forked from osmocom/wireshark
text2pcap: encap types option (instead of link type)
Add an option to text2pcap to specify the encapsulation type via wiretap encapsulation type short names instead of pcap link layer types, similar to editcap. Update the documentation to reflect this.
This commit is contained in:
parent
3f6c273e11
commit
d2fd2eeb31
|
@ -17,6 +17,7 @@ text2pcap - Generate a capture file from an ASCII hexdump of packets
|
||||||
[ *-b* 2|8|16|64 ]
|
[ *-b* 2|8|16|64 ]
|
||||||
[ *-D* ]
|
[ *-D* ]
|
||||||
[ *-e* <l3pid> ]
|
[ *-e* <l3pid> ]
|
||||||
|
[ *-E* <encapsulation type> ]
|
||||||
[ *-F* <file format> ]
|
[ *-F* <file format> ]
|
||||||
[ *-h* ]
|
[ *-h* ]
|
||||||
[ *-i* <proto> ]
|
[ *-i* <proto> ]
|
||||||
|
@ -147,13 +148,14 @@ and hex encoding:
|
||||||
The regex is compiled with multiline support, and it is recommended to use
|
The regex is compiled with multiline support, and it is recommended to use
|
||||||
the anchors '^' and '$' for best results.
|
the anchors '^' and '$' for best results.
|
||||||
|
|
||||||
*Text2pcap* also allows the user to read in dumps of
|
*Text2pcap* also allows the user to read in dumps of application-level
|
||||||
application-level data, by inserting dummy L2, L3 and L4 headers
|
data and insert dummy L2, L3 and L4 headers before each packet. This allows
|
||||||
before each packet. The user can elect to insert Ethernet headers,
|
Wireshark or any other full-packet decoder to handle these dumps.
|
||||||
Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before each
|
If the encapsulation type is Ethernet, the user can elect to insert Ethernet
|
||||||
packet. This allows Wireshark or any other full-packet decoder to
|
headers, Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before
|
||||||
handle these dumps. These encapsulation options can be used in both
|
each packet. The fake headers can also be used with the Raw IP, Raw IPv4,
|
||||||
hexdump mode and regex mode.
|
or Raw IPv6 encapsulations, with the Ethernet header omitted. These
|
||||||
|
encapsulation options can be used in both hexdump mode and regex mode.
|
||||||
|
|
||||||
When <__infile__> or <__outfile__> are '-', standard input or standard
|
When <__infile__> or <__outfile__> are '-', standard input or standard
|
||||||
output, respectively, are used.
|
output, respectively, are used.
|
||||||
|
@ -182,11 +184,16 @@ in hexdump mode.
|
||||||
-D::
|
-D::
|
||||||
+
|
+
|
||||||
--
|
--
|
||||||
The text before the packet may start either with an I or O indicating that
|
Indicates that the text before each input packet may start either with an I
|
||||||
the packet is inbound or outbound. This is used when generating dummy headers.
|
or O indicating that the packet is inbound or outbound. If both this flag
|
||||||
The indication is only stored if the output format supports it (e.g. pcapng.)
|
and the __t__ flag are used, the directional indicator is expected before
|
||||||
|
the time code.
|
||||||
This parameter has no effect in regex mode, where the presence of the `<dir>`
|
This parameter has no effect in regex mode, where the presence of the `<dir>`
|
||||||
capturing group determines whether direction indicators are expected.
|
capturing group determines whether direction indicators are expected.
|
||||||
|
|
||||||
|
Direction indication is stored in the packet headers if the output format
|
||||||
|
supports it (e.g. pcapng), and is also used when generating dummy headers
|
||||||
|
to swap the source and destination addresses and ports as appropriate.
|
||||||
--
|
--
|
||||||
|
|
||||||
-e <l3pid>::
|
-e <l3pid>::
|
||||||
|
@ -198,13 +205,26 @@ for the Ethernet header in hex. Use this option if your dump has Layer
|
||||||
encapsulation. Example: __-e 0x806__ to specify an ARP packet.
|
encapsulation. Example: __-e 0x806__ to specify an ARP packet.
|
||||||
|
|
||||||
For IP packets, instead of generating a fake Ethernet header you can
|
For IP packets, instead of generating a fake Ethernet header you can
|
||||||
also use __-l 101__ to indicate a raw IP packet to Wireshark. Note that
|
also use __-E rawip__ or __-l 101__ to indicate raw IP encapsulation.
|
||||||
__-l 101__ does not work for any non-IP Layer 3 packet (e.g. ARP),
|
Note that raw IP encapsulation does not work for any non-IP Layer 3 packet
|
||||||
whereas generating a dummy Ethernet header with __-e__ works for any
|
(e.g. ARP), whereas generating a dummy Ethernet header with __-e__ works
|
||||||
sort of L3 packet.
|
for any sort of L3 packet.
|
||||||
--
|
--
|
||||||
|
|
||||||
-F <file format>::
|
-E <encapsulation type>::
|
||||||
|
+
|
||||||
|
--
|
||||||
|
Sets the packet encapsulation type of the output capture file.
|
||||||
|
*text2pcap -E* provides a list of the available types; note that not
|
||||||
|
all file formats support all encapsulation types. The default type is
|
||||||
|
ether (Ethernet).
|
||||||
|
|
||||||
|
*NOTE:* This sets the encapsulation type of the output file, but does
|
||||||
|
not translate the packet headers or add additional headers. It is used
|
||||||
|
to specify the encapsulation that matches the input data.
|
||||||
|
--
|
||||||
|
|
||||||
|
-F <file format>::
|
||||||
+
|
+
|
||||||
--
|
--
|
||||||
Sets the file format of the output capture file. *Text2pcap* can write
|
Sets the file format of the output capture file. *Text2pcap* can write
|
||||||
|
@ -232,15 +252,14 @@ https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml for
|
||||||
the complete list of assigned internet protocol numbers.
|
the complete list of assigned internet protocol numbers.
|
||||||
--
|
--
|
||||||
|
|
||||||
-l::
|
-l <typenum>::
|
||||||
+
|
+
|
||||||
--
|
--
|
||||||
Specify the link-layer header type of this packet. Default is Ethernet
|
Sets the packet encapsulation type of the output capture file, using
|
||||||
(1). See https://www.tcpdump.org/linktypes.html for the complete list
|
pcap link-layer header type numbers. Default is Ethernet (1).
|
||||||
of possible encapsulations. Note that this option should be used if
|
See https://www.tcpdump.org/linktypes.html for the complete list
|
||||||
your dump is a complete hex dump of an encapsulated packet and you wish
|
of possible encapsulations.
|
||||||
to specify the exact type of encapsulation. Example: __-l 7__ for ARCNet
|
Example: __-l 7__ for ARCNet packets encapsulated BSD-style.
|
||||||
packets encapsulated BSD-style.
|
|
||||||
--
|
--
|
||||||
|
|
||||||
-m <max-packet>::
|
-m <max-packet>::
|
||||||
|
|
|
@ -62,6 +62,9 @@ They previously shipped with Npcap 1.55.
|
||||||
** text2pcap supports writing the output file in all the capture file formats
|
** text2pcap supports writing the output file in all the capture file formats
|
||||||
that wiretap library supports, using the same "-F" option as editcap,
|
that wiretap library supports, using the same "-F" option as editcap,
|
||||||
mergecap, and tshark.
|
mergecap, and tshark.
|
||||||
|
** text2pcap supports selecting the encapsulation type of the output file
|
||||||
|
format using the wiretap library short names with an "-E" option, similiar
|
||||||
|
to the "-T" option of editcap.
|
||||||
** text2pcap has been updated to use the new logging output options and the
|
** text2pcap has been updated to use the new logging output options and the
|
||||||
"-d" flag has been removed. The "debug" log level corresponds to the old
|
"-d" flag has been removed. The "debug" log level corresponds to the old
|
||||||
"-d" flag, and the "noisy" log level corresponds to using "-d" multiple times.
|
"-d" flag, and the "noisy" log level corresponds to using "-d" multiple times.
|
||||||
|
|
99
text2pcap.c
99
text2pcap.c
|
@ -86,6 +86,7 @@
|
||||||
#include <glib.h>
|
#include <glib.h>
|
||||||
|
|
||||||
#include <wsutil/str_util.h>
|
#include <wsutil/str_util.h>
|
||||||
|
#include <wsutil/strnatcmp.h>
|
||||||
#include <wsutil/wslog.h>
|
#include <wsutil/wslog.h>
|
||||||
#include <wsutil/ws_getopt.h>
|
#include <wsutil/ws_getopt.h>
|
||||||
|
|
||||||
|
@ -162,9 +163,6 @@ static char *output_filename;
|
||||||
|
|
||||||
static wtap_dumper* wdh;
|
static wtap_dumper* wdh;
|
||||||
|
|
||||||
/* Encapsulation type; see wiretap/wtap.h for details */
|
|
||||||
static guint32 wtap_encap_type = 1; /* Default is WTAP_ENCAP_ETHERNET */
|
|
||||||
|
|
||||||
/*----------------------------------------------------------------------
|
/*----------------------------------------------------------------------
|
||||||
* Print usage string and exit
|
* Print usage string and exit
|
||||||
*/
|
*/
|
||||||
|
@ -214,11 +212,13 @@ print_usage (FILE *output)
|
||||||
"Output:\n"
|
"Output:\n"
|
||||||
" -F <capture type> set the output file type; default is pcap.\n"
|
" -F <capture type> set the output file type; default is pcap.\n"
|
||||||
" an empty \"-F\" option will list the file types.\n"
|
" an empty \"-F\" option will list the file types.\n"
|
||||||
" -l <typenum> link-layer type number; default is 1 (Ethernet). See\n"
|
" -E <encap type> set the output file encapsulation type; default is\n"
|
||||||
|
" ether (Ethernet). An empty \"-E\" option will list\n"
|
||||||
|
" the encapsulation types.\n"
|
||||||
|
" -l <typenum> set the output file encapsulation type via link-layer\n"
|
||||||
|
" type number; default is 1 (Ethernet). See\n"
|
||||||
" https://www.tcpdump.org/linktypes.html for a list of\n"
|
" https://www.tcpdump.org/linktypes.html for a list of\n"
|
||||||
" numbers. Use this option if your dump is a complete\n"
|
" numbers.\n"
|
||||||
" hex dump of an encapsulated packet and you wish to\n"
|
|
||||||
" specify the exact type of encapsulation.\n"
|
|
||||||
" Example: -l 7 for ARCNet packets.\n"
|
" Example: -l 7 for ARCNet packets.\n"
|
||||||
" -m <max-packet> max packet length in output; default is %d\n"
|
" -m <max-packet> max packet length in output; default is %d\n"
|
||||||
" -n use pcapng instead of pcap as output format.\n"
|
" -n use pcapng instead of pcap as output format.\n"
|
||||||
|
@ -289,16 +289,62 @@ set_hdr_ip_proto(guint8 ip_proto)
|
||||||
|
|
||||||
static void
|
static void
|
||||||
list_capture_types(void) {
|
list_capture_types(void) {
|
||||||
GArray *writable_type_subtypes;
|
GArray *writable_type_subtypes;
|
||||||
|
|
||||||
cmdarg_err("The available capture file types for the \"-F\" flag are:\n");
|
cmdarg_err("The available capture file types for the \"-F\" flag are:\n");
|
||||||
writable_type_subtypes = wtap_get_writable_file_types_subtypes(FT_SORT_BY_NAME);
|
writable_type_subtypes = wtap_get_writable_file_types_subtypes(FT_SORT_BY_NAME);
|
||||||
for (guint i = 0; i < writable_type_subtypes->len; i++) {
|
for (guint i = 0; i < writable_type_subtypes->len; i++) {
|
||||||
int ft = g_array_index(writable_type_subtypes, int, i);
|
int ft = g_array_index(writable_type_subtypes, int, i);
|
||||||
fprintf(stderr, " %s - %s\n", wtap_file_type_subtype_name(ft),
|
fprintf(stderr, " %s - %s\n", wtap_file_type_subtype_name(ft),
|
||||||
wtap_file_type_subtype_description(ft));
|
wtap_file_type_subtype_description(ft));
|
||||||
}
|
}
|
||||||
g_array_free(writable_type_subtypes, TRUE);
|
g_array_free(writable_type_subtypes, TRUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
struct string_elem {
|
||||||
|
const char *sstr; /* The short string */
|
||||||
|
const char *lstr; /* The long string */
|
||||||
|
};
|
||||||
|
|
||||||
|
static gint
|
||||||
|
string_nat_compare(gconstpointer a, gconstpointer b)
|
||||||
|
{
|
||||||
|
return ws_ascii_strnatcmp(((const struct string_elem *)a)->sstr,
|
||||||
|
((const struct string_elem *)b)->sstr);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
string_elem_print(gpointer data, gpointer stream_ptr)
|
||||||
|
{
|
||||||
|
fprintf((FILE *) stream_ptr, " %s - %s\n",
|
||||||
|
((struct string_elem *)data)->sstr,
|
||||||
|
((struct string_elem *)data)->lstr);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
list_encap_types(void) {
|
||||||
|
int i;
|
||||||
|
struct string_elem *encaps;
|
||||||
|
GSList *list = NULL;
|
||||||
|
|
||||||
|
encaps = g_new(struct string_elem, wtap_get_num_encap_types());
|
||||||
|
cmdarg_err("The available encapsulation types for the \"-E\" flag are:\n");
|
||||||
|
for (i = 0; i < wtap_get_num_encap_types(); i++) {
|
||||||
|
/* Exclude wtap encapsulations that require a pseudo header,
|
||||||
|
* because we won't setup one from the text we import and
|
||||||
|
* wiretap doesn't allow us to write 'raw' frames
|
||||||
|
*/
|
||||||
|
if (!wtap_encap_requires_phdr(i)) {
|
||||||
|
encaps[i].sstr = wtap_encap_name(i);
|
||||||
|
if (encaps[i].sstr != NULL) {
|
||||||
|
encaps[i].lstr = wtap_encap_description(i);
|
||||||
|
list = g_slist_insert_sorted(list, &encaps[i], string_nat_compare);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
g_slist_foreach(list, string_elem_print, stderr);
|
||||||
|
g_slist_free(list);
|
||||||
|
g_free(encaps);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*----------------------------------------------------------------------
|
/*----------------------------------------------------------------------
|
||||||
|
@ -319,6 +365,7 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
|
||||||
/* Link-layer type; see https://www.tcpdump.org/linktypes.html for details */
|
/* Link-layer type; see https://www.tcpdump.org/linktypes.html for details */
|
||||||
guint32 pcap_link_type = 1; /* Default is LINKTYPE_ETHERNET */
|
guint32 pcap_link_type = 1; /* Default is LINKTYPE_ETHERNET */
|
||||||
int file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_UNKNOWN;
|
int file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_UNKNOWN;
|
||||||
|
int wtap_encap_type = WTAP_ENCAP_ETHERNET;
|
||||||
int err;
|
int err;
|
||||||
char* err_info;
|
char* err_info;
|
||||||
GError* gerror = NULL;
|
GError* gerror = NULL;
|
||||||
|
@ -333,7 +380,7 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
|
||||||
ws_init_version_info("Text2pcap (Wireshark)", NULL, NULL, NULL);
|
ws_init_version_info("Text2pcap (Wireshark)", NULL, NULL, NULL);
|
||||||
|
|
||||||
/* Scan CLI parameters */
|
/* Scan CLI parameters */
|
||||||
while ((c = ws_getopt_long(argc, argv, "hqab:De:F:i:l:m:nN:o:u:P:r:s:S:t:T:v4:6:", long_options, NULL)) != -1) {
|
while ((c = ws_getopt_long(argc, argv, "hqab:De:E:F:i:l:m:nN:o:u:P:r:s:S:t:T:v4:6:", long_options, NULL)) != -1) {
|
||||||
switch (c) {
|
switch (c) {
|
||||||
case 'h':
|
case 'h':
|
||||||
show_help_header("Generate a capture file from an ASCII hexdump of packets.");
|
show_help_header("Generate a capture file from an ASCII hexdump of packets.");
|
||||||
|
@ -343,7 +390,10 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
|
||||||
case 'q': quiet = TRUE; break;
|
case 'q': quiet = TRUE; break;
|
||||||
case 'a': info->hexdump.identify_ascii = TRUE; break;
|
case 'a': info->hexdump.identify_ascii = TRUE; break;
|
||||||
case 'D': info->hexdump.has_direction = TRUE; break;
|
case 'D': info->hexdump.has_direction = TRUE; break;
|
||||||
case 'l': pcap_link_type = (guint32)strtol(ws_optarg, NULL, 0); break;
|
case 'l':
|
||||||
|
pcap_link_type = (guint32)strtol(ws_optarg, NULL, 0);
|
||||||
|
wtap_encap_type = wtap_pcap_encap_to_wtap_encap(pcap_link_type);
|
||||||
|
break;
|
||||||
case 'm': max_offset = (guint32)strtol(ws_optarg, NULL, 0); break;
|
case 'm': max_offset = (guint32)strtol(ws_optarg, NULL, 0); break;
|
||||||
case 'n': file_type_subtype = wtap_pcapng_file_type_subtype(); break;
|
case 'n': file_type_subtype = wtap_pcapng_file_type_subtype(); break;
|
||||||
case 'N': interface_name = ws_optarg; break;
|
case 'N': interface_name = ws_optarg; break;
|
||||||
|
@ -391,6 +441,15 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'E':
|
||||||
|
wtap_encap_type = wtap_name_to_encap(ws_optarg);
|
||||||
|
if (wtap_encap_type < 0) {
|
||||||
|
cmdarg_err("\"%s\" isn't a valid encapsulation type", ws_optarg);
|
||||||
|
list_encap_types();
|
||||||
|
return INVALID_OPTION;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
case 'F':
|
case 'F':
|
||||||
file_type_subtype = wtap_name_to_file_type_subtype(ws_optarg);
|
file_type_subtype = wtap_name_to_file_type_subtype(ws_optarg);
|
||||||
if (file_type_subtype < 0) {
|
if (file_type_subtype < 0) {
|
||||||
|
@ -649,6 +708,10 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
|
||||||
|
|
||||||
case '?':
|
case '?':
|
||||||
switch(ws_optopt) {
|
switch(ws_optopt) {
|
||||||
|
case 'E':
|
||||||
|
list_encap_types();
|
||||||
|
return INVALID_OPTION;
|
||||||
|
break;
|
||||||
case 'F':
|
case 'F':
|
||||||
list_capture_types();
|
list_capture_types();
|
||||||
return INVALID_OPTION;
|
return INVALID_OPTION;
|
||||||
|
@ -712,8 +775,6 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
|
||||||
hdr_ip = TRUE;
|
hdr_ip = TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
wtap_encap_type = wtap_pcap_encap_to_wtap_encap(pcap_link_type);
|
|
||||||
|
|
||||||
if (hdr_export_pdu && wtap_encap_type != WTAP_ENCAP_WIRESHARK_UPPER_PDU) {
|
if (hdr_export_pdu && wtap_encap_type != WTAP_ENCAP_WIRESHARK_UPPER_PDU) {
|
||||||
cmdarg_err("Export PDU (-P) requires WIRESHARK_UPPER_PDU link type (252)");
|
cmdarg_err("Export PDU (-P) requires WIRESHARK_UPPER_PDU link type (252)");
|
||||||
return INVALID_OPTION;
|
return INVALID_OPTION;
|
||||||
|
|
Loading…
Reference in New Issue