summaryrefslogtreecommitdiff
path: root/wiretap
diff options
context:
space:
mode:
authorGuy Harris <guy@alum.mit.edu>2017-06-04 18:58:40 -0700
committerGuy Harris <guy@alum.mit.edu>2017-06-05 05:28:26 +0000
commitd0865fd619454a9ac06b1c7d287dc438aff50bb0 (patch)
tree91efc24ec72d274b1529342041641b36939236f2 /wiretap
parent17965f57f178aa7e4027f2d363658098e2f1abb3 (diff)
downloadwireshark-d0865fd619454a9ac06b1c7d287dc438aff50bb0.tar.gz
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for them, because that's the largest possible D-Bus message size. See https://bugs.freedesktop.org/show_bug.cgi?id=100220 for an example of the problems caused by limiting the snapshot length to 256KB for D-Bus. Have a snapshot length of 0 in a capture_file structure mean "there is no snapshot length for the file"; we don't need the has_snap field in that case, a value of 0 mean "no, we don't have a snapshot length". In dumpcap, start out with a pipe buffer size of 2KB, and grow it as necessary. When checking for a too-big packet from a pipe, check against the appropriate maximum - 128MB for DLT_DBUS, 256KB for everything else. Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20 Reviewed-on: https://code.wireshark.org/review/21952 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap')
-rw-r--r--wiretap/5views.c6
-rw-r--r--wiretap/aethra.c4
-rw-r--r--wiretap/ascendtext.h2
-rw-r--r--wiretap/btsnoop.c8
-rw-r--r--wiretap/camins.c2
-rw-r--r--wiretap/capsa.c8
-rw-r--r--wiretap/catapult_dct2000.c4
-rw-r--r--wiretap/commview.c2
-rw-r--r--wiretap/cosine.c4
-rw-r--r--wiretap/csids.c2
-rw-r--r--wiretap/daintree-sna.c2
-rw-r--r--wiretap/dbs-etherwatch.c4
-rw-r--r--wiretap/erf.c14
-rw-r--r--wiretap/eyesdn.c4
-rw-r--r--wiretap/file_access.c19
-rw-r--r--wiretap/hcidump.c4
-rw-r--r--wiretap/i4btrace.c4
-rw-r--r--wiretap/ipfix.c2
-rw-r--r--wiretap/iptrace.c8
-rw-r--r--wiretap/iseries.c4
-rw-r--r--wiretap/k12.c6
-rw-r--r--wiretap/k12text.l10
-rw-r--r--wiretap/lanalyzer.c2
-rw-r--r--wiretap/libpcap.c33
-rw-r--r--wiretap/logcat.c2
-rw-r--r--wiretap/logcat_text.c16
-rw-r--r--wiretap/merge.c6
-rw-r--r--wiretap/mime_file.c4
-rw-r--r--wiretap/mp2t.c2
-rw-r--r--wiretap/netmon.c6
-rw-r--r--wiretap/netscaler.c8
-rw-r--r--wiretap/netscreen.c4
-rw-r--r--wiretap/nettl.c6
-rw-r--r--wiretap/nettrace_3gpp_32_423.c4
-rw-r--r--wiretap/network_instruments.c2
-rw-r--r--wiretap/netxray.c2
-rw-r--r--wiretap/ngsniffer.c2
-rw-r--r--wiretap/packetlogger.c4
-rw-r--r--wiretap/pcap-common.c21
-rw-r--r--wiretap/pcap-common.h2
-rw-r--r--wiretap/pcapng.c31
-rw-r--r--wiretap/peekclassic.c4
-rw-r--r--wiretap/peektagged.c4
-rw-r--r--wiretap/pppdump.c2
-rw-r--r--wiretap/radcom.c2
-rw-r--r--wiretap/snoop.c10
-rw-r--r--wiretap/stanag4607.c4
-rw-r--r--wiretap/tnef.c4
-rw-r--r--wiretap/toshiba.c4
-rw-r--r--wiretap/visual.c6
-rw-r--r--wiretap/vms.c4
-rw-r--r--wiretap/vwr.c12
-rw-r--r--wiretap/wtap.h14
53 files changed, 200 insertions, 150 deletions
diff --git a/wiretap/5views.c b/wiretap/5views.c
index 3ee32d17e9..349293be11 100644
--- a/wiretap/5views.c
+++ b/wiretap/5views.c
@@ -215,14 +215,14 @@ _5views_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
return FALSE;
} while (1);
- if (wth->phdr.caplen > WTAP_MAX_PACKET_SIZE) {
+ if (wth->phdr.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("5views: File has %u-byte packet, bigger than maximum of %u",
- wth->phdr.caplen, WTAP_MAX_PACKET_SIZE);
+ wth->phdr.caplen, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
@@ -361,7 +361,7 @@ static gboolean _5views_dump(wtap_dumper *wdh,
}
/* Don't write out something bigger than we can read. */
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
diff --git a/wiretap/aethra.c b/wiretap/aethra.c
index beff703bf4..d7f50fcd84 100644
--- a/wiretap/aethra.c
+++ b/wiretap/aethra.c
@@ -313,7 +313,7 @@ aethra_read_rec_header(wtap *wth, FILE_T fh, struct aethrarec_hdr *hdr,
(unsigned int)(sizeof *hdr - sizeof hdr->rec_size));
return FALSE;
}
- if (rec_size > WTAP_MAX_PACKET_SIZE) {
+ if (rec_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
@@ -321,7 +321,7 @@ aethra_read_rec_header(wtap *wth, FILE_T fh, struct aethrarec_hdr *hdr,
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("aethra: File has %u-byte packet, bigger than maximum of %u",
- rec_size, WTAP_MAX_PACKET_SIZE);
+ rec_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/ascendtext.h b/wiretap/ascendtext.h
index 208f8b4ff7..a2afb3430d 100644
--- a/wiretap/ascendtext.h
+++ b/wiretap/ascendtext.h
@@ -24,7 +24,7 @@
#include <glib.h>
/*
- * ASCEND_MAX_PKT_LEN is < WTAP_MAX_PACKET_SIZE, so we don't need to
+ * ASCEND_MAX_PKT_LEN is < WTAP_MAX_PACKET_SIZE_STANDARD, so we don't need to
* check the packet length.
*/
#define ASCEND_MAX_DATA_ROWS 8
diff --git a/wiretap/btsnoop.c b/wiretap/btsnoop.c
index 998c9589b8..331beba75f 100644
--- a/wiretap/btsnoop.c
+++ b/wiretap/btsnoop.c
@@ -183,14 +183,14 @@ static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
packet_size = g_ntohl(hdr.incl_len);
orig_size = g_ntohl(hdr.orig_len);
flags = g_ntohl(hdr.flags);
- if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("btsnoop: File has %u-byte packet, bigger than maximum of %u",
- packet_size, WTAP_MAX_PACKET_SIZE);
+ packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
@@ -326,7 +326,7 @@ static gboolean btsnoop_dump_h1(wtap_dumper *wdh,
* Don't write out anything bigger than we can read.
* (This will also fail on a caplen of 0, as it should.)
*/
- if (phdr->caplen-1 > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen-1 > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
@@ -368,7 +368,7 @@ static gboolean btsnoop_dump_h4(wtap_dumper *wdh,
}
/* Don't write out anything bigger than we can read. */
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
diff --git a/wiretap/camins.c b/wiretap/camins.c
index b52a0ae292..65dda8d2f2 100644
--- a/wiretap/camins.c
+++ b/wiretap/camins.c
@@ -317,7 +317,7 @@ camins_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
/*
* The maximum value of length is 65535, which, even after
* DVB_CI_PSEUDO_HDR_LEN is added to it, is less than
- * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check
+ * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check
* it.
*/
diff --git a/wiretap/capsa.c b/wiretap/capsa.c
index 1d65c1c33b..f18e0c51bb 100644
--- a/wiretap/capsa.c
+++ b/wiretap/capsa.c
@@ -371,24 +371,24 @@ capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
*err = WTAP_ERR_INTERNAL;
return -1;
}
- if (orig_size > WTAP_MAX_PACKET_SIZE) {
+ if (orig_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("capsa: File has %u-byte original length, bigger than maximum of %u",
- orig_size, WTAP_MAX_PACKET_SIZE);
+ orig_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return -1;
}
- if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("capsa: File has %u-byte packet, bigger than maximum of %u",
- packet_size, WTAP_MAX_PACKET_SIZE);
+ packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return -1;
}
if (header_size + packet_size > rec_size) {
diff --git a/wiretap/catapult_dct2000.c b/wiretap/catapult_dct2000.c
index 4264f2ae72..04013d5a6e 100644
--- a/wiretap/catapult_dct2000.c
+++ b/wiretap/catapult_dct2000.c
@@ -1329,7 +1329,7 @@ process_parsed_line(wtap *wth, dct2000_file_externals_t *file_externals,
1 + /* direction */
1 + /* encap */
(is_comment ? data_chars : (data_chars/2));
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
@@ -1337,7 +1337,7 @@ process_parsed_line(wtap *wth, dct2000_file_externals_t *file_externals,
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("catapult dct2000: File has %u-byte packet, bigger than maximum of %u",
- phdr->caplen, WTAP_MAX_PACKET_SIZE);
+ phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
phdr->len = phdr->caplen;
diff --git a/wiretap/commview.c b/wiretap/commview.c
index e6dbd8101f..77d3a6121e 100644
--- a/wiretap/commview.c
+++ b/wiretap/commview.c
@@ -148,7 +148,7 @@ commview_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
return FALSE;
/*
* The maximum value of cv_hdr.data_len is 65535, which is less
- * than WTAP_MAX_PACKET_SIZE will ever be, so we don't need to
+ * than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to
* check it.
*/
diff --git a/wiretap/cosine.c b/wiretap/cosine.c
index c7f5952294..b7a23b3143 100644
--- a/wiretap/cosine.c
+++ b/wiretap/cosine.c
@@ -373,14 +373,14 @@ parse_cosine_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
*err_info = g_strdup("cosine: packet header has a negative packet length");
return FALSE;
}
- if (pkt_len > WTAP_MAX_PACKET_SIZE) {
+ if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("cosine: File has %u-byte packet, bigger than maximum of %u",
- pkt_len, WTAP_MAX_PACKET_SIZE);
+ pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/csids.c b/wiretap/csids.c
index 3f4b3eefcc..2d44a10c93 100644
--- a/wiretap/csids.c
+++ b/wiretap/csids.c
@@ -181,7 +181,7 @@ csids_read_packet(FILE_T fh, csids_t *csids, struct wtap_pkthdr *phdr,
hdr.caplen = pntoh16(&hdr.caplen);
/*
* The maximum value of hdr.caplen is 65535, which is less than
- * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check
+ * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check
* it.
*/
diff --git a/wiretap/daintree-sna.c b/wiretap/daintree-sna.c
index 3deca1dff7..b1016fa072 100644
--- a/wiretap/daintree-sna.c
+++ b/wiretap/daintree-sna.c
@@ -194,7 +194,7 @@ daintree_sna_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
phdr->ts.nsecs = useconds * 1000; /* convert mS to nS */
/*
- * READDATA_BUF_SIZE is < WTAP_MAX_PACKET_SIZE, and is the maximum
+ * READDATA_BUF_SIZE is < WTAP_MAX_PACKET_SIZE_STANDARD, and is the maximum
* number of bytes of packet data we can generate, so we don't
* need to check the packet length.
*/
diff --git a/wiretap/dbs-etherwatch.c b/wiretap/dbs-etherwatch.c
index 5c6933ab60..301ff90ebd 100644
--- a/wiretap/dbs-etherwatch.c
+++ b/wiretap/dbs-etherwatch.c
@@ -449,7 +449,7 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf,
phdr->caplen = eth_hdr_len + pkt_len;
phdr->len = eth_hdr_len + pkt_len;
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
@@ -457,7 +457,7 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf,
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("dbs_etherwatch: File has %u-byte packet, bigger than maximum of %u",
- phdr->caplen, WTAP_MAX_PACKET_SIZE);
+ phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/erf.c b/wiretap/erf.c
index 7b1fe9d5ff..702420b55d 100644
--- a/wiretap/erf.c
+++ b/wiretap/erf.c
@@ -278,7 +278,7 @@ extern wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info)
}
packet_size = rlen - (guint32)sizeof(header);
- if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file or a file that's not an ERF file
* but that passed earlier tests.
@@ -373,7 +373,7 @@ extern wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info)
break;
}
- if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file or a file that's not an ERF file
* but that passed earlier tests.
@@ -506,14 +506,14 @@ static gboolean erf_read_header(wtap *wth, FILE_T fh,
*packet_size = g_ntohs(erf_header->rlen) - (guint32)sizeof(*erf_header);
- if (*packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (*packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("erf: File has %u-byte packet, bigger than maximum of %u",
- *packet_size, WTAP_MAX_PACKET_SIZE);
+ *packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
@@ -691,14 +691,14 @@ static gboolean erf_read_header(wtap *wth, FILE_T fh,
g_ntohs(erf_header->rlen) - (guint32)sizeof(*erf_header) - skiplen );
}
- if (*packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (*packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("erf: File has %u-byte packet, bigger than maximum of %u",
- *packet_size, WTAP_MAX_PACKET_SIZE);
+ *packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
@@ -808,7 +808,7 @@ static gboolean erf_dump(
guint32 crc32 = 0x00000000;
/* Don't write anything bigger than we're willing to read. */
- if(phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if(phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
diff --git a/wiretap/eyesdn.c b/wiretap/eyesdn.c
index c545373ffe..4a592714fb 100644
--- a/wiretap/eyesdn.c
+++ b/wiretap/eyesdn.c
@@ -300,10 +300,10 @@ read_eyesdn_rec(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err,
break;
}
- if(pkt_len > WTAP_MAX_PACKET_SIZE) {
+ if(pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("eyesdn: File has %u-byte packet, bigger than maximum of %u",
- pkt_len, WTAP_MAX_PACKET_SIZE);
+ pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/file_access.c b/wiretap/file_access.c
index 91fcf718b0..3700a9fb44 100644
--- a/wiretap/file_access.c
+++ b/wiretap/file_access.c
@@ -2228,6 +2228,25 @@ wtap_dump_init_dumper(int file_type_subtype, int encap, int snaplen, gboolean co
descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(descr);
descr_mand->wtap_encap = encap;
descr_mand->time_units_per_second = 1000000; /* default microsecond resolution */
+ if (snaplen == 0) {
+ /*
+ * No snapshot length was specified. Pick an
+ * appropriate snapshot length for this
+ * link-layer type.
+ *
+ * We use WTAP_MAX_PACKET_SIZE_STANDARD for everything except
+ * D-Bus, which has a maximum packet size of 128MB,
+ * which is more than we want to put into files
+ * with other link-layer header types, as that
+ * might cause some software reading those files
+ * to allocate an unnecessarily huge chunk of
+ * memory for a packet buffer.
+ */
+ if (encap == WTAP_ENCAP_DBUS)
+ snaplen = 128*1024*1024;
+ else
+ snaplen = WTAP_MAX_PACKET_SIZE_STANDARD;
+ }
descr_mand->snap_len = snaplen;
descr_mand->num_stat_entries = 0; /* Number of ISB:s */
descr_mand->interface_statistics = NULL;
diff --git a/wiretap/hcidump.c b/wiretap/hcidump.c
index 3e7ee66272..d89b8359c4 100644
--- a/wiretap/hcidump.c
+++ b/wiretap/hcidump.c
@@ -43,14 +43,14 @@ static gboolean hcidump_read_packet(FILE_T fh, struct wtap_pkthdr *phdr,
return FALSE;
packet_size = GUINT16_FROM_LE(dh.len);
- if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("hcidump: File has %u-byte packet, bigger than maximum of %u",
- packet_size, WTAP_MAX_PACKET_SIZE);
+ packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/i4btrace.c b/wiretap/i4btrace.c
index 69d2788f54..106ef647a5 100644
--- a/wiretap/i4btrace.c
+++ b/wiretap/i4btrace.c
@@ -164,14 +164,14 @@ i4b_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
return FALSE;
}
length = hdr.length - (guint32)sizeof(hdr);
- if (length > WTAP_MAX_PACKET_SIZE) {
+ if (length > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("i4btrace: File has %u-byte packet, bigger than maximum of %u",
- length, WTAP_MAX_PACKET_SIZE);
+ length, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/ipfix.c b/wiretap/ipfix.c
index 64f38764c9..75987b54b8 100644
--- a/wiretap/ipfix.c
+++ b/wiretap/ipfix.c
@@ -161,7 +161,7 @@ ipfix_read_message(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, g
return FALSE;
/*
* The maximum value of msg_hdr.message_length is 65535, which is
- * less than WTAP_MAX_PACKET_SIZE will ever be, so we don't need
+ * less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need
* to check it.
*/
diff --git a/wiretap/iptrace.c b/wiretap/iptrace.c
index bfa278b3f5..cba013b06b 100644
--- a/wiretap/iptrace.c
+++ b/wiretap/iptrace.c
@@ -181,14 +181,14 @@ iptrace_read_rec_1_0(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
if (!wtap_read_bytes(fh, NULL, 3, err, err_info))
return FALSE;
}
- if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u",
- packet_size, WTAP_MAX_PACKET_SIZE);
+ packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
@@ -374,14 +374,14 @@ iptrace_read_rec_2_0(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
if (!wtap_read_bytes(fh, NULL, 3, err, err_info))
return FALSE;
}
- if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u",
- packet_size, WTAP_MAX_PACKET_SIZE);
+ packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/iseries.c b/wiretap/iseries.c
index aec989203d..c14b1eddc5 100644
--- a/wiretap/iseries.c
+++ b/wiretap/iseries.c
@@ -720,7 +720,7 @@ iseries_parse_packet (wtap * wth, FILE_T fh, struct wtap_pkthdr *phdr,
* Check the length first, just in case it's *so* big that, after
* adding the Ethernet header length, it overflows.
*/
- if (pkt_len > WTAP_MAX_PACKET_SIZE - 14)
+ if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD - 14)
{
/*
* Probably a corrupt capture file; don't blow up trying
@@ -732,7 +732,7 @@ iseries_parse_packet (wtap * wth, FILE_T fh, struct wtap_pkthdr *phdr,
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("iseries: File has %" G_GUINT64_FORMAT "-byte packet, bigger than maximum of %u",
(guint64)pkt_len + 14,
- WTAP_MAX_PACKET_SIZE);
+ WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
pkt_len += 14;
diff --git a/wiretap/k12.c b/wiretap/k12.c
index 5196a0e1a6..6191f1c9ba 100644
--- a/wiretap/k12.c
+++ b/wiretap/k12.c
@@ -486,7 +486,7 @@ static gint get_record(k12_t *file_data, FILE_T fh, gint64 file_offset,
* Record length must be at least large enough for the length
* and type, hence 8 bytes.
*
- * XXX - is WTAP_MAX_PACKET_SIZE the right check for a maximum
+ * XXX - is WTAP_MAX_PACKET_SIZE_STANDARD the right check for a maximum
* record size? Should we report this error differently?
*/
if (left < 8) {
@@ -494,9 +494,9 @@ static gint get_record(k12_t *file_data, FILE_T fh, gint64 file_offset,
*err_info = g_strdup_printf("k12: Record length %u is less than 8 bytes long",left);
return -1;
}
- if (left > WTAP_MAX_PACKET_SIZE) {
+ if (left > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_BAD_FILE;
- *err_info = g_strdup_printf("k12: Record length %u is greater than the maximum %u",left,WTAP_MAX_PACKET_SIZE);
+ *err_info = g_strdup_printf("k12: Record length %u is greater than the maximum %u",left,WTAP_MAX_PACKET_SIZE_STANDARD);
return -1;
}
diff --git a/wiretap/k12text.l b/wiretap/k12text.l
index 8b7a1572be..8e8cdca171 100644
--- a/wiretap/k12text.l
+++ b/wiretap/k12text.l
@@ -145,7 +145,7 @@ typedef struct {
#define SET_SECONDS(text) yyextra->g_s = (guint) strtoul(text,NULL,10)
#define SET_MS(text) yyextra->g_ms = (guint) strtoul(text,NULL,10)
#define SET_NS(text) yyextra->g_ns = (guint) strtoul(text,NULL,10)
-#define ADD_BYTE(text) do {if (yyextra->ii >= WTAP_MAX_PACKET_SIZE) {KERROR("frame too large");} yyextra->bb[yyextra->ii++] = (guint8)strtoul(text,NULL,16); } while(0)
+#define ADD_BYTE(text) do {if (yyextra->ii >= WTAP_MAX_PACKET_SIZE_STANDARD) {KERROR("frame too large");} yyextra->bb[yyextra->ii++] = (guint8)strtoul(text,NULL,16); } while(0)
#define FINALIZE_FRAME() do { yyextra->ok_frame = TRUE; } while (0)
/*~ #define ECHO*/
#define YY_USER_ACTION yyextra->file_bytes_read += yyleng;
@@ -359,7 +359,7 @@ k12text_read(wtap *wth, int *err, char ** err_info, gint64 *data_offset)
if ( file_seek(wth->fh, k12text->next_frame_offset, SEEK_SET, err) == -1) {
return FALSE;
}
- state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE);
+ state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD);
if (!k12text_run_scanner(&state, wth->fh, NEXT_FRAME, err, err_info)) {
g_free(state.bb);
@@ -400,7 +400,7 @@ k12text_seek_read(wtap *wth, gint64 seek_off, struct wtap_pkthdr *phdr, Buffer *
if ( file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) {
return FALSE;
}
- state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE);
+ state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD);
if (!k12text_run_scanner(&state, wth->random_fh, NEXT_FRAME, err, err_info)) {
return FALSE;
@@ -435,7 +435,7 @@ k12text_open(wtap *wth, int *err, gchar **err_info _U_)
k12text_t *k12text;
k12text_state_t state;
- state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE);
+ state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD);
if (!k12text_run_scanner(&state, wth->fh, MAGIC, err, err_info)) {
g_free(state.bb);
return WTAP_OPEN_ERROR;
@@ -494,7 +494,7 @@ k12text_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
struct tm *tmp;
/* Don't write anything bigger than we're willing to read. */
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
diff --git a/wiretap/lanalyzer.c b/wiretap/lanalyzer.c
index e18604246e..71d78e4faa 100644
--- a/wiretap/lanalyzer.c
+++ b/wiretap/lanalyzer.c
@@ -488,7 +488,7 @@ static gboolean lanalyzer_read_trace_record(wtap *wth, FILE_T fh,
packet_size = pletoh16(&descriptor[6]);
/*
* The maximum value of packet_size is 65535, which is less than
- * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check
+ * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check
* it.
*/
diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c
index 3d98ff0cbb..c0b90cc5cb 100644
--- a/wiretap/libpcap.c
+++ b/wiretap/libpcap.c
@@ -558,7 +558,7 @@ static int libpcap_try_header(wtap *wth, FILE_T fh, int *err, gchar **err_info,
ret++;
break;
}
- if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
+ if (hdr->hdr.incl_len > wtap_max_snaplen_for_encap(wth->file_encap)) {
/*
* Probably either a corrupt capture file or a file
* of a type different from the one we're trying.
@@ -566,18 +566,19 @@ static int libpcap_try_header(wtap *wth, FILE_T fh, int *err, gchar **err_info,
ret++;
}
- if (hdr->hdr.orig_len > 64*1024*1024) {
+ if (hdr->hdr.orig_len > 128*1024*1024) {
/*
* In theory I guess the on-the-wire packet size can be
* arbitrarily large, and it can certainly be larger than the
* maximum snapshot length which bounds the snapshot size,
- * but any file claiming 64MB in a single packet is *probably*
+ * but any file claiming 128MB in a single packet is *probably*
* corrupt, and treating them as such makes the heuristics
* much more reliable. See, for example,
*
* https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9634
*
- * (64MB is an arbitrary size at this point).
+ * (128MB is an arbitrary size at this point, chosen to be
+ * large enough for the largest D-Bus packet).
*/
ret++;
}
@@ -652,7 +653,7 @@ libpcap_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
if (!libpcap_read_header(wth, fh, err, err_info, &hdr))
return FALSE;
- if (hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
+ if (hdr.hdr.incl_len > wtap_max_snaplen_for_encap(wth->file_encap)) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
@@ -661,7 +662,8 @@ libpcap_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
*err = WTAP_ERR_BAD_FILE;
if (err_info != NULL) {
*err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u",
- hdr.hdr.incl_len, WTAP_MAX_PACKET_SIZE);
+ hdr.hdr.incl_len,
+ wtap_max_snaplen_for_encap(wth->file_encap));
}
return FALSE;
}
@@ -874,10 +876,11 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
*
* A snapshot length of 0, inside Wiretap, means "snapshot length
* unknown"; if the snapshot length supplied to us is 0, we make
- * the snapshot length in the header file WTAP_MAX_PACKET_SIZE.
+ * the snapshot length in the header file the maximum for the
+ * link-layer type we'll be writing.
*/
- file_hdr.snaplen = (wdh->snaplen != 0) ? wdh->snaplen :
- WTAP_MAX_PACKET_SIZE;
+ file_hdr.snaplen = (wdh->snaplen != 0) ? (guint)wdh->snaplen :
+ wtap_max_snaplen_for_encap(wdh->encap);
file_hdr.network = wtap_wtap_encap_to_pcap_encap(wdh->encap);
if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
return FALSE;
@@ -905,8 +908,11 @@ static gboolean libpcap_dump(wtap_dumper *wdh,
return FALSE;
}
- /* Don't write anything we're not willing to read. */
- if (phdr->caplen + phdrsize > WTAP_MAX_PACKET_SIZE) {
+ /*
+ * Don't write anything we're not willing to read.
+ * (The cast is to prevent an overflow.)
+ */
+ if ((guint64)phdr->caplen + phdrsize > wtap_max_snaplen_for_encap(wdh->encap)) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
@@ -914,11 +920,6 @@ static gboolean libpcap_dump(wtap_dumper *wdh,
rec_hdr.hdr.incl_len = phdr->caplen + phdrsize;
rec_hdr.hdr.orig_len = phdr->len + phdrsize;
- if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
- *err = WTAP_ERR_BAD_FILE;
- return FALSE;
- }
-
switch (wdh->file_type_subtype) {
case WTAP_FILE_TYPE_SUBTYPE_PCAP:
diff --git a/wiretap/logcat.c b/wiretap/logcat.c
index f37eda988b..74ac0c6c30 100644
--- a/wiretap/logcat.c
+++ b/wiretap/logcat.c
@@ -189,7 +189,7 @@ static gboolean logcat_read_packet(struct logcat_phdr *logcat, FILE_T fh,
/*
* The maximum value of payload_length is 65535, which, even after
* the size of the logger entry structure is added to it, is less
- * than WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check
+ * than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check
* it.
*/
diff --git a/wiretap/logcat_text.c b/wiretap/logcat_text.c
index a0e53bac1b..d0da5fc1cc 100644
--- a/wiretap/logcat_text.c
+++ b/wiretap/logcat_text.c
@@ -188,9 +188,9 @@ static gboolean logcat_text_read_packet(FILE_T fh, struct wtap_pkthdr *phdr,
gchar *cbuff;
gchar *ret = NULL;
- cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE);
+ cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD);
do {
- ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE, fh);
+ ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE_STANDARD, fh);
} while (NULL != ret && 3 > strlen(cbuff) && !file_eof(fh));
if (NULL == ret || 3 > strlen(cbuff)) {
@@ -205,13 +205,13 @@ static gboolean logcat_text_read_packet(FILE_T fh, struct wtap_pkthdr *phdr,
int err;
gchar *ret2 = NULL;
- lbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE);
+ lbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD);
file_off = file_tell(fh);
- ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE, fh);
+ ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE_STANDARD, fh);
while (NULL != ret2 && 2 < strlen(lbuff) && !file_eof(fh)) {
- g_strlcat(cbuff,lbuff,WTAP_MAX_PACKET_SIZE);
+ g_strlcat(cbuff,lbuff,WTAP_MAX_PACKET_SIZE_STANDARD);
file_off = file_tell(fh);
- ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE, fh);
+ ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE_STANDARD, fh);
}
if(NULL == ret2 || 2 < strlen(lbuff)) {
@@ -278,9 +278,9 @@ wtap_open_return_val logcat_text_open(wtap *wth, int *err, gchar **err_info _U_)
if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
return WTAP_OPEN_ERROR;
- cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE);
+ cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD);
do {
- ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE, wth->fh);
+ ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE_STANDARD, wth->fh);
} while (NULL != ret && !file_eof(wth->fh)
&& ((3 > strlen(cbuff))
|| g_regex_match_simple(SPECIAL_STRING, cbuff, (GRegexCompileFlags)((gint) G_REGEX_ANCHORED | (gint) G_REGEX_RAW),
diff --git a/wiretap/merge.c b/wiretap/merge.c
index 0ba1b81a66..0f3c801740 100644
--- a/wiretap/merge.c
+++ b/wiretap/merge.c
@@ -959,7 +959,7 @@ merge_files(const gchar* out_filename, const int file_type,
if (snaplen == 0) {
/* Snapshot length not specified - default to the maximum. */
- snaplen = WTAP_MAX_PACKET_SIZE;
+ snaplen = WTAP_MAX_PACKET_SIZE_STANDARD;
}
/*
@@ -1062,7 +1062,7 @@ merge_files_to_tempfile(gchar **out_filenamep, const char *pfx,
if (snaplen == 0) {
/* Snapshot length not specified - default to the maximum. */
- snaplen = WTAP_MAX_PACKET_SIZE;
+ snaplen = WTAP_MAX_PACKET_SIZE_STANDARD;
}
/*
@@ -1161,7 +1161,7 @@ merge_files_to_stdout(const int file_type, const char *const *in_filenames,
if (snaplen == 0) {
/* Snapshot length not specified - default to the maximum. */
- snaplen = WTAP_MAX_PACKET_SIZE;
+ snaplen = WTAP_MAX_PACKET_SIZE_STANDARD;
}
/*
diff --git a/wiretap/mime_file.c b/wiretap/mime_file.c
index 17bb9608a5..951be17090 100644
--- a/wiretap/mime_file.c
+++ b/wiretap/mime_file.c
@@ -4,9 +4,9 @@
*
* This is for use with Wireshark dissectors that handle file
* formats (e.g., because they handle a particular MIME media type).
- * It breaks the file into chunks of at most WTAP_MAX_PACKET_SIZE,
+ * It breaks the file into chunks of at most WTAP_MAX_PACKET_SIZE_STANDARD,
* each of which is reported as a packet, so that files larger than
- * WTAP_MAX_PACKET_SIZE can be handled by reassembly.
+ * WTAP_MAX_PACKET_SIZE_STANDARD can be handled by reassembly.
*
* The "MIME file" dissector does the reassembly, and hands the result
* off to heuristic dissectors to try to identify the file's contents.
diff --git a/wiretap/mp2t.c b/wiretap/mp2t.c
index 5507eef3bd..69a4ef6b3b 100644
--- a/wiretap/mp2t.c
+++ b/wiretap/mp2t.c
@@ -68,7 +68,7 @@ mp2t_read_packet(mp2t_filetype_t *mp2t, FILE_T fh, gint64 offset,
guint64 tmp;
/*
- * MP2T_SIZE will always be less than WTAP_MAX_PACKET_SIZE, so
+ * MP2T_SIZE will always be less than WTAP_MAX_PACKET_SIZE_STANDARD, so
* we don't have to worry about the packet being too big.
*/
ws_buffer_assure_space(buf, MP2T_SIZE);
diff --git a/wiretap/netmon.c b/wiretap/netmon.c
index f258eac836..84da71f7c0 100644
--- a/wiretap/netmon.c
+++ b/wiretap/netmon.c
@@ -494,14 +494,14 @@ netmon_process_record(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
packet_size = pletoh32(&hdr.hdr_2_x.incl_len);
break;
}
- if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("netmon: File has %u-byte packet, bigger than maximum of %u",
- packet_size, WTAP_MAX_PACKET_SIZE);
+ packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FAILURE;
}
@@ -998,7 +998,7 @@ static gboolean netmon_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
case WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x:
/* Don't write anything we're not willing to read. */
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c
index 6aa6781421..4b8b48db8b 100644
--- a/wiretap/netscaler.c
+++ b/wiretap/netscaler.c
@@ -974,7 +974,7 @@ static gboolean nstrace_set_start_time(wtap *wth, int *err, gchar **err_info)
** Netscaler trace format read routines.
**
** The maximum value of the record data size is 65535, which is less than
-** WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it.
+** WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it.
*/
#define TIMEDEFV10(phdr,fp,type) \
do {\
@@ -1146,7 +1146,7 @@ static gboolean nstrace_read_v10(wtap *wth, int *err, gchar **err_info, gint64 *
/*
** The maximum value of the record data size is 65535, which is less than
-** WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it.
+** WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it.
*/
#define PARTSIZEDEFV20(phdr,pp,ver) \
do {\
@@ -1351,7 +1351,7 @@ static gboolean nstrace_read_v20(wtap *wth, int *err, gchar **err_info, gint64 *
/*
** The maximum value of the record data size is 65535, which is less than
-** WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it.
+** WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it.
*/
#define FULLSIZEDEFV30(phdr,fp,ver)\
do {\
@@ -1804,7 +1804,7 @@ static gboolean nstrace_seek_read_v30(wtap *wth, gint64 seek_off,
/*
** Get the record length.
** The maximum value of the record data size is 65535, which is less
- ** than WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it.
+ ** than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it.
*/
record_length = nspr_getv20recordsize(&hdr);
diff --git a/wiretap/netscreen.c b/wiretap/netscreen.c
index 1a913d6862..f3f76a318c 100644
--- a/wiretap/netscreen.c
+++ b/wiretap/netscreen.c
@@ -293,14 +293,14 @@ parse_netscreen_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer* buf,
*err_info = g_strdup("netscreen: packet header has a negative packet length");
return FALSE;
}
- if (pkt_len > WTAP_MAX_PACKET_SIZE) {
+ if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("netscreen: File has %u-byte packet, bigger than maximum of %u",
- pkt_len, WTAP_MAX_PACKET_SIZE);
+ pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/nettl.c b/wiretap/nettl.c
index 371beb4c01..533fa8678e 100644
--- a/wiretap/nettl.c
+++ b/wiretap/nettl.c
@@ -569,14 +569,14 @@ nettl_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
pseudo_header->nettl.pid = pntoh32(&rec_hdr.pid);
pseudo_header->nettl.uid = pntoh16(&rec_hdr.uid);
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("nettl: File has %u-byte packet, bigger than maximum of %u",
- phdr->caplen, WTAP_MAX_PACKET_SIZE);
+ phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
@@ -695,7 +695,7 @@ static gboolean nettl_dump(wtap_dumper *wdh,
}
/* Don't write anything we're not willing to read. */
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
diff --git a/wiretap/nettrace_3gpp_32_423.c b/wiretap/nettrace_3gpp_32_423.c
index 08c8a3c258..2549270940 100644
--- a/wiretap/nettrace_3gpp_32_423.c
+++ b/wiretap/nettrace_3gpp_32_423.c
@@ -788,7 +788,7 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_
int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data);
int_data_mand->wtap_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU;
int_data_mand->time_units_per_second = 1000000; /* default microsecond resolution */
- int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE;
+ int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD;
wtap_block_add_string_option(int_data, OPT_IDB_NAME, "Fake IF", strlen("Fake IF"));
int_data_mand->num_stat_entries = 0; /* Number of ISB:s */
int_data_mand->interface_statistics = NULL;
@@ -796,7 +796,7 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_
g_array_append_val(idb_inf->interface_data, int_data);
wdh_exp_pdu = wtap_dump_fdopen_ng(import_file_fd, WTAP_FILE_TYPE_SUBTYPE_PCAPNG, WTAP_ENCAP_WIRESHARK_UPPER_PDU,
- WTAP_MAX_PACKET_SIZE, FALSE, shb_hdrs, idb_inf, NULL, &exp_pdu_file_err);
+ WTAP_MAX_PACKET_SIZE_STANDARD, FALSE, shb_hdrs, idb_inf, NULL, &exp_pdu_file_err);
if (wdh_exp_pdu == NULL) {
result = WTAP_OPEN_ERROR;
goto end;
diff --git a/wiretap/network_instruments.c b/wiretap/network_instruments.c
index a09d1b7f48..c0d24138c3 100644
--- a/wiretap/network_instruments.c
+++ b/wiretap/network_instruments.c
@@ -493,7 +493,7 @@ process_packet_header(wtap *wth, packet_entry_header *packet_header,
}
/*
* The maximum value of packet_header->captured_size is 65535, which
- * is less than WTAP_MAX_PACKET_SIZE will ever be, so we don't need
+ * is less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need
* to check it.
*/
diff --git a/wiretap/netxray.c b/wiretap/netxray.c
index cf1d6fb41c..d298d03642 100644
--- a/wiretap/netxray.c
+++ b/wiretap/netxray.c
@@ -1925,7 +1925,7 @@ netxray_dump_2_0(wtap_dumper *wdh,
}
/* Don't write anything we're not willing to read. */
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c
index 829ba74526..83cf88083a 100644
--- a/wiretap/ngsniffer.c
+++ b/wiretap/ngsniffer.c
@@ -1300,7 +1300,7 @@ ngsniffer_process_record(wtap *wth, gboolean is_random, guint *padding,
}
/*
* The maximum value of length is 65535, which is less than
- * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check
+ * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check
* it.
*/
diff --git a/wiretap/packetlogger.c b/wiretap/packetlogger.c
index 6094b84cb7..909371543b 100644
--- a/wiretap/packetlogger.c
+++ b/wiretap/packetlogger.c
@@ -183,14 +183,14 @@ packetlogger_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer
*err_info = g_strdup_printf("packetlogger: record length %u is too small", pl_hdr.len);
return FALSE;
}
- if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE) {
+ if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("packetlogger: File has %u-byte packet, bigger than maximum of %u",
- pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE);
+ pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/pcap-common.c b/wiretap/pcap-common.c
index e67cd3956f..0950e5adad 100644
--- a/wiretap/pcap-common.c
+++ b/wiretap/pcap-common.c
@@ -702,6 +702,27 @@ wtap_wtap_encap_to_pcap_encap(int encap)
return -1;
}
+/*
+ * For most encapsulations, we use WTAP_MAX_PACKET_SIZE_STANDARD, as
+ * that should be enough for most link-layer types, and shouldn't be
+ * too big.
+ *
+ * For D-Bus, we use WTAP_MAX_PACKET_SIZE_DBUS, because the maximum
+ * D-Bus message size is 128MB, which is bigger than we'd want for
+ * all link-layer types - files with that snapshot length might cause
+ * some programs reading them to allocate a huge and wasteful buffer
+ * and, at least on 32-bit platforms, run the risk of running out of
+ * memory.
+ */
+guint
+wtap_max_snaplen_for_encap(int wtap_encap)
+{
+ if (wtap_encap == WTAP_ENCAP_DBUS)
+ return WTAP_MAX_PACKET_SIZE_DBUS;
+ else
+ return WTAP_MAX_PACKET_SIZE_STANDARD;
+}
+
gboolean
wtap_encap_requires_phdr(int wtap_encap)
{
diff --git a/wiretap/pcap-common.h b/wiretap/pcap-common.h
index fd15ce292a..da95cf546f 100644
--- a/wiretap/pcap-common.h
+++ b/wiretap/pcap-common.h
@@ -29,6 +29,8 @@
#include "wtap.h"
#include "ws_symbol_export.h"
+extern guint wtap_max_snaplen_for_encap(int wtap_encap);
+
extern int pcap_process_pseudo_header(FILE_T fh, int file_type, int wtap_encap,
guint packet_size, gboolean check_packet_size,
struct wtap_pkthdr *phdr, int *err, gchar **err_info);
diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c
index f21e028c94..9217781341 100644
--- a/wiretap/pcapng.c
+++ b/wiretap/pcapng.c
@@ -737,14 +737,14 @@ pcapng_read_if_descr_block(wtap *wth, FILE_T fh, pcapng_block_header_t *bh,
wtap_encap_string(if_descr_mand->wtap_encap),
if_descr_mand->snap_len);
- if (if_descr_mand->snap_len > WTAP_MAX_PACKET_SIZE) {
- /* This is unrealistic, but text2pcap currently uses 102400.
+ if (if_descr_mand->snap_len > wtap_max_snaplen_for_encap(if_descr_mand->wtap_encap)) {
+ /*
* We do not use this value, maybe we should check the
* snap_len of the packets against it. For now, only warn.
*/
pcapng_debug("pcapng_read_if_descr_block: snapshot length %u unrealistic.",
if_descr_mand->snap_len);
- /*if_descr_mand->snap_len = WTAP_MAX_PACKET_SIZE;*/
+ /*if_descr_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD;*/
}
/* Options */
@@ -1164,12 +1164,6 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta
}
}
- if (packet.cap_len > WTAP_MAX_PACKET_SIZE) {
- *err = WTAP_ERR_BAD_FILE;
- *err_info = g_strdup_printf("pcapng_read_packet_block: cap_len %u is larger than WTAP_MAX_PACKET_SIZE %u",
- packet.cap_len, WTAP_MAX_PACKET_SIZE);
- return FALSE;
- }
pcapng_debug("pcapng_read_packet_block: packet data: packet_len %u captured_len %u interface_id %u",
packet.packet_len,
packet.cap_len,
@@ -1184,6 +1178,14 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta
iface_info = g_array_index(pn->interfaces, interface_info_t,
packet.interface_id);
+ if (packet.cap_len > wtap_max_snaplen_for_encap(iface_info.wtap_encap)) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("pcapng_read_packet_block: cap_len %u is larger than %u",
+ packet.cap_len,
+ wtap_max_snaplen_for_encap(iface_info.wtap_encap));
+ return FALSE;
+ }
+
wblock->packet_header->rec_type = REC_TYPE_PACKET;
wblock->packet_header->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID;
@@ -1466,10 +1468,11 @@ pcapng_read_simple_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *
return FALSE;
}
- if (simple_packet.cap_len > WTAP_MAX_PACKET_SIZE) {
+ if (simple_packet.cap_len > wtap_max_snaplen_for_encap(iface_info.wtap_encap)) {
*err = WTAP_ERR_BAD_FILE;
- *err_info = g_strdup_printf("pcapng_read_simple_packet_block: cap_len %u is larger than WTAP_MAX_PACKET_SIZE %u",
- simple_packet.cap_len, WTAP_MAX_PACKET_SIZE);
+ *err_info = g_strdup_printf("pcapng_read_simple_packet_block: cap_len %u is larger than %u",
+ simple_packet.cap_len,
+ wtap_max_snaplen_for_encap(iface_info.wtap_encap));
return FALSE;
}
pcapng_debug("pcapng_read_simple_packet_block: packet data: packet_len %u",
@@ -2951,7 +2954,7 @@ pcapng_write_enhanced_packet_block(wtap_dumper *wdh,
wtapng_if_descr_mandatory_t *int_data_mand;
/* Don't write anything we're not willing to read. */
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > wtap_max_snaplen_for_encap(wdh->encap)) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
@@ -3140,7 +3143,7 @@ pcapng_write_sysdig_event_block(wtap_dumper *wdh,
guint16 event_type;
/* Don't write anything we're not willing to read. */
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
diff --git a/wiretap/peekclassic.c b/wiretap/peekclassic.c
index 91569e2abb..a0fce6d6f7 100644
--- a/wiretap/peekclassic.c
+++ b/wiretap/peekclassic.c
@@ -437,7 +437,7 @@ static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh,
}
/*
* The maximum value of sliceLength and length are 65535, which
- * are less than WTAP_MAX_PACKET_SIZE will ever be, so we don't
+ * are less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't
* need to check them.
*/
@@ -621,7 +621,7 @@ static gboolean peekclassic_read_packet_v56(wtap *wth, FILE_T fh,
}
/*
* The maximum value of sliceLength and length are 65535, which
- * are less than WTAP_MAX_PACKET_SIZE will ever be, so we don't
+ * are less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't
* need to check them.
*/
diff --git a/wiretap/peektagged.c b/wiretap/peektagged.c
index 943ca0e058..b9f76a3a93 100644
--- a/wiretap/peektagged.c
+++ b/wiretap/peektagged.c
@@ -715,14 +715,14 @@ peektagged_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
if (sliceLength == 0)
sliceLength = length;
- if (sliceLength > WTAP_MAX_PACKET_SIZE) {
+ if (sliceLength > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("peektagged: File has %u-byte packet, bigger than maximum of %u",
- sliceLength, WTAP_MAX_PACKET_SIZE);
+ sliceLength, WTAP_MAX_PACKET_SIZE_STANDARD);
return -1;
}
diff --git a/wiretap/pppdump.c b/wiretap/pppdump.c
index 0b4f1bca37..ca6177ef0d 100644
--- a/wiretap/pppdump.c
+++ b/wiretap/pppdump.c
@@ -85,7 +85,7 @@ Daniel Thompson (STMicroelectronics) <daniel.thompson@st.com>
* sizeof(lcp_header) + sizeof(ipcp_header). PPPD_MTU is *very* rarely
* larger than 1500 so this value is fine.
*
- * It's less than WTAP_MAX_PACKET_SIZE, so we don't have to worry about
+ * It's less than WTAP_MAX_PACKET_SIZE_STANDARD, so we don't have to worry about
* too-large packets.
*/
#define PPPD_BUF_SIZE 8192
diff --git a/wiretap/radcom.c b/wiretap/radcom.c
index f86b1f3e23..54e5e9b441 100644
--- a/wiretap/radcom.c
+++ b/wiretap/radcom.c
@@ -316,7 +316,7 @@ radcom_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
real_length = pletoh16(&hdr.real_length);
/*
* The maximum value of length is 65535, which is less than
- * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check
+ * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check
* it.
*/
diff --git a/wiretap/snoop.c b/wiretap/snoop.c
index 1831e422c6..4468028d77 100644
--- a/wiretap/snoop.c
+++ b/wiretap/snoop.c
@@ -484,24 +484,24 @@ snoop_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
rec_size = g_ntohl(hdr.rec_len);
orig_size = g_ntohl(hdr.orig_len);
packet_size = g_ntohl(hdr.incl_len);
- if (orig_size > WTAP_MAX_PACKET_SIZE) {
+ if (orig_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("snoop: File has %u-byte original length, bigger than maximum of %u",
- orig_size, WTAP_MAX_PACKET_SIZE);
+ orig_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return -1;
}
- if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("snoop: File has %u-byte packet, bigger than maximum of %u",
- packet_size, WTAP_MAX_PACKET_SIZE);
+ packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return -1;
}
if (packet_size > rec_size) {
@@ -844,7 +844,7 @@ static gboolean snoop_dump(wtap_dumper *wdh,
reclen += padlen;
/* Don't write anything we're not willing to read. */
- if (phdr->caplen + atm_hdrsize > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen + atm_hdrsize > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
diff --git a/wiretap/stanag4607.c b/wiretap/stanag4607.c
index dfe26823b3..731d8200c1 100644
--- a/wiretap/stanag4607.c
+++ b/wiretap/stanag4607.c
@@ -76,14 +76,14 @@ static gboolean stanag4607_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *p
/* The next 4 bytes are the packet length */
packet_size = pntoh32(&stanag_pkt_hdr[2]);
- if (packet_size > WTAP_MAX_PACKET_SIZE) {
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("stanag4607: File has %" G_GUINT32_FORMAT "d-byte packet, "
- "bigger than maximum of %u", packet_size, WTAP_MAX_PACKET_SIZE);
+ "bigger than maximum of %u", packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
if (packet_size < PKT_HDR_SIZE+SEG_HDR_SIZE) {
diff --git a/wiretap/tnef.c b/wiretap/tnef.c
index 2b6266596b..c0f1600aa2 100644
--- a/wiretap/tnef.c
+++ b/wiretap/tnef.c
@@ -35,14 +35,14 @@ static gboolean tnef_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
if ((file_size = wtap_file_size(wth, err)) == -1)
return FALSE;
- if (file_size > WTAP_MAX_PACKET_SIZE) {
+ if (file_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("tnef: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u",
- file_size, WTAP_MAX_PACKET_SIZE);
+ file_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
packet_size = (int)file_size;
diff --git a/wiretap/toshiba.c b/wiretap/toshiba.c
index 091b790884..40e605dfa4 100644
--- a/wiretap/toshiba.c
+++ b/wiretap/toshiba.c
@@ -311,14 +311,14 @@ parse_toshiba_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
*err_info = g_strdup("toshiba: packet header has a negative packet length");
return FALSE;
}
- if (pkt_len > WTAP_MAX_PACKET_SIZE) {
+ if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; don't blow up trying
* to allocate space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("toshiba: File has %u-byte packet, bigger than maximum of %u",
- pkt_len, WTAP_MAX_PACKET_SIZE);
+ pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/visual.c b/wiretap/visual.c
index 2bf675a444..240e10e6a9 100644
--- a/wiretap/visual.c
+++ b/wiretap/visual.c
@@ -511,13 +511,13 @@ visual_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
phdr->caplen = packet_size;
/* Check for too-large packet. */
- if (packet_size > WTAP_MAX_PACKET_SIZE)
+ if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD)
{
/* Probably a corrupt capture file; don't blow up trying
to allocate space for an immensely-large packet. */
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("visual: File has %u-byte packet, bigger than maximum of %u",
- packet_size, WTAP_MAX_PACKET_SIZE);
+ packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
@@ -652,7 +652,7 @@ static gboolean visual_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
}
/* Don't write anything we're not willing to read. */
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
diff --git a/wiretap/vms.c b/wiretap/vms.c
index 9180c0e461..5ab50223a6 100644
--- a/wiretap/vms.c
+++ b/wiretap/vms.c
@@ -397,7 +397,7 @@ parse_vms_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, gch
break;
}
} while (! isdumpline(line));
- if (pkt_len > WTAP_MAX_PACKET_SIZE) {
+ if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
@@ -405,7 +405,7 @@ parse_vms_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, gch
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("vms: File has %u-byte packet, bigger than maximum of %u",
- pkt_len, WTAP_MAX_PACKET_SIZE);
+ pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD);
return FALSE;
}
diff --git a/wiretap/vwr.c b/wiretap/vwr.c
index 015a7a0205..2b04757a79 100644
--- a/wiretap/vwr.c
+++ b/wiretap/vwr.c
@@ -1275,7 +1275,7 @@ static gboolean vwr_read_s1_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr,
*
* The maximum value of actual_octets is 8191, which, even after
* adding the lengths of the metadata headers, is less than
- * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it.
+ * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it.
*/
phdr->len = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets;
phdr->caplen = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets;
@@ -1688,7 +1688,7 @@ static gboolean vwr_read_s2_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr,
*
* The maximum value of actual_octets is 8191, which, even after
* adding the lengths of the metadata headers, is less than
- * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it.
+ * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it.
*/
phdr->len = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets;
phdr->caplen = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets;
@@ -1868,7 +1868,7 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr,
*
* We include the length of the metadata headers in the packet lengths.
*
- * OCTO_MODIFIED_RF_LEN + 1 is less than WTAP_MAX_PACKET_SIZE will
+ * OCTO_MODIFIED_RF_LEN + 1 is less than WTAP_MAX_PACKET_SIZE_STANDARD will
* ever be, so we don't need to check it.
*/
phdr->len = OCTO_MODIFIED_RF_LEN + 1; /* 1st octet is reserved for detecting type of frame while displaying in wireshark */
@@ -2184,14 +2184,14 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr,
phdr->len = OCTO_TIMESTAMP_FIELDS_LEN + OCTO_LAYER1TO4_LEN + actual_octets;
phdr->caplen = OCTO_TIMESTAMP_FIELDS_LEN + OCTO_LAYER1TO4_LEN + actual_octets;
}
- if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+ if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
* space for an immensely-large packet.
*/
*err_info = g_strdup_printf("vwr: File has %u-byte packet, bigger than maximum of %u",
- phdr->caplen, WTAP_MAX_PACKET_SIZE);
+ phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD);
*err = WTAP_ERR_BAD_FILE;
return FALSE;
}
@@ -2696,7 +2696,7 @@ static gboolean vwr_read_rec_data_ethernet(vwr_t *vwr, struct wtap_pkthdr *phdr,
*
* The maximum value of actual_octets is 65535, which, even after
* adding the lengths of the metadata headers, is less than
- * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it.
+ * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it.
*/
phdr->len = STATS_COMMON_FIELDS_LEN + EXT_ETHERNET_FIELDS_LEN + actual_octets;
phdr->caplen = STATS_COMMON_FIELDS_LEN + EXT_ETHERNET_FIELDS_LEN + actual_octets;
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 6b60d51d9d..f5e9a13503 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -376,11 +376,15 @@ extern "C" {
/* if you add to the above, update wtap_tsprec_string() */
/*
- * Maximum packet size we'll support.
- * 262144 is the largest snapshot length that libpcap supports, so we
- * use that.
- */
-#define WTAP_MAX_PACKET_SIZE 262144
+ * We support one maximum packet size for most link-layer header types
+ * and another for D-Bus, because the maximum packet size for D-Bus
+ * is 128MB, and that's a lot bigger than the 256KB that we use elsewhere.
+ * We don't want to write out files that specify a maximum packet size of
+ * 128MB if we don't have to, as software reading those files might
+ * allocate a buffer much larger than necessary, wasting memory.
+ */
+#define WTAP_MAX_PACKET_SIZE_STANDARD 262144
+#define WTAP_MAX_PACKET_SIZE_DBUS (128*1024*1024)
/*
* "Pseudo-headers" are used to supply to the clients of wiretap
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-07 09:24:37 +0000