Add an option to text2pcap to specify the encapsulation type
via wiretap encapsulation type short names instead of pcap
link layer types, similar to editcap.
Update the documentation to reflect this.
In text2pcap and Import from Hex Dump, allow fake IP headers with
the appropriate versions when the Raw IP, Raw IPv4, and Raw IPv6
encapsulations are specified. In such cases, do not add a dummy
Ethernet header.
Continue to reject other encapsulations besides these, Ethernet,
and Wireshark Upper PDU when appropriate. Add some checks for the
encapsulation type in text_import as well, instead of just assuming
that the callers handle it correctly.
Support all possible file formats that wiretap writes, using the
same "-F" flag that other CLI tools like editcap, mergecap, and tshark
support. Default is still pcap for now; a future commit will switch
to pcapng and remove the "-n" option, to match other CLI tools.
Add support in text2pcap for the regex mode added to "Import from
Hex Dump" in 3.6.0 The input and output indicators cannot (yet?)
be configured, and are set to the default of allowing any of "iI<"
for inbound and "oO>" for outbound. This reaches feature parity
between text2pcap and Import from Hex Dump, fixes#16724.
(There might be some more cleanups to do, including docs.)
Move the parameter setup to text_import, so that later it can
be called from the GUI, including the interface name. (This has
to be a separate function because these parameters need to be
set before the call to wtap_dump_open, which is different for
regular files vs temp files vs stdout.)
Remove the '-d' option from text2pcap, and move the two levels
of debug messages in text2pcap and text_import to either
LOG_LEVEL_DEBUG or LOG_LEVEL_NOISY as appropriate.
Add a checkbox for the extra detection for ASCII in a hex+ASCII
hexdump even when the text looks like hexbytes to Import from Hex
Dump. Save and restore it from the settings. Work towards #16724.
Based on Gerald's !5562.
Use ws_strtou8() rather than doing all the error checking ourselves.
Have a common routine to call when an IP "next protocol" value is set;
it does all the necessary work, and could also check for colliding
settings, such as combining "-i 99" with "-s", "-S", "-u", or "-T", or
combining "-u" with "-T", or....
A bunch of the globals are simply copied from the input parameter
text_import_info_t, just use them directly.
Move the count for packets read and written into the info type,
so that callers like text2pcap can access them as results.
Since we're using wtap_dump_open[_stdout] from file_access.c now,
we don't need to include io.h or fcntl.h on Windows anymore, and
we don't need to include pcapio either.
Use wtap_dump instead of the pcapio functions for writing files.
This makes it easier to unify with text_import, and also makes it
easier to eventually write other file formats (with a similar option
to the other CLI programs), and allows using the standard CLI error
messages.
Also move some of the option validation before attempting to open
the output file.
Besides the obvious limitation of being unavailable on Windows,
the standard is vague about getopt() and getopt_long() has many
non-portable pitfalls and buggy implementations, that increase
the maintainance cost a lot. Also the GNU libc code currently
in the tree is not suited for embedding and is unmaintainable.
Own maintainership for getopt_long() and use the musl implementation
everywhere. This way we don't need to worry if optreset is available,
or if the $OPERATING_SYSTEM version behaves in subtly different ways.
The API is under the Wireshark namespace to avoid conflicts with
system headers.
Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy
with opterr and known to crash. In my experience it's a headache to
use the embedded getopt implementation if the system provides one.
Don't store the comments in a capture_options structure, because that's
available only if we're being built with capture support, and
--capture-comment can be used in TShark when reading a capture file and
writing another capture file, with no live capture taking place.
This means we don't handle that option in capture_opts_add_opt(); handle
it in the programs that support it.
Support writing multiple comments in dumpcap when capturing.
These changes also fix builds without pcap, and makes --capture-comment
work in Wireshark when a capture is started from the command line with
-k.
Update the help messages to indicate that --capture-comment adds a
capture comment, it doesn't change any comment (much less "the" comment,
as there isn't necessarily a single comment).
Update the man pages:
- not to presume that only pcapng files support file comments (even if
that's true now, it might not be true in the future);
- to note that multiple instances of --capture-comment are supported,
and that multiple comments will be written, whether capturing or reading
one file and writing another;
- clarify that Wireshark doesn't *discard* SHB comments other than the
first one, even though it only displays the first one;
Version info is an aspect of UI implementation so move it to
a more appropriate place, such as ui/. This also helps declutter
the top-level.
A static library is appropriate to encapsulate the dependencies
as private and it is better supported by CMake than object libraries.
Also version_info.h should not be installed as a public header.
Instead of receiving the program name from GLib, pass it explicitly
to ws_log_init() instead and use that to initialize the GLib program
name.
ws_log_parse_args() will now exit the program when it encounters an
argument error if exit_failure >= 0.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
Ensure that public text in error messages and dialogs point to https.
Ensure that the generated PDML files include scripts over https.
Change-Id: I75d42704c2bbb33b05492261b3e1d45dc6e301f9
Reviewed-on: https://code.wireshark.org/review/34027
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No need to do our own copying loop.
Change-Id: Ia3f5065c7b24c5a11e6fa289aef7ca54187fe67e
Reviewed-on: https://code.wireshark.org/review/32385
Reviewed-by: Guy Harris <guy@alum.mit.edu>
hdr_ethernet is a flag indicating whether we should add a fake Ethernet
header or not; make it a Boolean.
Move number_of_padding_bytes() closer to where it is in
ui/text_import.c, and make it more like the version there.
Shift the direction flag to put it in the right bit position - or, at
least, throw in the shift constant to clarify that we're trying to put
it there, even if it's already in the right position (i.e., the shift
constant happens to be 0, as it happens to be in the low-order bits).
Fix a comment.
Change-Id: Ia643d9ab2188951a682bf773239d0175c0d578c2
Reviewed-on: https://code.wireshark.org/review/32337
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add macros to extract the direction, reception type, and FCS length
fields of the pack_flags field, and add definitions for different
directions and reception types.
Add a macro to construct a pack_flags field value from subfields; this
is for use by non-pcapng file readers (the pack_flags field is just a
copy of the EPB flags option, so that's not needed for pcapng).
Move some #defines for that field from packet-frame.c to wtap.h, and
rename them to match the new macros.
Use the macros rather than rolling our own code.
Fix a variable name in text2pcap.c that apparently had the wrong name,
given the value that was being tested.
Change-Id: Ia788ca4e9f5fabd8d24e6ead5ff1817509f54827
Reviewed-on: https://code.wireshark.org/review/32010
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Restore the "main" name since that is used everywhere else except for
Windows. On Windows, "main" is renamed via a macro to avoid a conflict
with "wmain" and to allow it to be called in cli_main.c.
For those wondering, GUI applications (such as Qt) have a different
entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines
WinMain, but seems to convert its arguments from Unicode to CP_ACP
(ASCII). It might not support UTF-8, but I did not verify this.
Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0
Reviewed-on: https://code.wireshark.org/review/31208
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The pcapng file format specification speaks of a secion block, not
a session block. Let the function name reflect the proper name of
the block it writes.
Change-Id: Id399fae3648c93f4750fedaa297b18f95f2bb96f
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31099
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just as IP addresses the IP ID is also an entity that is endianess
sensitive. Select the appropriate value in the same way as the IP
addresses.
Change-Id: Ib2f07ea7820b443d0bf6e58fdc5afd7fc429fe22
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31054
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When generating a capture file from a text file it can be helpfull
to be able to set the capture interface name in the generated IDB.
This can be especially true if later on the generated captures are
merged and the individual IDB's have to be compared. Without a name
every IDB of the same datalink type will be equal and subject to
merge. Also it keeps the individual streams identifiable for the
end user.
Change-Id: I70224379d88f516a0a356bf0b46aebafb69665f0
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31015
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Have a ws_init_version_info() routine that, given an application name
string:
constructs the app-name-and-version-information string, and
saves it;
adds the initial crash information on platforms that support it,
and saves it.
Have show_version() use the saved information and take no arguments.
Add a show_help_header() routine to print the header for --help
command-line options, given a description of the application; it prints
the application name and version information, the description, and the
"See {wireshark.org URL}" line.
Use those routines in various places, including providing the
"application name" string in pcapng SHBs.
Change-Id: I0042a8fcc91aa919ad5c381a8b8674a007ce66df
Reviewed-on: https://code.wireshark.org/review/31029
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That means that code is only in one place, rather than having copies of
it in each of those programs.
CLI programs that, on Windows, should get UTF-8 arguments rather than
arguments in the local code page should:
include the top-level cli_main.h header;
define the main function as real_main();
be built with the top-level cli_main.c file.
On UN*X, cli_main.c has a main() program, and just passes the arguments
on to real_main().
On Windows, cli_main.c has a wmain() function that converts the UTF-16
arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so
that it doesn't use any functions other than those provided by the
system, and then calls real_main() with the argument count and UTF-8
arguments.
Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e
Reviewed-on: https://code.wireshark.org/review/31017
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Get rid of the IMPORT_MAX_PACKET #define; just directly use
WTAP_MAX_PACKET_SIZE_STANDARD, to match what text2pcap.c does.
Update comments in text2pcap.c and ui/text_import.c to say the maximum
packet size is WTAP_MAX_PACKET_SIZE_STANDARD.
Change-Id: I34118f76426d1416fccf43b2a356ad8d200de19b
Ping-Bug: 15292
Reviewed-on: https://code.wireshark.org/review/30945
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The snaplength as saved in the capture file is set to the original
PCAP file length of 65535. In reality the package size can grow to
256kiB. Make use of the correct constant when writing the PCAP file.
Bug: 15292
Change-Id: Ib7710e4151cdc712f3344c1436252f9b3bfb556c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30923
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The glib gboolean and integer types are used interchangably,
while a proper use is easily achievable.
While at it, replace the duplicate definition of the IPv4 source
and destination addresses (endian sensitive).
Change-Id: I5378544f370dc41962eb6303ddeeecb184db14f4
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30770
Reviewed-by: Anders Broman <a.broman58@gmail.com>