Add docs/diagnostic-options.adoc, which is a snippet that documents our
various --log-* options. Include it in the dumpcap, rawshark, and tshark
man pages.
Make the ws_log_print_usage output more consistent.
Add a checkbox for the extra detection for ASCII in a hex+ASCII
hexdump even when the text looks like hexbytes to Import from Hex
Dump. Save and restore it from the settings. Work towards #16724.
If you're past the end of the tvbuff, tvb_find_line_end() will, when
reassembly is not being done, return a zero-length line without
advancing next_offset, so, unless you check for being past the end of
the tvbuff, you'll loop forever.
Fixes#17801.
text2pcap now has support for fractional sections using the field
descriptor %f and doesn't support the old method, so change the format
string in the test. None of the existing tests depended on the
fractional seconds being correct.
If we're in the no offset mode and we parse an offset,
warn the user and ignore. At the very beginning of the file try
adding it to the preamble, maybe there's something unfortunate
like an all numeric time stamp format (ISO-8601 Basic).
Based on Gerald's !5562.
Use ws_strtou8() rather than doing all the error checking ourselves.
Have a common routine to call when an IP "next protocol" value is set;
it does all the necessary work, and could also check for colliding
settings, such as combining "-i 99" with "-s", "-S", "-u", or "-T", or
combining "-u" with "-T", or....
A bunch of the globals are simply copied from the input parameter
text_import_info_t, just use them directly.
Move the count for packets read and written into the info type,
so that callers like text2pcap can access them as results.
Don't exit in the middle with unexpected values. Report a failure
and return a failed exit status when something goes really wrong.
Use warnings when appropriate, like when a time code value couldn't
be parsed.
Includes allowing the string "ISO" in the format string text box
in the GUI, so this works in "Import from Hex Dump" as well as
being for the text2pcap transition. Part of #16724.
Use report_message and report wtap_dump failures. Pass in
the output filename and keep track of the frame numbers for
the message parameters.
Report failure to initialize the lex scanner in text_import
instead of in the GUI, so that it would be reported from text2pcap,
and because text_import might have other failure cases that are
not the scanner.
The regex parser returns a positive number of packets processed
on success; save that number in text_import, and return zero on
success to our callers.
This is the special check for canonical hex+ASCII textdump
files that looks for the edge case where the beginning of the
ASCII column has strings that can be mistaken by the parser for
additional hex bytes. Not implemented in the GUI yet. Preparing
for text2pcap switchover. Related to #16724.
CMake's FindPerl module and our FindNSIS and FindWiX modules can find
perl, makensis, and the various WiX utilities in their default locations
so we don't need to prepopulate our PATH.
Update FindWiX to look for version 3.11.
Adjust the grammar to recognize two trailing hexadecimal characters
without a LF as a byte as well. Ported from text2pcap and commit
22cf80d30d which explains why this
is safe. More work for #16724.
To complete the set of equality operators add an "all equal"
operator that matches a frame if all fields match the condition.
The symbol chosen for "all_eq" is "===".
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
Add IPv6 handling to text_import, including the ability to
handle dummy IPv6 addresses instead of IPv4. GUI support is
still TBD. This further reduces the number of text2pcap features
that ui/text_import does not yet support. Related to #16724.
Add dummy IPv4 addresses to the text_import_info_t struct, and
use them if set in the same way text2pcap does. GUI support in
"Import from Hex Dump" is not added yet. This is also part of the
work for text2pcap to eventually call text_import. Related to #16724.
Since we're using wtap_dump_open[_stdout] from file_access.c now,
we don't need to include io.h or fcntl.h on Windows anymore, and
we don't need to include pcapio either.
Fixes a bunch of package warnings, and teaches the Debian package to
respect make install rules, and even more importantly to respect header
visibility rules, as defined by the build system. This prevents
private headers to be installed to the target system.
Remove the broken by design system that requires developers to
constantly fix headers by hand. Again the source of truth for which
headers are system headers is the build system, and that's what
any package must use, without requiring constant syncing of
installation rules in CMake and Debian.
The encapsulation type that text_import expects and puts
directly into rec.rec_header.packet_header.pkt_encap is a
wiretap encap type, not a pcap link type. Fix the name and
comment appropriately.
Use wtap_dump instead of the pcapio functions for writing files.
This makes it easier to unify with text_import, and also makes it
easier to eventually write other file formats (with a similar option
to the other CLI programs), and allows using the standard CLI error
messages.
Also move some of the option validation before attempting to open
the output file.
Gerald Combs