[curr_offset] = bytes[i]; curr_offset++; @@ -1451,7 +1451,7 @@ print_usage (FILE *output) " -q generate no output at all (automatically disables -d).\n" " -n use PCAP-NG instead of PCAP as output format.\n" "", - WTAP_MAX_PACKET_SIZE); + WTAP_MAX_PACKET_SIZE_STANDARD); } /*---------------------------------------------------------------------- @@ -2101,12 +2101,6 @@ cf_open(capture_file *cf, const char *fname, unsigned int type, gboolean is_temp cf->drops_known = FALSE; cf->drops = 0; cf->snap = 0; /**** XXX - DOESN'T WORK RIGHT NOW!!!! */ - if (cf->snap == 0) { - /* Snapshot length not known. */ - cf->has_snap = FALSE; - cf->snap = 0; - } else - cf->has_snap = TRUE; nstime_set_zero(&cf->elapsed_time); ref = NULL; prev_dis = NULL; @@ -329,7 +329,11 @@ print_usage(FILE *output) fprintf(output, "Capture interface:\n"); fprintf(output, " -i <interface> name or idx of interface (def: first non-loopback)\n"); fprintf(output, " -f <capture filter> packet filter in libpcap filter syntax\n"); - fprintf(output, " -s <snaplen> packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE); +#ifdef HAVE_PCAP_CREATE + fprintf(output, " -s <snaplen> packet snapshot length (def: appropriate maximum)\n"); +#else + fprintf(output, " -s <snaplen> packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE_STANDARD); +#endif fprintf(output, " -p don't capture in promiscuous mode\n"); #ifdef HAVE_PCAP_CREATE fprintf(output, " -I capture in monitor mode, if available\n"); @@ -3010,7 +3014,7 @@ process_cap_file(capture_file *cf, char *save_file, int out_file_type, snapshot_length = wtap_snapshot_length(cf->wth); if (snapshot_length == 0) { /* Snapshot length of input file not known. */ - snapshot_length = WTAP_MAX_PACKET_SIZE; + snapshot_length = WTAP_MAX_PACKET_SIZE_STANDARD; } tshark_debug("tshark: snapshot_length = %d", snapshot_length); @@ -3958,12 +3962,6 @@ cf_open(capture_file *cf, const char *fname, unsigned int type, gboolean is_temp cf->drops_known = FALSE; cf->drops = 0; cf->snap = wtap_snapshot_length(cf->wth); - if (cf->snap == 0) { - /* Snapshot length not known. */ - cf->has_snap = FALSE; - cf->snap = WTAP_MAX_PACKET_SIZE; - } else - cf->has_snap = TRUE; nstime_set_zero(&cf->elapsed_time); ref = NULL; prev_dis = NULL; diff --git a/ui/capture_ui_utils.c b/ui/capture_ui_utils.c index 36e75b37e9..5655632d91 100644 --- a/ui/capture_ui_utils.c +++ b/ui/capture_ui_utils.c @@ -202,10 +202,10 @@ capture_dev_user_snaplen_find(const gchar *if_name, gboolean *hassnap, int *snap if (strcmp(if_tokens[i], if_name) == 0) { /* OK, this matches. */ if (*(colonp + 1) == '0') { - /* {hassnap} is false, so just set the snaplen to WTAP_MAX_PACKET_SIZE. */ + /* {hassnap} is false, so just set the snaplen to WTAP_MAX_PACKET_SIZE_STANDARD. */ found = TRUE; *hassnap = FALSE; - *snaplen = WTAP_MAX_PACKET_SIZE; + *snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } else if (*(colonp + 1) == '1') { /* {hassnap} is true, so extract {snaplen} */ if (*(colonp + 2) != '(') { diff --git a/ui/commandline.c b/ui/commandline.c index fc4be16010..b7c1ef7db4 100644 --- a/ui/commandline.c +++ b/ui/commandline.c @@ -93,7 +93,11 @@ commandline_print_usage(gboolean for_help_option) { fprintf(output, "Capture interface:\n"); fprintf(output, " -i <interface> name or idx of interface (def: first non-loopback)\n"); fprintf(output, " -f <capture filter> packet filter in libpcap filter syntax\n"); - fprintf(output, " -s <snaplen> packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE); +#ifdef HAVE_PCAP_CREATE + fprintf(output, " -s <snaplen> packet snapshot length (def: appropriate maximum)\n"); +#else + fprintf(output, " -s <snaplen> packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE_STANDARD); +#endif fprintf(output, " -p don't capture in promiscuous mode\n"); fprintf(output, " -k start capturing immediately (def: do nothing)\n"); fprintf(output, " -S update packet display when new packets are captured\n"); diff --git a/ui/gtk/capture_dlg.c b/ui/gtk/capture_dlg.c index 870d0e1623..719bcc81b9 100644 --- a/ui/gtk/capture_dlg.c +++ b/ui/gtk/capture_dlg.c @@ -2476,7 +2476,7 @@ save_options_cb(GtkWidget *win _U_, gpointer user_data _U_) if (device.snaplen < MIN_PACKET_SIZE) device.snaplen = MIN_PACKET_SIZE; } else { - device.snaplen = WTAP_MAX_PACKET_SIZE; + device.snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } filter_text = gtk_combo_box_text_get_active_text(GTK_COMBO_BOX_TEXT(filter_cm)); if (device.cfilter) @@ -2527,8 +2527,8 @@ adjust_snap_sensitivity(GtkWidget *tb _U_, gpointer parent_w _U_) gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(snap_cb))); device.has_snaplen = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(snap_cb)); if (!device.has_snaplen) { - gtk_spin_button_set_value(GTK_SPIN_BUTTON (snap_sb), WTAP_MAX_PACKET_SIZE); - device.snaplen = WTAP_MAX_PACKET_SIZE; + gtk_spin_button_set_value(GTK_SPIN_BUTTON (snap_sb), WTAP_MAX_PACKET_SIZE_STANDARD); + device.snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } g_array_insert_val(global_capture_opts.all_ifaces, marked_interface, device); } @@ -2654,7 +2654,7 @@ void options_interface_cb(GtkTreeView *view, GtkTreePath *path, GtkTreeViewColum device.monitor_mode_supported = FALSE; #endif device.has_snaplen = FALSE; - device.snaplen = WTAP_MAX_PACKET_SIZE; + device.snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; device.cfilter = NULL; #ifdef CAN_SET_CAPTURE_BUFFER_SIZE device.buffer = DEFAULT_CAPTURE_BUFFER_SIZE; @@ -2897,7 +2897,7 @@ void options_interface_cb(GtkTreeView *view, GtkTreePath *path, GtkTreeViewColum gtk_box_pack_start(GTK_BOX(snap_hb), snap_cb, FALSE, FALSE, 0); snap_adj = (GtkAdjustment *) gtk_adjustment_new((gfloat) device.snaplen, - MIN_PACKET_SIZE, WTAP_MAX_PACKET_SIZE, 1.0, 10.0, 0.0); + MIN_PACKET_SIZE, WTAP_MAX_PACKET_SIZE_STANDARD, 1.0, 10.0, 0.0); snap_sb = gtk_spin_button_new (snap_adj, 0, 0); gtk_spin_button_set_wrap (GTK_SPIN_BUTTON (snap_sb), TRUE); gtk_widget_set_size_request(snap_sb, 80, -1); @@ -2979,7 +2979,7 @@ void options_interface_cb(GtkTreeView *view, GtkTreePath *path, GtkTreeViewColum gtk_box_pack_start (GTK_BOX(buffer_size_hb), buffer_size_lb, FALSE, FALSE, 0); buffer_size_adj = (GtkAdjustment *) gtk_adjustment_new((gfloat) device.buffer, - 1, WTAP_MAX_PACKET_SIZE, 1.0, 10.0, 0.0); + 1, WTAP_MAX_PACKET_SIZE_STANDARD, 1.0, 10.0, 0.0); buffer_size_sb = gtk_spin_button_new (buffer_size_adj, 0, 0); gtk_spin_button_set_value(GTK_SPIN_BUTTON (buffer_size_sb), (gfloat) device.buffer); gtk_spin_button_set_wrap (GTK_SPIN_BUTTON (buffer_size_sb), TRUE); @@ -5752,7 +5752,7 @@ create_and_fill_model(GtkTreeView *view) device.has_snaplen = hassnap; } else { /* No preferences set yet, use default values */ - device.snaplen = WTAP_MAX_PACKET_SIZE; + device.snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; device.has_snaplen = FALSE; } diff --git a/ui/gtk/file_import_dlg.c b/ui/gtk/file_import_dlg.c index 0076fe9bde..b5745a6d7e 100644 --- a/ui/gtk/file_import_dlg.c +++ b/ui/gtk/file_import_dlg.c @@ -501,7 +501,7 @@ file_import_open(text_import_info_t *info) int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data); int_data_mand->wtap_encap = info->encapsulation; int_data_mand->time_units_per_second = 1000000; /* default microsecond resolution */ - int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE; + int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD; wtap_block_add_string_option(int_data, OPT_IDB_NAME, "Fake IF File->Import", strlen("Fake IF File->Import")); g_array_append_val(idb_inf->interface_data, int_data); @@ -1155,7 +1155,7 @@ file_import_dlg_new(void) framelen_te = gtk_entry_new(); maxsize_msg = g_strdup_printf("The maximum size of the frames to write to the import capture file (max %u)", - WTAP_MAX_PACKET_SIZE); + WTAP_MAX_PACKET_SIZE_STANDARD); gtk_widget_set_tooltip_text(framelen_te, maxsize_msg); g_free(maxsize_msg); gtk_box_pack_start(GTK_BOX(framelen_hb), framelen_te, FALSE, FALSE, 0); diff --git a/ui/gtk/gsm_map_summary.c b/ui/gtk/gsm_map_summary.c index 15fd6b9644..e3dcd57d7b 100644 --- a/ui/gtk/gsm_map_summary.c +++ b/ui/gtk/gsm_map_summary.c @@ -128,7 +128,7 @@ void gsm_map_stat_gtk_sum_cb(GtkAction *action _U_, gpointer user_data _U_) g_snprintf(string_buff, SUM_STR_MAX, "Format: %s", wtap_file_type_subtype_string(summary.file_type)); add_string_to_box(string_buff, file_box); - if (summary.has_snap) { + if (summary.snap != 0) { /* snapshot length */ g_snprintf(string_buff, SUM_STR_MAX, "Snapshot length: %u", summary.snap); add_string_to_box(string_buff, file_box); diff --git a/ui/gtk/mtp3_summary.c b/ui/gtk/mtp3_summary.c index 1917720449..7e2d4c93c3 100644 --- a/ui/gtk/mtp3_summary.c +++ b/ui/gtk/mtp3_summary.c @@ -339,7 +339,7 @@ mtp3_sum_gtk_sum_cb(GtkAction *action _U_, gpointer user_data _U_) g_snprintf(string_buff, SUM_STR_MAX, "Format: %s", (file_type ? file_type : "N/A")); add_string_to_box(string_buff, file_box); - if (summary.has_snap) { + if (summary.snap != 0) { /* snapshot length */ g_snprintf(string_buff, SUM_STR_MAX, "Snapshot length: %u", summary.snap); add_string_to_box(string_buff, file_box); diff --git a/ui/gtk/prefs_capture.c b/ui/gtk/prefs_capture.c index d12499726c..ff716c083b 100644 --- a/ui/gtk/prefs_capture.c +++ b/ui/gtk/prefs_capture.c @@ -677,7 +677,7 @@ ifopts_edit_cb(GtkWidget *w, gpointer data _U_) #ifdef CAN_SET_CAPTURE_BUFFER_SIZE renderer = gtk_cell_renderer_spin_new (); - buffer_size_adj = (GtkAdjustment *) gtk_adjustment_new(DEFAULT_CAPTURE_BUFFER_SIZE, 1, WTAP_MAX_PACKET_SIZE, 1.0, 10.0, 0.0); + buffer_size_adj = (GtkAdjustment *) gtk_adjustment_new(DEFAULT_CAPTURE_BUFFER_SIZE, 1, WTAP_MAX_PACKET_SIZE_STANDARD, 1.0, 10.0, 0.0); g_object_set(G_OBJECT(renderer), "adjustment", buffer_size_adj, NULL); column = gtk_tree_view_column_new_with_attributes ("Default buffer size (MiB)", renderer, "text", BUF_COLUMN, @@ -695,7 +695,7 @@ ifopts_edit_cb(GtkWidget *w, gpointer data _U_) gtk_tree_view_column_set_resizable(column, FALSE); /*gtk_tree_view_column_set_sizing(column, GTK_TREE_VIEW_COLUMN_FIXED);*/ renderer = gtk_cell_renderer_spin_new (); - snaplen_adj = (GtkAdjustment *) gtk_adjustment_new(WTAP_MAX_PACKET_SIZE, 1, WTAP_MAX_PACKET_SIZE, 1.0, 10.0, 0.0); + snaplen_adj = (GtkAdjustment *) gtk_adjustment_new(WTAP_MAX_PACKET_SIZE_STANDARD, 1, WTAP_MAX_PACKET_SIZE_STANDARD, 1.0, 10.0, 0.0); g_object_set(G_OBJECT(renderer), "adjustment", snaplen_adj, NULL); column = gtk_tree_view_column_new_with_attributes ("Default snap length", renderer, "text", SNAPLEN_COLUMN, @@ -834,7 +834,7 @@ ifopts_edit_cb(GtkWidget *w, gpointer data _U_) ws_gtk_grid_attach_defaults(GTK_GRID(main_grid), if_buffersize_lb, 0, row, 1, 1); gtk_misc_set_alignment(GTK_MISC(if_buffersize_lb), 1.0f, 0.5f); gtk_widget_show(if_buffersize_lb); - buffer_size_adj = (GtkAdjustment *) gtk_adjustment_new(DEFAULT_CAPTURE_BUFFER_SIZE, 1, WTAP_MAX_PACKET_SIZE, 1.0, 10.0, 0.0); + buffer_size_adj = (GtkAdjustment *) gtk_adjustment_new(DEFAULT_CAPTURE_BUFFER_SIZE, 1, WTAP_MAX_PACKET_SIZE_STANDARD, 1.0, 10.0, 0.0); if_buffersize_cb = gtk_spin_button_new (buffer_size_adj, 0, 0); g_signal_connect(if_buffersize_cb, "value-changed", G_CALLBACK(ifopts_edit_buffersize_changed_cb), cur_list); @@ -852,7 +852,7 @@ ifopts_edit_cb(GtkWidget *w, gpointer data _U_) cur_list); ws_gtk_grid_attach_defaults(GTK_GRID(main_grid), if_snaplen_tg, 2, row, 1, 1); gtk_widget_show(if_snaplen_tg); - snaplen_adj = (GtkAdjustment *) gtk_adjustment_new(WTAP_MAX_PACKET_SIZE, 1, WTAP_MAX_PACKET_SIZE, 1.0, 10.0, 0.0); + snaplen_adj = (GtkAdjustment *) gtk_adjustment_new(WTAP_MAX_PACKET_SIZE_STANDARD, 1, WTAP_MAX_PACKET_SIZE_STANDARD, 1.0, 10.0, 0.0); if_snaplen_cb = gtk_spin_button_new (snaplen_adj, 0, 0); g_signal_connect(if_snaplen_cb, "value-changed", G_CALLBACK(ifopts_edit_snaplen_changed_cb), cur_list); @@ -1449,7 +1449,7 @@ ifopts_edit_snaplen_changed_cb(GtkSpinButton *sb _U_, gpointer udata _U_) /* get current description text and set value in list_store for currently selected interface */ snaplen = gtk_spin_button_get_value_as_int(GTK_SPIN_BUTTON(sb)); - if (snaplen != WTAP_MAX_PACKET_SIZE) { + if (snaplen != WTAP_MAX_PACKET_SIZE_STANDARD) { hassnap = TRUE; } else { hassnap = FALSE; @@ -1656,7 +1656,7 @@ ifopts_options_add(GtkListStore *list_store, if_info_t *if_info) #endif if (!capture_dev_user_snaplen_find(if_info->name, &hassnap, &snaplen)) { - snaplen = WTAP_MAX_PACKET_SIZE; + snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; hassnap = FALSE; } @@ -2007,7 +2007,7 @@ ifopts_write_new_snaplen(void) * create/cat interface snap length to new string * (leave space for parens, comma and terminator) */ - tmp_snaplen = g_strdup_printf("%s:%d(%d)", ifnm, hassnap, (hassnap?snaplen:WTAP_MAX_PACKET_SIZE)); + tmp_snaplen = g_strdup_printf("%s:%d(%d)", ifnm, hassnap, (hassnap?snaplen:WTAP_MAX_PACKET_SIZE_STANDARD)); g_strlcat(new_snaplen, tmp_snaplen, MAX_VAL_LEN); g_free(tmp_snaplen); g_free(ifnm); diff --git a/ui/gtk/summary_dlg.c b/ui/gtk/summary_dlg.c index 41946ca9ea..e219f6648f 100644 --- a/ui/gtk/summary_dlg.c +++ b/ui/gtk/summary_dlg.c @@ -268,7 +268,7 @@ summary_open_cb(GtkWidget *w _U_, gpointer d _U_) g_snprintf(string_buff, SUM_STR_MAX, "%s", wtap_encap_string(summary.file_encap_type)); add_string_to_grid(grid, &row, "Encapsulation:", string_buff); } - if (summary.has_snap) { + if (summary.snap != 0) { /* snapshot length */ g_snprintf(string_buff, SUM_STR_MAX, "%u bytes", summary.snap); add_string_to_grid(grid, &row, "Packet size limit:", string_buff); @@ -708,7 +708,7 @@ summary_to_texbuff(GtkTextBuffer *buffer) g_snprintf(string_buff, SUM_STR_MAX, INDENT "Encapsulation: %s\n", wtap_encap_string(summary.file_encap_type)); gtk_text_buffer_insert_at_cursor (buffer, string_buff, -1); } - if (summary.has_snap) { + if (summary.snap != 0) { /* snapshot length */ g_snprintf(string_buff, SUM_STR_MAX, INDENT "Packet size limit: %u bytes\n", summary.snap); gtk_text_buffer_insert_at_cursor (buffer, string_buff, -1); diff --git a/ui/qt/capture_file_properties_dialog.cpp b/ui/qt/capture_file_properties_dialog.cpp index 0cf0404fd0..dd53edfd32 100644 --- a/ui/qt/capture_file_properties_dialog.cpp +++ b/ui/qt/capture_file_properties_dialog.cpp @@ -192,7 +192,7 @@ QString CaptureFilePropertiesDialog::summaryToHtml() << table_data_tmpl.arg(encaps_str) << table_row_end; - if (summary.has_snap) { + if (summary.snap != 0) { out << table_row_begin << table_vheader_tmpl.arg(tr("Snapshot length")) << table_data_tmpl.arg(summary.snap) diff --git a/ui/qt/capture_interfaces_dialog.cpp b/ui/qt/capture_interfaces_dialog.cpp index 3148e4fccc..d2969c0df7 100644 --- a/ui/qt/capture_interfaces_dialog.cpp +++ b/ui/qt/capture_interfaces_dialog.cpp @@ -704,10 +704,10 @@ void CaptureInterfacesDialog::updateInterfaces() if (capture_dev_user_snaplen_find(device->name, &hassnap, &snaplen)) { /* Default snap length set in preferences */ device->snaplen = snaplen; - device->has_snaplen = snaplen == WTAP_MAX_PACKET_SIZE ? FALSE : hassnap; + device->has_snaplen = snaplen == WTAP_MAX_PACKET_SIZE_STANDARD ? FALSE : hassnap; } else { /* No preferences set yet, use default values */ - device->snaplen = WTAP_MAX_PACKET_SIZE; + device->snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; device->has_snaplen = FALSE; } @@ -1009,7 +1009,7 @@ bool CaptureInterfacesDialog::saveOptionsToPreferences() snaplen_list << QString("%1:%2(%3)") .arg(device->name) .arg(device->has_snaplen) - .arg(device->has_snaplen ? device->snaplen : WTAP_MAX_PACKET_SIZE); + .arg(device->has_snaplen ? device->snaplen : WTAP_MAX_PACKET_SIZE_STANDARD); } g_free(prefs.capture_devices_snaplen); prefs.capture_devices_snaplen = qstring_strdup(snaplen_list.join(",")); @@ -1197,7 +1197,7 @@ QWidget* InterfaceTreeDelegate::createEditor(QWidget *parent, const QStyleOption #ifdef SHOW_BUFFER_COLUMN gint buffer = DEFAULT_CAPTURE_BUFFER_SIZE; #endif - guint snap = WTAP_MAX_PACKET_SIZE; + guint snap = WTAP_MAX_PACKET_SIZE_STANDARD; GList *links = NULL; if (idx.column() > 1 && idx.data().toString().compare(UTF8_EM_DASH)) { @@ -1247,7 +1247,7 @@ QWidget* InterfaceTreeDelegate::createEditor(QWidget *parent, const QStyleOption case col_snaplen_: { QSpinBox *sb = new QSpinBox(parent); - sb->setRange(1, WTAP_MAX_PACKET_SIZE); + sb->setRange(1, WTAP_MAX_PACKET_SIZE_STANDARD); sb->setValue(snap); sb->setWrapping(true); connect(sb, SIGNAL(valueChanged(int)), this, SLOT(snapshotLengthChanged(int))); @@ -1258,7 +1258,7 @@ QWidget* InterfaceTreeDelegate::createEditor(QWidget *parent, const QStyleOption case col_buffer_: { QSpinBox *sb = new QSpinBox(parent); - sb->setRange(1, WTAP_MAX_PACKET_SIZE); + sb->setRange(1, WTAP_MAX_PACKET_SIZE_STANDARD); sb->setValue(buffer); sb->setWrapping(true); connect(sb, SIGNAL(valueChanged(int)), this, SLOT(bufferSizeChanged(int))); @@ -1332,12 +1332,12 @@ void InterfaceTreeDelegate::snapshotLengthChanged(int value) if (!device) { return; } - if (value != WTAP_MAX_PACKET_SIZE) { + if (value != WTAP_MAX_PACKET_SIZE_STANDARD) { device->has_snaplen = true; device->snaplen = value; } else { device->has_snaplen = false; - device->snaplen = WTAP_MAX_PACKET_SIZE; + device->snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } } diff --git a/ui/qt/compiled_filter_output.cpp b/ui/qt/compiled_filter_output.cpp index ca718259a4..fda2332a33 100644 --- a/ui/qt/compiled_filter_output.cpp +++ b/ui/qt/compiled_filter_output.cpp @@ -88,7 +88,7 @@ void CompiledFilterOutput::compileFilter() if (interfaces.compare(device.display_name)) { continue; } else { - pcap_t *pd = pcap_open_dead(device.active_dlt, WTAP_MAX_PACKET_SIZE); + pcap_t *pd = pcap_open_dead(device.active_dlt, WTAP_MAX_PACKET_SIZE_STANDARD); if (pd == NULL) break; g_mutex_lock(pcap_compile_mtx); diff --git a/ui/qt/gsm_map_summary_dialog.cpp b/ui/qt/gsm_map_summary_dialog.cpp index 4b8c50747d..a13b116047 100644 --- a/ui/qt/gsm_map_summary_dialog.cpp +++ b/ui/qt/gsm_map_summary_dialog.cpp @@ -128,7 +128,7 @@ QString GsmMapSummaryDialog::summaryToHtml() << table_data_tmpl.arg(format_str) << table_row_end; - if (summary.has_snap) { + if (summary.snap != 0) { out << table_row_begin << table_vheader_tmpl.arg(tr("Snapshot length")) << table_data_tmpl.arg(summary.snap) diff --git a/ui/qt/interface_tree_cache_model.cpp b/ui/qt/interface_tree_cache_model.cpp index e89e266868..5447f80332 100644 --- a/ui/qt/interface_tree_cache_model.cpp +++ b/ui/qt/interface_tree_cache_model.cpp @@ -210,7 +210,7 @@ void InterfaceTreeCacheModel::save() else if ( col == IFTREE_COL_SNAPLEN ) { int iVal = saveValue.toInt(); - if ( iVal != WTAP_MAX_PACKET_SIZE ) + if ( iVal != WTAP_MAX_PACKET_SIZE_STANDARD ) { device.has_snaplen = true; device.snaplen = iVal; @@ -218,7 +218,7 @@ void InterfaceTreeCacheModel::save() else { device.has_snaplen = false; - device.snaplen = WTAP_MAX_PACKET_SIZE; + device.snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } } #ifdef CAN_SET_CAPTURE_BUFFER_SIZE @@ -270,7 +270,7 @@ void InterfaceTreeCacheModel::save() prefStorage[&prefs.capture_devices_snaplen] << QString("%1:%2(%3)").arg(device.name). arg(device.has_snaplen ? 1 : 0). - arg(device.has_snaplen ? value : WTAP_MAX_PACKET_SIZE); + arg(device.has_snaplen ? value : WTAP_MAX_PACKET_SIZE_STANDARD); } #ifdef CAN_SET_CAPTURE_BUFFER_SIZE diff --git a/ui/qt/mtp3_summary_dialog.cpp b/ui/qt/mtp3_summary_dialog.cpp index 62fcc7107c..3affcc94b2 100644 --- a/ui/qt/mtp3_summary_dialog.cpp +++ b/ui/qt/mtp3_summary_dialog.cpp @@ -133,7 +133,7 @@ QString Mtp3SummaryDialog::summaryToHtml() << table_data_tmpl.arg(format_str) << table_row_end; - if (summary.has_snap) { + if (summary.snap != 0) { out << table_row_begin << table_vheader_tmpl.arg(tr("Snapshot length")) << table_data_tmpl.arg(summary.snap) diff --git a/ui/tap_export_pdu.c b/ui/tap_export_pdu.c index 76e4326ab3..3624e88c42 100644 --- a/ui/tap_export_pdu.c +++ b/ui/tap_export_pdu.c @@ -146,7 +146,7 @@ exp_pdu_open(exp_pdu_t *exp_pdu_tap_data, int fd, char *comment) int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data); int_data_mand->wtap_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU; int_data_mand->time_units_per_second = 1000000000; /* default nanosecond resolution */ - int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE; + int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD; wtap_block_add_string_option(int_data, OPT_IDB_NAME, "Fake IF, PDU->Export", strlen("Fake IF, PDU->Export")); wtap_block_add_uint8_option(int_data, OPT_IDB_TSRESOL, 9); @@ -156,7 +156,7 @@ exp_pdu_open(exp_pdu_t *exp_pdu_tap_data, int fd, char *comment) g_array_append_val(shb_hdrs, shb_hdr); /* Use a random name for the temporary import buffer */ - exp_pdu_tap_data->wdh = wtap_dump_fdopen_ng(fd, WTAP_FILE_TYPE_SUBTYPE_PCAPNG, WTAP_ENCAP_WIRESHARK_UPPER_PDU, WTAP_MAX_PACKET_SIZE, FALSE, + exp_pdu_tap_data->wdh = wtap_dump_fdopen_ng(fd, WTAP_FILE_TYPE_SUBTYPE_PCAPNG, WTAP_ENCAP_WIRESHARK_UPPER_PDU, WTAP_MAX_PACKET_SIZE_STANDARD, FALSE, shb_hdrs, idb_inf, NULL, &err); if (exp_pdu_tap_data->wdh == NULL) { g_assert(err != 0); diff --git a/ui/text_import.h b/ui/text_import.h index 46f619421c..71ee2a2948 100644 --- a/ui/text_import.h +++ b/ui/text_import.h @@ -37,7 +37,7 @@ extern "C" { #endif /* __cplusplus */ -#define IMPORT_MAX_PACKET WTAP_MAX_PACKET_SIZE +#define IMPORT_MAX_PACKET WTAP_MAX_PACKET_SIZE_STANDARD /* The parameter interface */ diff --git a/wiretap/5views.c b/wiretap/5views.c index 3ee32d17e9..349293be11 100644 --- a/wiretap/5views.c +++ b/wiretap/5views.c @@ -215,14 +215,14 @@ _5views_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) return FALSE; } while (1); - if (wth->phdr.caplen > WTAP_MAX_PACKET_SIZE) { + if (wth->phdr.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("5views: File has %u-byte packet, bigger than maximum of %u", - wth->phdr.caplen, WTAP_MAX_PACKET_SIZE); + wth->phdr.caplen, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -361,7 +361,7 @@ static gboolean _5views_dump(wtap_dumper *wdh, } /* Don't write out something bigger than we can read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/aethra.c b/wiretap/aethra.c index beff703bf4..d7f50fcd84 100644 --- a/wiretap/aethra.c +++ b/wiretap/aethra.c @@ -313,7 +313,7 @@ aethra_read_rec_header(wtap *wth, FILE_T fh, struct aethrarec_hdr *hdr, (unsigned int)(sizeof *hdr - sizeof hdr->rec_size)); return FALSE; } - if (rec_size > WTAP_MAX_PACKET_SIZE) { + if (rec_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -321,7 +321,7 @@ aethra_read_rec_header(wtap *wth, FILE_T fh, struct aethrarec_hdr *hdr, */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("aethra: File has %u-byte packet, bigger than maximum of %u", - rec_size, WTAP_MAX_PACKET_SIZE); + rec_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/ascendtext.h b/wiretap/ascendtext.h index 208f8b4ff7..a2afb3430d 100644 --- a/wiretap/ascendtext.h +++ b/wiretap/ascendtext.h @@ -24,7 +24,7 @@ #include <glib.h> /* - * ASCEND_MAX_PKT_LEN is < WTAP_MAX_PACKET_SIZE, so we don't need to + * ASCEND_MAX_PKT_LEN is < WTAP_MAX_PACKET_SIZE_STANDARD, so we don't need to * check the packet length. */ #define ASCEND_MAX_DATA_ROWS 8 diff --git a/wiretap/btsnoop.c b/wiretap/btsnoop.c index 998c9589b8..331beba75f 100644 --- a/wiretap/btsnoop.c +++ b/wiretap/btsnoop.c @@ -183,14 +183,14 @@ static gboolean btsnoop_read_record(wtap *wth, FILE_T fh, packet_size = g_ntohl(hdr.incl_len); orig_size = g_ntohl(hdr.orig_len); flags = g_ntohl(hdr.flags); - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("btsnoop: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -326,7 +326,7 @@ static gboolean btsnoop_dump_h1(wtap_dumper *wdh, * Don't write out anything bigger than we can read. * (This will also fail on a caplen of 0, as it should.) */ - if (phdr->caplen-1 > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen-1 > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } @@ -368,7 +368,7 @@ static gboolean btsnoop_dump_h4(wtap_dumper *wdh, } /* Don't write out anything bigger than we can read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/camins.c b/wiretap/camins.c index b52a0ae292..65dda8d2f2 100644 --- a/wiretap/camins.c +++ b/wiretap/camins.c @@ -317,7 +317,7 @@ camins_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, /* * The maximum value of length is 65535, which, even after * DVB_CI_PSEUDO_HDR_LEN is added to it, is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/capsa.c b/wiretap/capsa.c index 1d65c1c33b..f18e0c51bb 100644 --- a/wiretap/capsa.c +++ b/wiretap/capsa.c @@ -371,24 +371,24 @@ capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, *err = WTAP_ERR_INTERNAL; return -1; } - if (orig_size > WTAP_MAX_PACKET_SIZE) { + if (orig_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("capsa: File has %u-byte original length, bigger than maximum of %u", - orig_size, WTAP_MAX_PACKET_SIZE); + orig_size, WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("capsa: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } if (header_size + packet_size > rec_size) { diff --git a/wiretap/catapult_dct2000.c b/wiretap/catapult_dct2000.c index 4264f2ae72..04013d5a6e 100644 --- a/wiretap/catapult_dct2000.c +++ b/wiretap/catapult_dct2000.c @@ -1329,7 +1329,7 @@ process_parsed_line(wtap *wth, dct2000_file_externals_t *file_externals, 1 + /* direction */ 1 + /* encap */ (is_comment ? data_chars : (data_chars/2)); - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -1337,7 +1337,7 @@ process_parsed_line(wtap *wth, dct2000_file_externals_t *file_externals, */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("catapult dct2000: File has %u-byte packet, bigger than maximum of %u", - phdr->caplen, WTAP_MAX_PACKET_SIZE); + phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } phdr->len = phdr->caplen; diff --git a/wiretap/commview.c b/wiretap/commview.c index e6dbd8101f..77d3a6121e 100644 --- a/wiretap/commview.c +++ b/wiretap/commview.c @@ -148,7 +148,7 @@ commview_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, return FALSE; /* * The maximum value of cv_hdr.data_len is 65535, which is less - * than WTAP_MAX_PACKET_SIZE will ever be, so we don't need to + * than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to * check it. */ diff --git a/wiretap/cosine.c b/wiretap/cosine.c index c7f5952294..b7a23b3143 100644 --- a/wiretap/cosine.c +++ b/wiretap/cosine.c @@ -373,14 +373,14 @@ parse_cosine_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, *err_info = g_strdup("cosine: packet header has a negative packet length"); return FALSE; } - if (pkt_len > WTAP_MAX_PACKET_SIZE) { + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("cosine: File has %u-byte packet, bigger than maximum of %u", - pkt_len, WTAP_MAX_PACKET_SIZE); + pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/csids.c b/wiretap/csids.c index 3f4b3eefcc..2d44a10c93 100644 --- a/wiretap/csids.c +++ b/wiretap/csids.c @@ -181,7 +181,7 @@ csids_read_packet(FILE_T fh, csids_t *csids, struct wtap_pkthdr *phdr, hdr.caplen = pntoh16(&hdr.caplen); /* * The maximum value of hdr.caplen is 65535, which is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/daintree-sna.c b/wiretap/daintree-sna.c index 3deca1dff7..b1016fa072 100644 --- a/wiretap/daintree-sna.c +++ b/wiretap/daintree-sna.c @@ -194,7 +194,7 @@ daintree_sna_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, phdr->ts.nsecs = useconds * 1000; /* convert mS to nS */ /* - * READDATA_BUF_SIZE is < WTAP_MAX_PACKET_SIZE, and is the maximum + * READDATA_BUF_SIZE is < WTAP_MAX_PACKET_SIZE_STANDARD, and is the maximum * number of bytes of packet data we can generate, so we don't * need to check the packet length. */ diff --git a/wiretap/dbs-etherwatch.c b/wiretap/dbs-etherwatch.c index 5c6933ab60..301ff90ebd 100644 --- a/wiretap/dbs-etherwatch.c +++ b/wiretap/dbs-etherwatch.c @@ -449,7 +449,7 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf, phdr->caplen = eth_hdr_len + pkt_len; phdr->len = eth_hdr_len + pkt_len; - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -457,7 +457,7 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf, */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("dbs_etherwatch: File has %u-byte packet, bigger than maximum of %u", - phdr->caplen, WTAP_MAX_PACKET_SIZE); + phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/erf.c b/wiretap/erf.c index 7b1fe9d5ff..702420b55d 100644 --- a/wiretap/erf.c +++ b/wiretap/erf.c @@ -278,7 +278,7 @@ extern wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info) } packet_size = rlen - (guint32)sizeof(header); - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file or a file that's not an ERF file * but that passed earlier tests. @@ -373,7 +373,7 @@ extern wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info) break; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file or a file that's not an ERF file * but that passed earlier tests. @@ -506,14 +506,14 @@ static gboolean erf_read_header(wtap *wth, FILE_T fh, *packet_size = g_ntohs(erf_header->rlen) - (guint32)sizeof(*erf_header); - if (*packet_size > WTAP_MAX_PACKET_SIZE) { + if (*packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("erf: File has %u-byte packet, bigger than maximum of %u", - *packet_size, WTAP_MAX_PACKET_SIZE); + *packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -691,14 +691,14 @@ static gboolean erf_read_header(wtap *wth, FILE_T fh, g_ntohs(erf_header->rlen) - (guint32)sizeof(*erf_header) - skiplen ); } - if (*packet_size > WTAP_MAX_PACKET_SIZE) { + if (*packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("erf: File has %u-byte packet, bigger than maximum of %u", - *packet_size, WTAP_MAX_PACKET_SIZE); + *packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -808,7 +808,7 @@ static gboolean erf_dump( guint32 crc32 = 0x00000000; /* Don't write anything bigger than we're willing to read. */ - if(phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if(phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/eyesdn.c b/wiretap/eyesdn.c index c545373ffe..4a592714fb 100644 --- a/wiretap/eyesdn.c +++ b/wiretap/eyesdn.c @@ -300,10 +300,10 @@ read_eyesdn_rec(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, break; } - if(pkt_len > WTAP_MAX_PACKET_SIZE) { + if(pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("eyesdn: File has %u-byte packet, bigger than maximum of %u", - pkt_len, WTAP_MAX_PACKET_SIZE); + pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/file_access.c b/wiretap/file_access.c index 91fcf718b0..3700a9fb44 100644 --- a/wiretap/file_access.c +++ b/wiretap/file_access.c @@ -2228,6 +2228,25 @@ wtap_dump_init_dumper(int file_type_subtype, int encap, int snaplen, gboolean co descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(descr); descr_mand->wtap_encap = encap; descr_mand->time_units_per_second = 1000000; /* default microsecond resolution */ + if (snaplen == 0) { + /* + * No snapshot length was specified. Pick an + * appropriate snapshot length for this + * link-layer type. + * + * We use WTAP_MAX_PACKET_SIZE_STANDARD for everything except + * D-Bus, which has a maximum packet size of 128MB, + * which is more than we want to put into files + * with other link-layer header types, as that + * might cause some software reading those files + * to allocate an unnecessarily huge chunk of + * memory for a packet buffer. + */ + if (encap == WTAP_ENCAP_DBUS) + snaplen = 128*1024*1024; + else + snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; + } descr_mand->snap_len = snaplen; descr_mand->num_stat_entries = 0; /* Number of ISB:s */ descr_mand->interface_statistics = NULL; diff --git a/wiretap/hcidump.c b/wiretap/hcidump.c index 3e7ee66272..d89b8359c4 100644 --- a/wiretap/hcidump.c +++ b/wiretap/hcidump.c @@ -43,14 +43,14 @@ static gboolean hcidump_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, return FALSE; packet_size = GUINT16_FROM_LE(dh.len); - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("hcidump: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/i4btrace.c b/wiretap/i4btrace.c index 69d2788f54..106ef647a5 100644 --- a/wiretap/i4btrace.c +++ b/wiretap/i4btrace.c @@ -164,14 +164,14 @@ i4b_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, return FALSE; } length = hdr.length - (guint32)sizeof(hdr); - if (length > WTAP_MAX_PACKET_SIZE) { + if (length > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("i4btrace: File has %u-byte packet, bigger than maximum of %u", - length, WTAP_MAX_PACKET_SIZE); + length, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/ipfix.c b/wiretap/ipfix.c index 64f38764c9..75987b54b8 100644 --- a/wiretap/ipfix.c +++ b/wiretap/ipfix.c @@ -161,7 +161,7 @@ ipfix_read_message(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, g return FALSE; /* * The maximum value of msg_hdr.message_length is 65535, which is - * less than WTAP_MAX_PACKET_SIZE will ever be, so we don't need + * less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need * to check it. */ diff --git a/wiretap/iptrace.c b/wiretap/iptrace.c index bfa278b3f5..cba013b06b 100644 --- a/wiretap/iptrace.c +++ b/wiretap/iptrace.c @@ -181,14 +181,14 @@ iptrace_read_rec_1_0(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, if (!wtap_read_bytes(fh, NULL, 3, err, err_info)) return FALSE; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -374,14 +374,14 @@ iptrace_read_rec_2_0(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, if (!wtap_read_bytes(fh, NULL, 3, err, err_info)) return FALSE; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/iseries.c b/wiretap/iseries.c index aec989203d..c14b1eddc5 100644 --- a/wiretap/iseries.c +++ b/wiretap/iseries.c @@ -720,7 +720,7 @@ iseries_parse_packet (wtap * wth, FILE_T fh, struct wtap_pkthdr *phdr, * Check the length first, just in case it's *so* big that, after * adding the Ethernet header length, it overflows. */ - if (pkt_len > WTAP_MAX_PACKET_SIZE - 14) + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD - 14) { /* * Probably a corrupt capture file; don't blow up trying @@ -732,7 +732,7 @@ iseries_parse_packet (wtap * wth, FILE_T fh, struct wtap_pkthdr *phdr, *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("iseries: File has %" G_GUINT64_FORMAT "-byte packet, bigger than maximum of %u", (guint64)pkt_len + 14, - WTAP_MAX_PACKET_SIZE); + WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } pkt_len += 14; diff --git a/wiretap/k12.c b/wiretap/k12.c index 5196a0e1a6..6191f1c9ba 100644 --- a/wiretap/k12.c +++ b/wiretap/k12.c @@ -486,7 +486,7 @@ static gint get_record(k12_t *file_data, FILE_T fh, gint64 file_offset, * Record length must be at least large enough for the length * and type, hence 8 bytes. * - * XXX - is WTAP_MAX_PACKET_SIZE the right check for a maximum + * XXX - is WTAP_MAX_PACKET_SIZE_STANDARD the right check for a maximum * record size? Should we report this error differently? */ if (left < 8) { @@ -494,9 +494,9 @@ static gint get_record(k12_t *file_data, FILE_T fh, gint64 file_offset, *err_info = g_strdup_printf("k12: Record length %u is less than 8 bytes long",left); return -1; } - if (left > WTAP_MAX_PACKET_SIZE) { + if (left > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup_printf("k12: Record length %u is greater than the maximum %u",left,WTAP_MAX_PACKET_SIZE); + *err_info = g_strdup_printf("k12: Record length %u is greater than the maximum %u",left,WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } diff --git a/wiretap/k12text.l b/wiretap/k12text.l index 8b7a1572be..8e8cdca171 100644 --- a/wiretap/k12text.l +++ b/wiretap/k12text.l @@ -145,7 +145,7 @@ typedef struct { #define SET_SECONDS(text) yyextra->g_s = (guint) strtoul(text,NULL,10) #define SET_MS(text) yyextra->g_ms = (guint) strtoul(text,NULL,10) #define SET_NS(text) yyextra->g_ns = (guint) strtoul(text,NULL,10) -#define ADD_BYTE(text) do {if (yyextra->ii >= WTAP_MAX_PACKET_SIZE) {KERROR("frame too large");} yyextra->bb[yyextra->ii++] = (guint8)strtoul(text,NULL,16); } while(0) +#define ADD_BYTE(text) do {if (yyextra->ii >= WTAP_MAX_PACKET_SIZE_STANDARD) {KERROR("frame too large");} yyextra->bb[yyextra->ii++] = (guint8)strtoul(text,NULL,16); } while(0) #define FINALIZE_FRAME() do { yyextra->ok_frame = TRUE; } while (0) /*~ #define ECHO*/ #define YY_USER_ACTION yyextra->file_bytes_read += yyleng; @@ -359,7 +359,7 @@ k12text_read(wtap *wth, int *err, char ** err_info, gint64 *data_offset) if ( file_seek(wth->fh, k12text->next_frame_offset, SEEK_SET, err) == -1) { return FALSE; } - state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE); + state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); if (!k12text_run_scanner(&state, wth->fh, NEXT_FRAME, err, err_info)) { g_free(state.bb); @@ -400,7 +400,7 @@ k12text_seek_read(wtap *wth, gint64 seek_off, struct wtap_pkthdr *phdr, Buffer * if ( file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) { return FALSE; } - state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE); + state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); if (!k12text_run_scanner(&state, wth->random_fh, NEXT_FRAME, err, err_info)) { return FALSE; @@ -435,7 +435,7 @@ k12text_open(wtap *wth, int *err, gchar **err_info _U_) k12text_t *k12text; k12text_state_t state; - state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE); + state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); if (!k12text_run_scanner(&state, wth->fh, MAGIC, err, err_info)) { g_free(state.bb); return WTAP_OPEN_ERROR; @@ -494,7 +494,7 @@ k12text_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr, struct tm *tmp; /* Don't write anything bigger than we're willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/lanalyzer.c b/wiretap/lanalyzer.c index e18604246e..71d78e4faa 100644 --- a/wiretap/lanalyzer.c +++ b/wiretap/lanalyzer.c @@ -488,7 +488,7 @@ static gboolean lanalyzer_read_trace_record(wtap *wth, FILE_T fh, packet_size = pletoh16(&descriptor[6]); /* * The maximum value of packet_size is 65535, which is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index 3d98ff0cbb..c0b90cc5cb 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -558,7 +558,7 @@ static int libpcap_try_header(wtap *wth, FILE_T fh, int *err, gchar **err_info, ret++; break; } - if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) { + if (hdr->hdr.incl_len > wtap_max_snaplen_for_encap(wth->file_encap)) { /* * Probably either a corrupt capture file or a file * of a type different from the one we're trying. @@ -566,18 +566,19 @@ static int libpcap_try_header(wtap *wth, FILE_T fh, int *err, gchar **err_info, ret++; } - if (hdr->hdr.orig_len > 64*1024*1024) { + if (hdr->hdr.orig_len > 128*1024*1024) { /* * In theory I guess the on-the-wire packet size can be * arbitrarily large, and it can certainly be larger than the * maximum snapshot length which bounds the snapshot size, - * but any file claiming 64MB in a single packet is *probably* + * but any file claiming 128MB in a single packet is *probably* * corrupt, and treating them as such makes the heuristics * much more reliable. See, for example, * * https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9634 * - * (64MB is an arbitrary size at this point). + * (128MB is an arbitrary size at this point, chosen to be + * large enough for the largest D-Bus packet). */ ret++; } @@ -652,7 +653,7 @@ libpcap_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, if (!libpcap_read_header(wth, fh, err, err_info, &hdr)) return FALSE; - if (hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) { + if (hdr.hdr.incl_len > wtap_max_snaplen_for_encap(wth->file_encap)) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -661,7 +662,8 @@ libpcap_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, *err = WTAP_ERR_BAD_FILE; if (err_info != NULL) { *err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u", - hdr.hdr.incl_len, WTAP_MAX_PACKET_SIZE); + hdr.hdr.incl_len, + wtap_max_snaplen_for_encap(wth->file_encap)); } return FALSE; } @@ -874,10 +876,11 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err) * * A snapshot length of 0, inside Wiretap, means "snapshot length * unknown"; if the snapshot length supplied to us is 0, we make - * the snapshot length in the header file WTAP_MAX_PACKET_SIZE. + * the snapshot length in the header file the maximum for the + * link-layer type we'll be writing. */ - file_hdr.snaplen = (wdh->snaplen != 0) ? wdh->snaplen : - WTAP_MAX_PACKET_SIZE; + file_hdr.snaplen = (wdh->snaplen != 0) ? (guint)wdh->snaplen : + wtap_max_snaplen_for_encap(wdh->encap); file_hdr.network = wtap_wtap_encap_to_pcap_encap(wdh->encap); if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err)) return FALSE; @@ -905,8 +908,11 @@ static gboolean libpcap_dump(wtap_dumper *wdh, return FALSE; } - /* Don't write anything we're not willing to read. */ - if (phdr->caplen + phdrsize > WTAP_MAX_PACKET_SIZE) { + /* + * Don't write anything we're not willing to read. + * (The cast is to prevent an overflow.) + */ + if ((guint64)phdr->caplen + phdrsize > wtap_max_snaplen_for_encap(wdh->encap)) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } @@ -914,11 +920,6 @@ static gboolean libpcap_dump(wtap_dumper *wdh, rec_hdr.hdr.incl_len = phdr->caplen + phdrsize; rec_hdr.hdr.orig_len = phdr->len + phdrsize; - if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) { - *err = WTAP_ERR_BAD_FILE; - return FALSE; - } - switch (wdh->file_type_subtype) { case WTAP_FILE_TYPE_SUBTYPE_PCAP: diff --git a/wiretap/logcat.c b/wiretap/logcat.c index f37eda988b..74ac0c6c30 100644 --- a/wiretap/logcat.c +++ b/wiretap/logcat.c @@ -189,7 +189,7 @@ static gboolean logcat_read_packet(struct logcat_phdr *logcat, FILE_T fh, /* * The maximum value of payload_length is 65535, which, even after * the size of the logger entry structure is added to it, is less - * than WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/logcat_text.c b/wiretap/logcat_text.c index a0e53bac1b..d0da5fc1cc 100644 --- a/wiretap/logcat_text.c +++ b/wiretap/logcat_text.c @@ -188,9 +188,9 @@ static gboolean logcat_text_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, gchar *cbuff; gchar *ret = NULL; - cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE); + cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); do { - ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE, fh); + ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE_STANDARD, fh); } while (NULL != ret && 3 > strlen(cbuff) && !file_eof(fh)); if (NULL == ret || 3 > strlen(cbuff)) { @@ -205,13 +205,13 @@ static gboolean logcat_text_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, int err; gchar *ret2 = NULL; - lbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE); + lbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); file_off = file_tell(fh); - ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE, fh); + ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE_STANDARD, fh); while (NULL != ret2 && 2 < strlen(lbuff) && !file_eof(fh)) { - g_strlcat(cbuff,lbuff,WTAP_MAX_PACKET_SIZE); + g_strlcat(cbuff,lbuff,WTAP_MAX_PACKET_SIZE_STANDARD); file_off = file_tell(fh); - ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE, fh); + ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE_STANDARD, fh); } if(NULL == ret2 || 2 < strlen(lbuff)) { @@ -278,9 +278,9 @@ wtap_open_return_val logcat_text_open(wtap *wth, int *err, gchar **err_info _U_) if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) return WTAP_OPEN_ERROR; - cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE); + cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); do { - ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE, wth->fh); + ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE_STANDARD, wth->fh); } while (NULL != ret && !file_eof(wth->fh) && ((3 > strlen(cbuff)) || g_regex_match_simple(SPECIAL_STRING, cbuff, (GRegexCompileFlags)((gint) G_REGEX_ANCHORED | (gint) G_REGEX_RAW), diff --git a/wiretap/merge.c b/wiretap/merge.c index 0ba1b81a66..0f3c801740 100644 --- a/wiretap/merge.c +++ b/wiretap/merge.c @@ -959,7 +959,7 @@ merge_files(const gchar* out_filename, const int file_type, if (snaplen == 0) { /* Snapshot length not specified - default to the maximum. */ - snaplen = WTAP_MAX_PACKET_SIZE; + snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } /* @@ -1062,7 +1062,7 @@ merge_files_to_tempfile(gchar **out_filenamep, const char *pfx, if (snaplen == 0) { /* Snapshot length not specified - default to the maximum. */ - snaplen = WTAP_MAX_PACKET_SIZE; + snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } /* @@ -1161,7 +1161,7 @@ merge_files_to_stdout(const int file_type, const char *const *in_filenames, if (snaplen == 0) { /* Snapshot length not specified - default to the maximum. */ - snaplen = WTAP_MAX_PACKET_SIZE; + snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } /* diff --git a/wiretap/mime_file.c b/wiretap/mime_file.c index 17bb9608a5..951be17090 100644 --- a/wiretap/mime_file.c +++ b/wiretap/mime_file.c @@ -4,9 +4,9 @@ * * This is for use with Wireshark dissectors that handle file * formats (e.g., because they handle a particular MIME media type). - * It breaks the file into chunks of at most WTAP_MAX_PACKET_SIZE, + * It breaks the file into chunks of at most WTAP_MAX_PACKET_SIZE_STANDARD, * each of which is reported as a packet, so that files larger than - * WTAP_MAX_PACKET_SIZE can be handled by reassembly. + * WTAP_MAX_PACKET_SIZE_STANDARD can be handled by reassembly. * * The "MIME file" dissector does the reassembly, and hands the result * off to heuristic dissectors to try to identify the file's contents. diff --git a/wiretap/mp2t.c b/wiretap/mp2t.c index 5507eef3bd..69a4ef6b3b 100644 --- a/wiretap/mp2t.c +++ b/wiretap/mp2t.c @@ -68,7 +68,7 @@ mp2t_read_packet(mp2t_filetype_t *mp2t, FILE_T fh, gint64 offset, guint64 tmp; /* - * MP2T_SIZE will always be less than WTAP_MAX_PACKET_SIZE, so + * MP2T_SIZE will always be less than WTAP_MAX_PACKET_SIZE_STANDARD, so * we don't have to worry about the packet being too big. */ ws_buffer_assure_space(buf, MP2T_SIZE); diff --git a/wiretap/netmon.c b/wiretap/netmon.c index f258eac836..84da71f7c0 100644 --- a/wiretap/netmon.c +++ b/wiretap/netmon.c @@ -494,14 +494,14 @@ netmon_process_record(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, packet_size = pletoh32(&hdr.hdr_2_x.incl_len); break; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("netmon: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FAILURE; } @@ -998,7 +998,7 @@ static gboolean netmon_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr, case WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x: /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c index 6aa6781421..4b8b48db8b 100644 --- a/wiretap/netscaler.c +++ b/wiretap/netscaler.c @@ -974,7 +974,7 @@ static gboolean nstrace_set_start_time(wtap *wth, int *err, gchar **err_info) ** Netscaler trace format read routines. ** ** The maximum value of the record data size is 65535, which is less than -** WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. +** WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ #define TIMEDEFV10(phdr,fp,type) \ do {\ @@ -1146,7 +1146,7 @@ static gboolean nstrace_read_v10(wtap *wth, int *err, gchar **err_info, gint64 * /* ** The maximum value of the record data size is 65535, which is less than -** WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. +** WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ #define PARTSIZEDEFV20(phdr,pp,ver) \ do {\ @@ -1351,7 +1351,7 @@ static gboolean nstrace_read_v20(wtap *wth, int *err, gchar **err_info, gint64 * /* ** The maximum value of the record data size is 65535, which is less than -** WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. +** WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ #define FULLSIZEDEFV30(phdr,fp,ver)\ do {\ @@ -1804,7 +1804,7 @@ static gboolean nstrace_seek_read_v30(wtap *wth, gint64 seek_off, /* ** Get the record length. ** The maximum value of the record data size is 65535, which is less - ** than WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. + ** than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ record_length = nspr_getv20recordsize(&hdr); diff --git a/wiretap/netscreen.c b/wiretap/netscreen.c index 1a913d6862..f3f76a318c 100644 --- a/wiretap/netscreen.c +++ b/wiretap/netscreen.c @@ -293,14 +293,14 @@ parse_netscreen_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer* buf, *err_info = g_strdup("netscreen: packet header has a negative packet length"); return FALSE; } - if (pkt_len > WTAP_MAX_PACKET_SIZE) { + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("netscreen: File has %u-byte packet, bigger than maximum of %u", - pkt_len, WTAP_MAX_PACKET_SIZE); + pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/nettl.c b/wiretap/nettl.c index 371beb4c01..533fa8678e 100644 --- a/wiretap/nettl.c +++ b/wiretap/nettl.c @@ -569,14 +569,14 @@ nettl_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, pseudo_header->nettl.pid = pntoh32(&rec_hdr.pid); pseudo_header->nettl.uid = pntoh16(&rec_hdr.uid); - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("nettl: File has %u-byte packet, bigger than maximum of %u", - phdr->caplen, WTAP_MAX_PACKET_SIZE); + phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -695,7 +695,7 @@ static gboolean nettl_dump(wtap_dumper *wdh, } /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/nettrace_3gpp_32_423.c b/wiretap/nettrace_3gpp_32_423.c index 08c8a3c258..2549270940 100644 --- a/wiretap/nettrace_3gpp_32_423.c +++ b/wiretap/nettrace_3gpp_32_423.c @@ -788,7 +788,7 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_ int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data); int_data_mand->wtap_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU; int_data_mand->time_units_per_second = 1000000; /* default microsecond resolution */ - int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE; + int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD; wtap_block_add_string_option(int_data, OPT_IDB_NAME, "Fake IF", strlen("Fake IF")); int_data_mand->num_stat_entries = 0; /* Number of ISB:s */ int_data_mand->interface_statistics = NULL; @@ -796,7 +796,7 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_ g_array_append_val(idb_inf->interface_data, int_data); wdh_exp_pdu = wtap_dump_fdopen_ng(import_file_fd, WTAP_FILE_TYPE_SUBTYPE_PCAPNG, WTAP_ENCAP_WIRESHARK_UPPER_PDU, - WTAP_MAX_PACKET_SIZE, FALSE, shb_hdrs, idb_inf, NULL, &exp_pdu_file_err); + WTAP_MAX_PACKET_SIZE_STANDARD, FALSE, shb_hdrs, idb_inf, NULL, &exp_pdu_file_err); if (wdh_exp_pdu == NULL) { result = WTAP_OPEN_ERROR; goto end; diff --git a/wiretap/network_instruments.c b/wiretap/network_instruments.c index a09d1b7f48..c0d24138c3 100644 --- a/wiretap/network_instruments.c +++ b/wiretap/network_instruments.c @@ -493,7 +493,7 @@ process_packet_header(wtap *wth, packet_entry_header *packet_header, } /* * The maximum value of packet_header->captured_size is 65535, which - * is less than WTAP_MAX_PACKET_SIZE will ever be, so we don't need + * is less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need * to check it. */ diff --git a/wiretap/netxray.c b/wiretap/netxray.c index cf1d6fb41c..d298d03642 100644 --- a/wiretap/netxray.c +++ b/wiretap/netxray.c @@ -1925,7 +1925,7 @@ netxray_dump_2_0(wtap_dumper *wdh, } /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c index 829ba74526..83cf88083a 100644 --- a/wiretap/ngsniffer.c +++ b/wiretap/ngsniffer.c @@ -1300,7 +1300,7 @@ ngsniffer_process_record(wtap *wth, gboolean is_random, guint *padding, } /* * The maximum value of length is 65535, which is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/packetlogger.c b/wiretap/packetlogger.c index 6094b84cb7..909371543b 100644 --- a/wiretap/packetlogger.c +++ b/wiretap/packetlogger.c @@ -183,14 +183,14 @@ packetlogger_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *err_info = g_strdup_printf("packetlogger: record length %u is too small", pl_hdr.len); return FALSE; } - if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE) { + if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("packetlogger: File has %u-byte packet, bigger than maximum of %u", - pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE); + pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/pcap-common.c b/wiretap/pcap-common.c index e67cd3956f..0950e5adad 100644 --- a/wiretap/pcap-common.c +++ b/wiretap/pcap-common.c @@ -702,6 +702,27 @@ wtap_wtap_encap_to_pcap_encap(int encap) return -1; } +/* + * For most encapsulations, we use WTAP_MAX_PACKET_SIZE_STANDARD, as + * that should be enough for most link-layer types, and shouldn't be + * too big. + * + * For D-Bus, we use WTAP_MAX_PACKET_SIZE_DBUS, because the maximum + * D-Bus message size is 128MB, which is bigger than we'd want for + * all link-layer types - files with that snapshot length might cause + * some programs reading them to allocate a huge and wasteful buffer + * and, at least on 32-bit platforms, run the risk of running out of + * memory. + */ +guint +wtap_max_snaplen_for_encap(int wtap_encap) +{ + if (wtap_encap == WTAP_ENCAP_DBUS) + return WTAP_MAX_PACKET_SIZE_DBUS; + else + return WTAP_MAX_PACKET_SIZE_STANDARD; +} + gboolean wtap_encap_requires_phdr(int wtap_encap) { diff --git a/wiretap/pcap-common.h b/wiretap/pcap-common.h index fd15ce292a..da95cf546f 100644 --- a/wiretap/pcap-common.h +++ b/wiretap/pcap-common.h @@ -29,6 +29,8 @@ #include "wtap.h" #include "ws_symbol_export.h" +extern guint wtap_max_snaplen_for_encap(int wtap_encap); + extern int pcap_process_pseudo_header(FILE_T fh, int file_type, int wtap_encap, guint packet_size, gboolean check_packet_size, struct wtap_pkthdr *phdr, int *err, gchar **err_info); diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c index f21e028c94..9217781341 100644 --- a/wiretap/pcapng.c +++ b/wiretap/pcapng.c @@ -737,14 +737,14 @@ pcapng_read_if_descr_block(wtap *wth, FILE_T fh, pcapng_block_header_t *bh, wtap_encap_string(if_descr_mand->wtap_encap), if_descr_mand->snap_len); - if (if_descr_mand->snap_len > WTAP_MAX_PACKET_SIZE) { - /* This is unrealistic, but text2pcap currently uses 102400. + if (if_descr_mand->snap_len > wtap_max_snaplen_for_encap(if_descr_mand->wtap_encap)) { + /* * We do not use this value, maybe we should check the * snap_len of the packets against it. For now, only warn. */ pcapng_debug("pcapng_read_if_descr_block: snapshot length %u unrealistic.", if_descr_mand->snap_len); - /*if_descr_mand->snap_len = WTAP_MAX_PACKET_SIZE;*/ + /*if_descr_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD;*/ } /* Options */ @@ -1164,12 +1164,6 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta } } - if (packet.cap_len > WTAP_MAX_PACKET_SIZE) { - *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup_printf("pcapng_read_packet_block: cap_len %u is larger than WTAP_MAX_PACKET_SIZE %u", - packet.cap_len, WTAP_MAX_PACKET_SIZE); - return FALSE; - } pcapng_debug("pcapng_read_packet_block: packet data: packet_len %u captured_len %u interface_id %u", packet.packet_len, packet.cap_len, @@ -1184,6 +1178,14 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta iface_info = g_array_index(pn->interfaces, interface_info_t, packet.interface_id); + if (packet.cap_len > wtap_max_snaplen_for_encap(iface_info.wtap_encap)) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup_printf("pcapng_read_packet_block: cap_len %u is larger than %u", + packet.cap_len, + wtap_max_snaplen_for_encap(iface_info.wtap_encap)); + return FALSE; + } + wblock->packet_header->rec_type = REC_TYPE_PACKET; wblock->packet_header->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID; @@ -1466,10 +1468,11 @@ pcapng_read_simple_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t * return FALSE; } - if (simple_packet.cap_len > WTAP_MAX_PACKET_SIZE) { + if (simple_packet.cap_len > wtap_max_snaplen_for_encap(iface_info.wtap_encap)) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup_printf("pcapng_read_simple_packet_block: cap_len %u is larger than WTAP_MAX_PACKET_SIZE %u", - simple_packet.cap_len, WTAP_MAX_PACKET_SIZE); + *err_info = g_strdup_printf("pcapng_read_simple_packet_block: cap_len %u is larger than %u", + simple_packet.cap_len, + wtap_max_snaplen_for_encap(iface_info.wtap_encap)); return FALSE; } pcapng_debug("pcapng_read_simple_packet_block: packet data: packet_len %u", @@ -2951,7 +2954,7 @@ pcapng_write_enhanced_packet_block(wtap_dumper *wdh, wtapng_if_descr_mandatory_t *int_data_mand; /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > wtap_max_snaplen_for_encap(wdh->encap)) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } @@ -3140,7 +3143,7 @@ pcapng_write_sysdig_event_block(wtap_dumper *wdh, guint16 event_type; /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/peekclassic.c b/wiretap/peekclassic.c index 91569e2abb..a0fce6d6f7 100644 --- a/wiretap/peekclassic.c +++ b/wiretap/peekclassic.c @@ -437,7 +437,7 @@ static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh, } /* * The maximum value of sliceLength and length are 65535, which - * are less than WTAP_MAX_PACKET_SIZE will ever be, so we don't + * are less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't * need to check them. */ @@ -621,7 +621,7 @@ static gboolean peekclassic_read_packet_v56(wtap *wth, FILE_T fh, } /* * The maximum value of sliceLength and length are 65535, which - * are less than WTAP_MAX_PACKET_SIZE will ever be, so we don't + * are less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't * need to check them. */ diff --git a/wiretap/peektagged.c b/wiretap/peektagged.c index 943ca0e058..b9f76a3a93 100644 --- a/wiretap/peektagged.c +++ b/wiretap/peektagged.c @@ -715,14 +715,14 @@ peektagged_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, if (sliceLength == 0) sliceLength = length; - if (sliceLength > WTAP_MAX_PACKET_SIZE) { + if (sliceLength > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("peektagged: File has %u-byte packet, bigger than maximum of %u", - sliceLength, WTAP_MAX_PACKET_SIZE); + sliceLength, WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } diff --git a/wiretap/pppdump.c b/wiretap/pppdump.c index 0b4f1bca37..ca6177ef0d 100644 --- a/wiretap/pppdump.c +++ b/wiretap/pppdump.c @@ -85,7 +85,7 @@ Daniel Thompson (STMicroelectronics) <daniel.thompson@st.com> * sizeof(lcp_header) + sizeof(ipcp_header). PPPD_MTU is *very* rarely * larger than 1500 so this value is fine. * - * It's less than WTAP_MAX_PACKET_SIZE, so we don't have to worry about + * It's less than WTAP_MAX_PACKET_SIZE_STANDARD, so we don't have to worry about * too-large packets. */ #define PPPD_BUF_SIZE 8192 diff --git a/wiretap/radcom.c b/wiretap/radcom.c index f86b1f3e23..54e5e9b441 100644 --- a/wiretap/radcom.c +++ b/wiretap/radcom.c @@ -316,7 +316,7 @@ radcom_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, real_length = pletoh16(&hdr.real_length); /* * The maximum value of length is 65535, which is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/snoop.c b/wiretap/snoop.c index 1831e422c6..4468028d77 100644 --- a/wiretap/snoop.c +++ b/wiretap/snoop.c @@ -484,24 +484,24 @@ snoop_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, rec_size = g_ntohl(hdr.rec_len); orig_size = g_ntohl(hdr.orig_len); packet_size = g_ntohl(hdr.incl_len); - if (orig_size > WTAP_MAX_PACKET_SIZE) { + if (orig_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("snoop: File has %u-byte original length, bigger than maximum of %u", - orig_size, WTAP_MAX_PACKET_SIZE); + orig_size, WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("snoop: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } if (packet_size > rec_size) { @@ -844,7 +844,7 @@ static gboolean snoop_dump(wtap_dumper *wdh, reclen += padlen; /* Don't write anything we're not willing to read. */ - if (phdr->caplen + atm_hdrsize > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen + atm_hdrsize > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/stanag4607.c b/wiretap/stanag4607.c index dfe26823b3..731d8200c1 100644 --- a/wiretap/stanag4607.c +++ b/wiretap/stanag4607.c @@ -76,14 +76,14 @@ static gboolean stanag4607_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *p /* The next 4 bytes are the packet length */ packet_size = pntoh32(&stanag_pkt_hdr[2]); - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("stanag4607: File has %" G_GUINT32_FORMAT "d-byte packet, " - "bigger than maximum of %u", packet_size, WTAP_MAX_PACKET_SIZE); + "bigger than maximum of %u", packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } if (packet_size < PKT_HDR_SIZE+SEG_HDR_SIZE) { diff --git a/wiretap/tnef.c b/wiretap/tnef.c index 2b6266596b..c0f1600aa2 100644 --- a/wiretap/tnef.c +++ b/wiretap/tnef.c @@ -35,14 +35,14 @@ static gboolean tnef_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, if ((file_size = wtap_file_size(wth, err)) == -1) return FALSE; - if (file_size > WTAP_MAX_PACKET_SIZE) { + if (file_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("tnef: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u", - file_size, WTAP_MAX_PACKET_SIZE); + file_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } packet_size = (int)file_size; diff --git a/wiretap/toshiba.c b/wiretap/toshiba.c index 091b790884..40e605dfa4 100644 --- a/wiretap/toshiba.c +++ b/wiretap/toshiba.c @@ -311,14 +311,14 @@ parse_toshiba_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, *err_info = g_strdup("toshiba: packet header has a negative packet length"); return FALSE; } - if (pkt_len > WTAP_MAX_PACKET_SIZE) { + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("toshiba: File has %u-byte packet, bigger than maximum of %u", - pkt_len, WTAP_MAX_PACKET_SIZE); + pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/visual.c b/wiretap/visual.c index 2bf675a444..240e10e6a9 100644 --- a/wiretap/visual.c +++ b/wiretap/visual.c @@ -511,13 +511,13 @@ visual_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, phdr->caplen = packet_size; /* Check for too-large packet. */ - if (packet_size > WTAP_MAX_PACKET_SIZE) + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* Probably a corrupt capture file; don't blow up trying to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("visual: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -652,7 +652,7 @@ static gboolean visual_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr, } /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/vms.c b/wiretap/vms.c index 9180c0e461..5ab50223a6 100644 --- a/wiretap/vms.c +++ b/wiretap/vms.c @@ -397,7 +397,7 @@ parse_vms_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, gch break; } } while (! isdumpline(line)); - if (pkt_len > WTAP_MAX_PACKET_SIZE) { + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -405,7 +405,7 @@ parse_vms_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, gch */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("vms: File has %u-byte packet, bigger than maximum of %u", - pkt_len, WTAP_MAX_PACKET_SIZE); + pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/vwr.c b/wiretap/vwr.c index 015a7a0205..2b04757a79 100644 --- a/wiretap/vwr.c +++ b/wiretap/vwr.c @@ -1275,7 +1275,7 @@ static gboolean vwr_read_s1_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, * * The maximum value of actual_octets is 8191, which, even after * adding the lengths of the metadata headers, is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ phdr->len = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets; phdr->caplen = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets; @@ -1688,7 +1688,7 @@ static gboolean vwr_read_s2_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, * * The maximum value of actual_octets is 8191, which, even after * adding the lengths of the metadata headers, is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ phdr->len = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets; phdr->caplen = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets; @@ -1868,7 +1868,7 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, * * We include the length of the metadata headers in the packet lengths. * - * OCTO_MODIFIED_RF_LEN + 1 is less than WTAP_MAX_PACKET_SIZE will + * OCTO_MODIFIED_RF_LEN + 1 is less than WTAP_MAX_PACKET_SIZE_STANDARD will * ever be, so we don't need to check it. */ phdr->len = OCTO_MODIFIED_RF_LEN + 1; /* 1st octet is reserved for detecting type of frame while displaying in wireshark */ @@ -2184,14 +2184,14 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, phdr->len = OCTO_TIMESTAMP_FIELDS_LEN + OCTO_LAYER1TO4_LEN + actual_octets; phdr->caplen = OCTO_TIMESTAMP_FIELDS_LEN + OCTO_LAYER1TO4_LEN + actual_octets; } - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate * space for an immensely-large packet. */ *err_info = g_strdup_printf("vwr: File has %u-byte packet, bigger than maximum of %u", - phdr->caplen, WTAP_MAX_PACKET_SIZE); + phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD); *err = WTAP_ERR_BAD_FILE; return FALSE; } @@ -2696,7 +2696,7 @@ static gboolean vwr_read_rec_data_ethernet(vwr_t *vwr, struct wtap_pkthdr *phdr, * * The maximum value of actual_octets is 65535, which, even after * adding the lengths of the metadata headers, is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ phdr->len = STATS_COMMON_FIELDS_LEN + EXT_ETHERNET_FIELDS_LEN + actual_octets; phdr->caplen = STATS_COMMON_FIELDS_LEN + EXT_ETHERNET_FIELDS_LEN + actual_octets; diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 6b60d51d9d..f5e9a13503 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -376,11 +376,15 @@ extern "C" { /* if you add to the above, update wtap_tsprec_string() */ /* - * Maximum packet size we'll support. - * 262144 is the largest snapshot length that libpcap supports, so we - * use that. - */ -#define WTAP_MAX_PACKET_SIZE 262144 + * We support one maximum packet size for most link-layer header types + * and another for D-Bus, because the maximum packet size for D-Bus + * is 128MB, and that's a lot bigger than the 256KB that we use elsewhere. + * We don't want to write out files that specify a maximum packet size of + * 128MB if we don't have to, as software reading those files might + * allocate a buffer much larger than necessary, wasting memory. + */ +#define WTAP_MAX_PACKET_SIZE_STANDARD 262144 +#define WTAP_MAX_PACKET_SIZE_DBUS (128*1024*1024) /* * "Pseudo-headers" are used to supply to the clients of wiretap |