osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

text2pcap: encap types option (instead of link type) 

Add an option to text2pcap to specify the encapsulation type
via wiretap encapsulation type short names instead of pcap
link layer types, similar to editcap.

Update the documentation to reflect this.
pespin/osmux-wip
John Thacker 2022-01-12 23:11:01 -05:00 committed by A Wireshark GitLab Utility
parent 3f6c273e11
commit d2fd2eeb31
3 changed files with 124 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
doc/text2pcap.adoc
View File

@ -17,6 +17,7 @@ text2pcap - Generate a capture file from an ASCII hexdump of packets
[ *-b* 2|8|16|64 ]
[ *-D* ]
[ *-e* <l3pid> ]
[ *-E* <encapsulation type> ]
[ *-F* <file format> ]
[ *-h* ]
[ *-i* <proto> ]
@ -147,13 +148,14 @@ and hex encoding:
The regex is compiled with multiline support, and it is recommended to use
the anchors '^' and '$' for best results.
*Text2pcap* also allows the user to read in dumps of
application-level data, by inserting dummy L2, L3 and L4 headers
before each packet. The user can elect to insert Ethernet headers,
Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before each
packet. This allows Wireshark or any other full-packet decoder to
handle these dumps. These encapsulation options can be used in both
hexdump mode and regex mode.
*Text2pcap* also allows the user to read in dumps of application-level
data and insert dummy L2, L3 and L4 headers before each packet. This allows
Wireshark or any other full-packet decoder to handle these dumps.
If the encapsulation type is Ethernet, the user can elect to insert Ethernet
headers, Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before
each packet. The fake headers can also be used with the Raw IP, Raw IPv4,
or Raw IPv6 encapsulations, with the Ethernet header omitted. These
encapsulation options can be used in both hexdump mode and regex mode.
When <__infile__> or <__outfile__> are '-', standard input or standard
output, respectively, are used.
@ -182,11 +184,16 @@ in hexdump mode.
-D::
+
--
The text before the packet may start either with an I or O indicating that
the packet is inbound or outbound. This is used when generating dummy headers.
The indication is only stored if the output format supports it (e.g. pcapng.)
Indicates that the text before each input packet may start either with an I
or O indicating that the packet is inbound or outbound. If both this flag
and the __t__ flag are used, the directional indicator is expected before
the time code.
This parameter has no effect in regex mode, where the presence of the `<dir>`
capturing group determines whether direction indicators are expected.
Direction indication is stored in the packet headers if the output format
supports it (e.g. pcapng), and is also used when generating dummy headers
to swap the source and destination addresses and ports as appropriate.
--
-e <l3pid>::
@ -198,13 +205,26 @@ for the Ethernet header in hex. Use this option if your dump has Layer
encapsulation. Example: __-e 0x806__ to specify an ARP packet.
For IP packets, instead of generating a fake Ethernet header you can
also use __-l 101__ to indicate a raw IP packet to Wireshark. Note that
__-l 101__ does not work for any non-IP Layer 3 packet (e.g. ARP),
whereas generating a dummy Ethernet header with __-e__ works for any
sort of L3 packet.
also use __-E rawip__ or __-l 101__ to indicate raw IP encapsulation.
Note that raw IP encapsulation does not work for any non-IP Layer 3 packet
(e.g. ARP), whereas generating a dummy Ethernet header with __-e__ works
for any sort of L3 packet.
--
-F <file format>::
-E <encapsulation type>::
+
--
Sets the packet encapsulation type of the output capture file.
*text2pcap -E* provides a list of the available types; note that not
all file formats support all encapsulation types. The default type is
ether (Ethernet).
*NOTE:* This sets the encapsulation type of the output file, but does
not translate the packet headers or add additional headers. It is used
to specify the encapsulation that matches the input data.
--
-F <file format>::
+
--
Sets the file format of the output capture file. *Text2pcap* can write
@ -232,15 +252,14 @@ https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml for
the complete list of assigned internet protocol numbers.
--
-l::
-l <typenum>::
+
--
Specify the link-layer header type of this packet. Default is Ethernet
(1). See https://www.tcpdump.org/linktypes.html for the complete list
of possible encapsulations. Note that this option should be used if
your dump is a complete hex dump of an encapsulated packet and you wish
to specify the exact type of encapsulation. Example: __-l 7__ for ARCNet
packets encapsulated BSD-style.
Sets the packet encapsulation type of the output capture file, using
pcap link-layer header type numbers. Default is Ethernet (1).
See https://www.tcpdump.org/linktypes.html for the complete list
of possible encapsulations.
Example: __-l 7__ for ARCNet packets encapsulated BSD-style.
--
-m <max-packet>::

3
docbook/release-notes.adoc
View File

@ -62,6 +62,9 @@ They previously shipped with Npcap 1.55.
** text2pcap supports writing the output file in all the capture file formats
that wiretap library supports, using the same "-F" option as editcap,
mergecap, and tshark.
** text2pcap supports selecting the encapsulation type of the output file
format using the wiretap library short names with an "-E" option, similiar
to the "-T" option of editcap.
** text2pcap has been updated to use the new logging output options and the
"-d" flag has been removed. The "debug" log level corresponds to the old
"-d" flag, and the "noisy" log level corresponds to using "-d" multiple times.

99
text2pcap.c
View File

@ -86,6 +86,7 @@
#include <glib.h>
#include <wsutil/str_util.h>
#include <wsutil/strnatcmp.h>
#include <wsutil/wslog.h>
#include <wsutil/ws_getopt.h>
@ -162,9 +163,6 @@ static char *output_filename;
static wtap_dumper* wdh;
/* Encapsulation type; see wiretap/wtap.h for details */
static guint32 wtap_encap_type = 1; /* Default is WTAP_ENCAP_ETHERNET */
/*----------------------------------------------------------------------
* Print usage string and exit
*/
@ -214,11 +212,13 @@ print_usage (FILE *output)
"Output:\n"
" -F <capture type> set the output file type; default is pcap.\n"
" an empty \"-F\" option will list the file types.\n"
" -l <typenum> link-layer type number; default is 1 (Ethernet). See\n"
" -E <encap type> set the output file encapsulation type; default is\n"
" ether (Ethernet). An empty \"-E\" option will list\n"
" the encapsulation types.\n"
" -l <typenum> set the output file encapsulation type via link-layer\n"
" type number; default is 1 (Ethernet). See\n"
" https://www.tcpdump.org/linktypes.html for a list of\n"
" numbers. Use this option if your dump is a complete\n"
" hex dump of an encapsulated packet and you wish to\n"
" specify the exact type of encapsulation.\n"
" numbers.\n"
" Example: -l 7 for ARCNet packets.\n"
" -m <max-packet> max packet length in output; default is %d\n"
" -n use pcapng instead of pcap as output format.\n"
@ -289,16 +289,62 @@ set_hdr_ip_proto(guint8 ip_proto)
static void
list_capture_types(void) {
GArray *writable_type_subtypes;
GArray *writable_type_subtypes;
cmdarg_err("The available capture file types for the \"-F\" flag are:\n");
writable_type_subtypes = wtap_get_writable_file_types_subtypes(FT_SORT_BY_NAME);
for (guint i = 0; i < writable_type_subtypes->len; i++) {
int ft = g_array_index(writable_type_subtypes, int, i);
fprintf(stderr, " %s - %s\n", wtap_file_type_subtype_name(ft),
cmdarg_err("The available capture file types for the \"-F\" flag are:\n");
writable_type_subtypes = wtap_get_writable_file_types_subtypes(FT_SORT_BY_NAME);
for (guint i = 0; i < writable_type_subtypes->len; i++) {
int ft = g_array_index(writable_type_subtypes, int, i);
fprintf(stderr, " %s - %s\n", wtap_file_type_subtype_name(ft),
wtap_file_type_subtype_description(ft));
}
g_array_free(writable_type_subtypes, TRUE);
}
g_array_free(writable_type_subtypes, TRUE);
}
struct string_elem {
const char *sstr; /* The short string */
const char *lstr; /* The long string */
};
static gint
string_nat_compare(gconstpointer a, gconstpointer b)
{
return ws_ascii_strnatcmp(((const struct string_elem *)a)->sstr,
((const struct string_elem *)b)->sstr);
}
static void
string_elem_print(gpointer data, gpointer stream_ptr)
{
fprintf((FILE *) stream_ptr, " %s - %s\n",
((struct string_elem *)data)->sstr,
((struct string_elem *)data)->lstr);
}
static void
list_encap_types(void) {
int i;
struct string_elem *encaps;
GSList *list = NULL;
encaps = g_new(struct string_elem, wtap_get_num_encap_types());
cmdarg_err("The available encapsulation types for the \"-E\" flag are:\n");
for (i = 0; i < wtap_get_num_encap_types(); i++) {
/* Exclude wtap encapsulations that require a pseudo header,
* because we won't setup one from the text we import and
* wiretap doesn't allow us to write 'raw' frames
*/
if (!wtap_encap_requires_phdr(i)) {
encaps[i].sstr = wtap_encap_name(i);
if (encaps[i].sstr != NULL) {
encaps[i].lstr = wtap_encap_description(i);
list = g_slist_insert_sorted(list, &encaps[i], string_nat_compare);
}
}
}
g_slist_foreach(list, string_elem_print, stderr);
g_slist_free(list);
g_free(encaps);
}
/*----------------------------------------------------------------------
@ -319,6 +365,7 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
/* Link-layer type; see https://www.tcpdump.org/linktypes.html for details */
guint32 pcap_link_type = 1; /* Default is LINKTYPE_ETHERNET */
int file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_UNKNOWN;
int wtap_encap_type = WTAP_ENCAP_ETHERNET;
int err;
char* err_info;
GError* gerror = NULL;
@ -333,7 +380,7 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
ws_init_version_info("Text2pcap (Wireshark)", NULL, NULL, NULL);
/* Scan CLI parameters */
while ((c = ws_getopt_long(argc, argv, "hqab:De:F:i:l:m:nN:o:u:P:r:s:S:t:T:v4:6:", long_options, NULL)) != -1) {
while ((c = ws_getopt_long(argc, argv, "hqab:De:E:F:i:l:m:nN:o:u:P:r:s:S:t:T:v4:6:", long_options, NULL)) != -1) {
switch (c) {
case 'h':
show_help_header("Generate a capture file from an ASCII hexdump of packets.");
@ -343,7 +390,10 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
case 'q': quiet = TRUE; break;
case 'a': info->hexdump.identify_ascii = TRUE; break;
case 'D': info->hexdump.has_direction = TRUE; break;
case 'l': pcap_link_type = (guint32)strtol(ws_optarg, NULL, 0); break;
case 'l':
pcap_link_type = (guint32)strtol(ws_optarg, NULL, 0);
wtap_encap_type = wtap_pcap_encap_to_wtap_encap(pcap_link_type);
break;
case 'm': max_offset = (guint32)strtol(ws_optarg, NULL, 0); break;
case 'n': file_type_subtype = wtap_pcapng_file_type_subtype(); break;
case 'N': interface_name = ws_optarg; break;
@ -391,6 +441,15 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
}
break;
case 'E':
wtap_encap_type = wtap_name_to_encap(ws_optarg);
if (wtap_encap_type < 0) {
cmdarg_err("\"%s\" isn't a valid encapsulation type", ws_optarg);
list_encap_types();
return INVALID_OPTION;
}
break;
case 'F':
file_type_subtype = wtap_name_to_file_type_subtype(ws_optarg);
if (file_type_subtype < 0) {
@ -649,6 +708,10 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
case '?':
switch(ws_optopt) {
case 'E':
list_encap_types();
return INVALID_OPTION;
break;
case 'F':
list_capture_types();
return INVALID_OPTION;
@ -712,8 +775,6 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
hdr_ip = TRUE;
}
wtap_encap_type = wtap_pcap_encap_to_wtap_encap(pcap_link_type);
if (hdr_export_pdu && wtap_encap_type != WTAP_ENCAP_WIRESHARK_UPPER_PDU) {
cmdarg_err("Export PDU (-P) requires WIRESHARK_UPPER_PDU link type (252)");
return INVALID_OPTION;