Update text2pcap documentation

Various parts of the text2pcap documentation need some fixing up.
This change brings them back in line and up to date with current
features.

Change-Id: I038cf5c4943d2a4bbcc3d0fbd8f5e111dcf0d0a9
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30754
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

doc/text2pcap.pod

@@ -28,6 +28,8 @@ S<[ B<-t> E<lt>timefmtE<gt> ]>
 S<[ B<-T> E<lt>srcportE<gt>,E<lt>destportE<gt> ]>
 S<[ B<-u> E<lt>srcportE<gt>,E<lt>destportE<gt> ]>
 S<[ B<-v> ]>
+S<[ B<-4> E<lt>srcipE<gt>,E<lt>destipE<gt> ]>
+S<[ B<-6> E<lt>srcipE<gt>,E<lt>destipE<gt> ]>
 E<lt>I<infile>E<gt>|-
 E<lt>I<outfile>E<gt>|-
 
@@ -115,8 +117,8 @@ multiple times to generate more debugging information.
 =item -D
 
 The text before the packet starts either with an I or O indicating that
-the packet is inbound or outbound.
-This is only stored if the output format is pcapng.
+the packet is inbound or outbound. This is used when generating dummy headers.
+The indication is only stored if the output format is pcapng.
 
 =item -e E<lt>l3pidE<gt>
 
@@ -246,8 +248,8 @@ Example: I<-4 10.0.0.1,10.0.0.2> to use 10.0.0.1 and 10.0.0.2 for all IP packets
 Prepend dummy IP header with specified IPv6 dest and source address.
 This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
 Use this option to apply "custom" IP addresses.
-Example: I<-6 fe80:0:0:0:202:b3ff:fe1e:8329, 2001:0db8:85a3:0000:0000:8a2e:0370:7334> to
-use fe80:0:0:0:202:b3ff:fe1e:8329 and 2001:0db8:85a3:0000:0000:8a2e:0370:7334 for all IP packets.
+Example: I<-6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334> to
+use fe80::202:b3ff:fe1e:8329 and 2001:0db8:85a3::8a2e:0370:7334 for all IP packets.
 
 =back
 

docbook/wsug_src/WSUG_app_tools.asciidoc

@@ -217,13 +217,15 @@ traffic into a libpcap file.
 `text2pcap` is a program that reads in an ASCII hex dump and writes the data
 described into a libpcap-style capture file. text2pcap can read hexdumps with
 multiple packets in them, and build a capture file of multiple packets.
-`text2pcap` is also capable of generating dummy Ethernet, IP and UDP headers, in
-order to build fully processable packet dumps from hexdumps of application-level
-data only.
+`text2pcap` is also capable of generating dummy Ethernet, IP, UDP, TCP or SCTP
+headers, in order to build fully processable packet dumps from hexdumps of
+application-level data only.
 
 `text2pcap` understands a hexdump of the form generated by `od -A x -t x1`. In
 other words, each byte is individually displayed and surrounded with a space.
-Each line begins with an offset describing the position in the file. The offset
+Each line begins with an offset describing the position in the packet, each new
+packet starts with an offset of 0 and there is a space separating the offset
+from the following bytes. The offset
 is a hex number (can also be octal - see `-o`), of more than two hex digits. Here
 is a sample dump that `text2pcap` can recognize:
 
@@ -247,8 +249,11 @@ recognized as being a hex number longer than two characters. Any text after the
 bytes is ignored (e.g. the character dump). Any hex numbers in this text are
 also ignored. An offset of zero is indicative of starting a new packet, so a
 single text file with a series of hexdumps can be converted into a packet
-capture with multiple packets. Multiple packets are read in with timestamps
-differing by one second each. In general, short of these restrictions, text2pcap
+capture with multiple packets. Packets may be preceded by a timestamp. These
+are interpreted according to the format given on the command line. If not, the
+first packet is timestamped with the current time the conversion takes place.
+Multiple packets are written with timestamps differing by one microsecond each.
+In general, short of these restrictions, text2pcap
 is pretty liberal about reading in hexdumps and has been tested with a variety
 of mangled outputs (including being forwarded through email multiple times, with
 limited line wrap etc.)
@@ -262,9 +267,9 @@ way it should be processed e.g. timestamps, encapsulation type etc.
 
 `text2pcap` also allows the user to read in dumps of application-level data, by
 inserting dummy L2, L3 and L4 headers before each packet. Possibilities include
-inserting headers such as Ethernet, Ethernet + IP, Ethernet + IP + UDP, or
-Ethernet + Ip + TCP before each packet. This allows Wireshark or any other
-full-packet decoder to handle these dumps.
+inserting headers such as Ethernet, Ethernet + IP, Ethernet + IP + UDP, or TCP,
+or SCTP before each packet. This allows Wireshark or any other full-packet
+decoder to handle these dumps.
 
 For more information on `text2pcap` consult your local manual page (`man
 text2pcap`) or link:{wireshark-man-page-url}text2pcap.html[the online

text2pcap.c

@@ -33,9 +33,9 @@
  * - No text appears between the offset and the bytes (any bytes appearing after
  *   such text would be ignored)
  *
- * - The offset must be arithmetically correct, i.e. if the offset is 00000020, then
- *   exactly 32 bytes must have been read into this packet before this. If the offset
- *   is wrong, the packet is immediately terminated
+ * - The offset must be arithmetically correct, i.e. if the offset is 00000020,
+ *   then exactly 32 bytes must have been read into this packet before this.
+ *   If the offset is wrong, the packet is immediately terminated
  *
  * A packet start is signaled by a zero offset.
  *
@@ -51,7 +51,7 @@
  *
  * The output is a libpcap packet containing Ethernet frames by
  * default. This program takes options which allow the user to add
- * dummy Ethernet, IP and UDP or TCP headers to the packets in order
+ * dummy Ethernet, IP and UDP, TCP or SCTP headers to the packets in order
  * to allow dumps of L3 or higher protocols to be decoded.
  *
  * Considerable flexibility is built into this code to read hexdumps
@@ -1377,7 +1377,8 @@ print_usage (FILE *output)
             "                         used as the default for unspecified fields.\n"
             "  -D                     the text before the packet starts with an I or an O,\n"
             "                         indicating that the packet is inbound or outbound.\n"
-            "                         This is only stored if the output format is pcapng.\n"
+            "                         This is used when generating dummy headers.\n"
+            "                         The indication is only stored if the output format is pcapng.\n"
             "  -a                     enable ASCII text dump identification.\n"
             "                         The start of the ASCII text dump can be identified\n"
             "                         and excluded from the packet data, even if it looks\n"
@@ -1406,9 +1407,9 @@ print_usage (FILE *output)
             "  -4 <srcip>,<destip>    prepend dummy IPv4 header with specified\n"
             "                         dest and source address.\n"
             "                         Example: -4 10.0.0.1,10.0.0.2\n"
-            "  -6 <srcip>,<destip>    replace IPv6 header with specified\n"
+            "  -6 <srcip>,<destip>    prepend dummy IPv6 header with specified\n"
             "                         dest and source address.\n"
-            "                         Example: -6 fe80:0:0:0:202:b3ff:fe1e:8329,2001:0db8:85a3:0000:0000:8a2e:0370:7334\n"
+            "                         Example: -6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334\n"
             "  -u <srcp>,<destp>      prepend dummy UDP header with specified\n"
             "                         source and destination ports (in DECIMAL).\n"
             "                         Automatically prepends Ethernet & IP headers as well.\n"