Martin Mathieson wrote:
Hi,
I'm using editcap with Catapult DCT2000 log files. The wiretap module
doesn't set wth->snapshot_len, so its coming out as 0.
It was intentionally left as 0, as I thought this corresponded to "we
have the whole frame, its not truncated". Most other wiretap modules
seem to do the same.
editcap.c has this test:
if(phdr->caplen > wtap_snapshot_length(wth)) {
fprintf(stderr, "Warning: packet %d too big for file type,
skipping it...\n", count);
count++;
continue;
}
which will discard any packet which has the snapshot length set to 0.
I'm happily using this test instead, i.e. only do the comparison if its
non-zero.
if((wtap_snapshot_length(wth) != 0) && (phdr->caplen >
wtap_snapshot_length(wth))) {
fprintf(stderr, "Warning: packet %d too big for file type,
skipping it...\n", count);
count++;
continue;
}
Would it be correct to check in this change?
Should the wiretap modules set some large value for the snapshot length
instead?
(For the record, you made the change proposed above in r38132.)
I put in the original check to try to solve a fuzz testing problem
(r37633), but I think Gerald's solution (r37634) makes more sense. So I
backed out (that part of) 37633 in r38155.
I also scheduled r37634 for 1.6.2.
