text2pcap now has support for fractional sections using the field
descriptor %f and doesn't support the old method, so change the format
string in the test. None of the existing tests depended on the
fractional seconds being correct.
If we're in the no offset mode and we parse an offset,
warn the user and ignore. At the very beginning of the file try
adding it to the preamble, maybe there's something unfortunate
like an all numeric time stamp format (ISO-8601 Basic).
Based on Gerald's !5562.
Use ws_strtou8() rather than doing all the error checking ourselves.
Have a common routine to call when an IP "next protocol" value is set;
it does all the necessary work, and could also check for colliding
settings, such as combining "-i 99" with "-s", "-S", "-u", or "-T", or
combining "-u" with "-T", or....
A bunch of the globals are simply copied from the input parameter
text_import_info_t, just use them directly.
Move the count for packets read and written into the info type,
so that callers like text2pcap can access them as results.
Don't exit in the middle with unexpected values. Report a failure
and return a failed exit status when something goes really wrong.
Use warnings when appropriate, like when a time code value couldn't
be parsed.
Includes allowing the string "ISO" in the format string text box
in the GUI, so this works in "Import from Hex Dump" as well as
being for the text2pcap transition. Part of #16724.
Use report_message and report wtap_dump failures. Pass in
the output filename and keep track of the frame numbers for
the message parameters.
Report failure to initialize the lex scanner in text_import
instead of in the GUI, so that it would be reported from text2pcap,
and because text_import might have other failure cases that are
not the scanner.
The regex parser returns a positive number of packets processed
on success; save that number in text_import, and return zero on
success to our callers.
This is the special check for canonical hex+ASCII textdump
files that looks for the edge case where the beginning of the
ASCII column has strings that can be mistaken by the parser for
additional hex bytes. Not implemented in the GUI yet. Preparing
for text2pcap switchover. Related to #16724.
CMake's FindPerl module and our FindNSIS and FindWiX modules can find
perl, makensis, and the various WiX utilities in their default locations
so we don't need to prepopulate our PATH.
Update FindWiX to look for version 3.11.
Adjust the grammar to recognize two trailing hexadecimal characters
without a LF as a byte as well. Ported from text2pcap and commit
22cf80d30d which explains why this
is safe. More work for #16724.
To complete the set of equality operators add an "all equal"
operator that matches a frame if all fields match the condition.
The symbol chosen for "all_eq" is "===".
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
Add IPv6 handling to text_import, including the ability to
handle dummy IPv6 addresses instead of IPv4. GUI support is
still TBD. This further reduces the number of text2pcap features
that ui/text_import does not yet support. Related to #16724.
Add dummy IPv4 addresses to the text_import_info_t struct, and
use them if set in the same way text2pcap does. GUI support in
"Import from Hex Dump" is not added yet. This is also part of the
work for text2pcap to eventually call text_import. Related to #16724.
Since we're using wtap_dump_open[_stdout] from file_access.c now,
we don't need to include io.h or fcntl.h on Windows anymore, and
we don't need to include pcapio either.
Fixes a bunch of package warnings, and teaches the Debian package to
respect make install rules, and even more importantly to respect header
visibility rules, as defined by the build system. This prevents
private headers to be installed to the target system.
Remove the broken by design system that requires developers to
constantly fix headers by hand. Again the source of truth for which
headers are system headers is the build system, and that's what
any package must use, without requiring constant syncing of
installation rules in CMake and Debian.
The encapsulation type that text_import expects and puts
directly into rec.rec_header.packet_header.pkt_encap is a
wiretap encap type, not a pcap link type. Fix the name and
comment appropriately.
Use wtap_dump instead of the pcapio functions for writing files.
This makes it easier to unify with text_import, and also makes it
easier to eventually write other file formats (with a similar option
to the other CLI programs), and allows using the standard CLI error
messages.
Also move some of the option validation before attempting to open
the output file.
On Windows the POSIX read() and write() don't use the C99/POSIX
types size_t and ssize_t so we must do the same to avoid
gymnastics to squelch narrowing warnings.
This adds two types for that purpose that have the correct
definition for both Windows and POSIX.
The Enhanced Trading Interface (ETI) protocol and the Enhanced
Order Book Interface (EOBI) protocol are used by a few European
exchanges such as Eurex, Xetra and Börse Frankfurt.
Basically, a trader uses ETI to communicate with a matching
engine (over TCP), e.g. to add a new order, modify an existing
one, etc. while the matching engine also publicizes the current
state of the order book via EOBI over multicast UDP feeds.
ETI actually consists of two variants, i.e. ETI for derivatives
markets (such as Eurex) and ETI for cash markets (such as Xetra).
A common convention is to abbreviate them as ETI (for
derivatives) and XTI (for cash).
These protocols share the same encoding, i.e. messages start with
a length and a tag field and most messages and fields are fixed
size. See also
https://github.com/gsauthof/python-eti#protocol-introduction for
some more details.
The protocol specifications are openly available (cf.
https://github.com/gsauthof/python-eti#protocol-descriptions for
direct links) in human and machine-readable (XML) formats.
The Wireshark ETI/XTI/EOBI dissectors are code-generated by
`eti2wireshark.py`
(https://github.com/gsauthof/python-eti/blob/master/eti2wireshark.py)
which is GPL licensed. See also
https://github.com/gsauthof/python-eti#wireshark-protocol-dissectors
for usage examples and related work.
John Thacker