Add a checkbox for the extra detection for ASCII in a hex+ASCII
hexdump even when the text looks like hexbytes to Import from Hex
Dump. Save and restore it from the settings. Work towards #16724.
Based on Gerald's !5562.
Use ws_strtou8() rather than doing all the error checking ourselves.
Have a common routine to call when an IP "next protocol" value is set;
it does all the necessary work, and could also check for colliding
settings, such as combining "-i 99" with "-s", "-S", "-u", or "-T", or
combining "-u" with "-T", or....
A bunch of the globals are simply copied from the input parameter
text_import_info_t, just use them directly.
Move the count for packets read and written into the info type,
so that callers like text2pcap can access them as results.
Since we're using wtap_dump_open[_stdout] from file_access.c now,
we don't need to include io.h or fcntl.h on Windows anymore, and
we don't need to include pcapio either.
Use wtap_dump instead of the pcapio functions for writing files.
This makes it easier to unify with text_import, and also makes it
easier to eventually write other file formats (with a similar option
to the other CLI programs), and allows using the standard CLI error
messages.
Also move some of the option validation before attempting to open
the output file.
Besides the obvious limitation of being unavailable on Windows,
the standard is vague about getopt() and getopt_long() has many
non-portable pitfalls and buggy implementations, that increase
the maintainance cost a lot. Also the GNU libc code currently
in the tree is not suited for embedding and is unmaintainable.
Own maintainership for getopt_long() and use the musl implementation
everywhere. This way we don't need to worry if optreset is available,
or if the $OPERATING_SYSTEM version behaves in subtly different ways.
The API is under the Wireshark namespace to avoid conflicts with
system headers.
Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy
with opterr and known to crash. In my experience it's a headache to
use the embedded getopt implementation if the system provides one.
Don't store the comments in a capture_options structure, because that's
available only if we're being built with capture support, and
--capture-comment can be used in TShark when reading a capture file and
writing another capture file, with no live capture taking place.
This means we don't handle that option in capture_opts_add_opt(); handle
it in the programs that support it.
Support writing multiple comments in dumpcap when capturing.
These changes also fix builds without pcap, and makes --capture-comment
work in Wireshark when a capture is started from the command line with
-k.
Update the help messages to indicate that --capture-comment adds a
capture comment, it doesn't change any comment (much less "the" comment,
as there isn't necessarily a single comment).
Update the man pages:
- not to presume that only pcapng files support file comments (even if
that's true now, it might not be true in the future);
- to note that multiple instances of --capture-comment are supported,
and that multiple comments will be written, whether capturing or reading
one file and writing another;
- clarify that Wireshark doesn't *discard* SHB comments other than the
first one, even though it only displays the first one;
Version info is an aspect of UI implementation so move it to
a more appropriate place, such as ui/. This also helps declutter
the top-level.
A static library is appropriate to encapsulate the dependencies
as private and it is better supported by CMake than object libraries.
Also version_info.h should not be installed as a public header.
Instead of receiving the program name from GLib, pass it explicitly
to ws_log_init() instead and use that to initialize the GLib program
name.
ws_log_parse_args() will now exit the program when it encounters an
argument error if exit_failure >= 0.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
Ensure that public text in error messages and dialogs point to https.
Ensure that the generated PDML files include scripts over https.
Change-Id: I75d42704c2bbb33b05492261b3e1d45dc6e301f9
Reviewed-on: https://code.wireshark.org/review/34027
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No need to do our own copying loop.
Change-Id: Ia3f5065c7b24c5a11e6fa289aef7ca54187fe67e
Reviewed-on: https://code.wireshark.org/review/32385
Reviewed-by: Guy Harris <guy@alum.mit.edu>
hdr_ethernet is a flag indicating whether we should add a fake Ethernet
header or not; make it a Boolean.
Move number_of_padding_bytes() closer to where it is in
ui/text_import.c, and make it more like the version there.
Shift the direction flag to put it in the right bit position - or, at
least, throw in the shift constant to clarify that we're trying to put
it there, even if it's already in the right position (i.e., the shift
constant happens to be 0, as it happens to be in the low-order bits).
Fix a comment.
Change-Id: Ia643d9ab2188951a682bf773239d0175c0d578c2
Reviewed-on: https://code.wireshark.org/review/32337
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add macros to extract the direction, reception type, and FCS length
fields of the pack_flags field, and add definitions for different
directions and reception types.
Add a macro to construct a pack_flags field value from subfields; this
is for use by non-pcapng file readers (the pack_flags field is just a
copy of the EPB flags option, so that's not needed for pcapng).
Move some #defines for that field from packet-frame.c to wtap.h, and
rename them to match the new macros.
Use the macros rather than rolling our own code.
Fix a variable name in text2pcap.c that apparently had the wrong name,
given the value that was being tested.
Change-Id: Ia788ca4e9f5fabd8d24e6ead5ff1817509f54827
Reviewed-on: https://code.wireshark.org/review/32010
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Restore the "main" name since that is used everywhere else except for
Windows. On Windows, "main" is renamed via a macro to avoid a conflict
with "wmain" and to allow it to be called in cli_main.c.
For those wondering, GUI applications (such as Qt) have a different
entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines
WinMain, but seems to convert its arguments from Unicode to CP_ACP
(ASCII). It might not support UTF-8, but I did not verify this.
Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0
Reviewed-on: https://code.wireshark.org/review/31208
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The pcapng file format specification speaks of a secion block, not
a session block. Let the function name reflect the proper name of
the block it writes.
Change-Id: Id399fae3648c93f4750fedaa297b18f95f2bb96f
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31099
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just as IP addresses the IP ID is also an entity that is endianess
sensitive. Select the appropriate value in the same way as the IP
addresses.
Change-Id: Ib2f07ea7820b443d0bf6e58fdc5afd7fc429fe22
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31054
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When generating a capture file from a text file it can be helpfull
to be able to set the capture interface name in the generated IDB.
This can be especially true if later on the generated captures are
merged and the individual IDB's have to be compared. Without a name
every IDB of the same datalink type will be equal and subject to
merge. Also it keeps the individual streams identifiable for the
end user.
Change-Id: I70224379d88f516a0a356bf0b46aebafb69665f0
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31015
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Have a ws_init_version_info() routine that, given an application name
string:
constructs the app-name-and-version-information string, and
saves it;
adds the initial crash information on platforms that support it,
and saves it.
Have show_version() use the saved information and take no arguments.
Add a show_help_header() routine to print the header for --help
command-line options, given a description of the application; it prints
the application name and version information, the description, and the
"See {wireshark.org URL}" line.
Use those routines in various places, including providing the
"application name" string in pcapng SHBs.
Change-Id: I0042a8fcc91aa919ad5c381a8b8674a007ce66df
Reviewed-on: https://code.wireshark.org/review/31029
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That means that code is only in one place, rather than having copies of
it in each of those programs.
CLI programs that, on Windows, should get UTF-8 arguments rather than
arguments in the local code page should:
include the top-level cli_main.h header;
define the main function as real_main();
be built with the top-level cli_main.c file.
On UN*X, cli_main.c has a main() program, and just passes the arguments
on to real_main().
On Windows, cli_main.c has a wmain() function that converts the UTF-16
arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so
that it doesn't use any functions other than those provided by the
system, and then calls real_main() with the argument count and UTF-8
arguments.
Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e
Reviewed-on: https://code.wireshark.org/review/31017
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Get rid of the IMPORT_MAX_PACKET #define; just directly use
WTAP_MAX_PACKET_SIZE_STANDARD, to match what text2pcap.c does.
Update comments in text2pcap.c and ui/text_import.c to say the maximum
packet size is WTAP_MAX_PACKET_SIZE_STANDARD.
Change-Id: I34118f76426d1416fccf43b2a356ad8d200de19b
Ping-Bug: 15292
Reviewed-on: https://code.wireshark.org/review/30945
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The snaplength as saved in the capture file is set to the original
PCAP file length of 65535. In reality the package size can grow to
256kiB. Make use of the correct constant when writing the PCAP file.
Bug: 15292
Change-Id: Ib7710e4151cdc712f3344c1436252f9b3bfb556c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30923
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The glib gboolean and integer types are used interchangably,
while a proper use is easily achievable.
While at it, replace the duplicate definition of the IPv4 source
and destination addresses (endian sensitive).
Change-Id: I5378544f370dc41962eb6303ddeeecb184db14f4
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30770
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When giving the command line option '-D' and having 'I' and 'O' markers in
the hexdump to import the IP addresses are adjusted, transport layer ports
are adjusted, the TCP window information is adjusted, but still the frames
originate from the same interface and go to the other interface.
This changes makes it so that the Ethernet destination and source address
is also adjusted with the direction indicated, to match the other adjusted
addressing used.
Bug: 15287
Change-Id: I762f195ece206ed14e6bca1c1160055df7c4dac1
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30767
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Various parts of the text2pcap documentation need some fixing up.
This change brings them back in line and up to date with current
features.
Change-Id: I038cf5c4943d2a4bbcc3d0fbd8f5e111dcf0d0a9
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30754
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
With the addition of the IPv6 dummy header the logic to set the
correct ethernet protocol has become scattered across the code
and also poured into the actual packet writing code.
Once command line parsing is completed a consistent set of frame
generating parameters should be established.
This change consolidates the ethernet header protocol
determination to one point, with the added benefit of resolving
a possible duplicate IPv4 / IPv6 paramter setting in the same
manner as is done for other conflicting parameters.
Change-Id: I2c0d3ee8ad5a28b216a374dad807406113200fa2
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30691
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Buried at the end of the help text, in the Miscellaneous section,
is the '-n' option to write pcapng format files. This can hardly
be considered miscellaneous but rather an output option.
Move the option in the help text to the output section.
Change-Id: I3e39b75281091d6d5d9607891ef2f97ba031e48a
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30690
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Using -4 or -6 to set an IP address pair to use in the dummy IP
header it is possible to generate a capture in which the next
layer protocol is undefined. Add a check that an next layer
protocol is always set.
Bug: 15275
Change-Id: Ifef54be7f708a0f168d2067f6f691e2611f25428
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30683
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the length field in the IPv6 pseudo header struct and refactor the
pseudo headers initialization
Change-Id: Ie0490dfba051a1112e465aaa6d03909417b2977e
Reviewed-on: https://code.wireshark.org/review/30407
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
When the -i <proto> option is specified the hdr_ip was always set to
TRUE which resulted in a wrong header length when the IPv6 (-6) option
is specified as well. To resolve this set hdr_ip only when -i is specified
without -4 or -6 options.
Change-Id: I21898f27ceaad603b9275ab6878ff4bd8f9586cd
Reviewed-on: https://code.wireshark.org/review/30411
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
According to RFC 8200 the payload length must contain the length of the payload
without the IPv6 header's length
Change-Id: Ibeb18c243edc396eaac6d2ffde73d6c4a6fe75a0
Reviewed-on: https://code.wireshark.org/review/30406
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the IPv6 (-6) option was specified together with either TCP (-T),
UDP (-u) or SCTP (-s/-S) option the generated packet was invalid because
an IPv4 option was implied an a wrong header was added.
Bug: 15194
Change-Id: I5a7b83d8aa3f3ad56f0c8110e598090945e60225
Reviewed-on: https://code.wireshark.org/review/30107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
John Thacker