• John Thacker's avatar
    dumpcap: Don't write fake IDBs for pcapng interfaces · 563307ff
    John Thacker authored and Gerald Combs's avatar Gerald Combs committed
    When we have multiple capture sources, for each one that is a pcapng
    source and supplies its own IDBs, don't create a fake IDB with invalid
    linktype WTAP_ENCAP_UNKNOWN and write it to the output file.
    Instead, use the IDBs from the source, remapping them as necessary.
    For non-pcapng sources, store the output IDB interface ID and write
    EPBs using that, since now the input interface ID and the output
    interface ID are not necessarily the same, if some of the other
    sources are not pcapng.
    Update the capture tests that use multiple FIFO sources, because now we
    don't add two extra IDBs, one for each FIFO. Instead there are
    3 * 11 == 33 total IDBs.
    This prevents some various incompatibilites in Wireshark and other
    tools when a file has interfaces of more than one link type, and also
    has IDBs with an illegal WTAP_ENCAP_UNKNOWN link type.
    Fix #19080