text2pcap: encap types option (instead of link type)

Add an option to text2pcap to specify the encapsulation type
via wiretap encapsulation type short names instead of pcap
link layer types, similar to editcap.

Update the documentation to reflect this.

3 files changed, 124 insertions, 41 deletions

diff --git a/doc/text2pcap.adoc b/doc/text2pcap.adoc
index f499cd56bd..874dc3bf72 100644
--- a/doc/text2pcap.adoc
+++ b/doc/text2pcap.adoc
@@ -17,6 +17,7 @@ text2pcap - Generate a capture file from an ASCII hexdump of packets
 [ *-b* 2|8|16|64 ]
 [ *-D* ]
 [ *-e* <l3pid> ]
+[ *-E* <encapsulation type> ]
 [ *-F* <file format> ]
 [ *-h* ]
 [ *-i* <proto> ]
@@ -147,13 +148,14 @@ and hex encoding:
 The regex is compiled with multiline support, and it is recommended to use
 the anchors '^' and '$' for best results.
 
-*Text2pcap* also allows the user to read in dumps of
-application-level data, by inserting dummy L2, L3 and L4 headers
-before each packet. The user can elect to insert Ethernet headers,
-Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before each
-packet. This allows Wireshark or any other full-packet decoder to
-handle these dumps. These encapsulation options can be used in both
-hexdump mode and regex mode.
+*Text2pcap* also allows the user to read in dumps of application-level
+data and insert dummy L2, L3 and L4 headers before each packet. This allows
+Wireshark or any other full-packet decoder to handle these dumps.
+If the encapsulation type is Ethernet, the user can elect to insert Ethernet
+headers, Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before
+each packet. The fake headers can also be used with the Raw IP, Raw IPv4,
+or Raw IPv6 encapsulations, with the Ethernet header omitted. These
+encapsulation options can be used in both hexdump mode and regex mode.
 
 When <__infile__> or <__outfile__> are '-', standard input or standard
 output, respectively, are used.
@@ -182,11 +184,16 @@ in hexdump mode.
 -D::
 +
 --
-The text before the packet may start either with an I or O indicating that
-the packet is inbound or outbound. This is used when generating dummy headers.
-The indication is only stored if the output format supports it (e.g. pcapng.)
+Indicates that the text before each input packet may start either with an I
+or O indicating that the packet is inbound or outbound. If both this flag
+and the __t__ flag are used, the directional indicator is expected before
+the time code.
 This parameter has no effect in regex mode, where the presence of the `<dir>`
 capturing group determines whether direction indicators are expected.
+
+Direction indication is stored in the packet headers if the output format
+supports it (e.g. pcapng), and is also used when generating dummy headers
+to swap the source and destination addresses and ports as appropriate.
 --
 
 -e <l3pid>::
@@ -198,13 +205,26 @@ for the Ethernet header in hex. Use this option if your dump has Layer
 encapsulation. Example: __-e 0x806__ to specify an ARP packet.
 
 For IP packets, instead of generating a fake Ethernet header you can
-also use __-l 101__ to indicate a raw IP packet to Wireshark. Note that
-__-l 101__ does not work for any non-IP Layer 3 packet (e.g. ARP),
-whereas generating a dummy Ethernet header with __-e__ works for any
-sort of L3 packet.
+also use __-E rawip__ or __-l 101__ to indicate raw IP encapsulation.
+Note that raw IP encapsulation does not work for any non-IP Layer 3 packet
+(e.g. ARP), whereas generating a dummy Ethernet header with __-e__ works
+for any sort of L3 packet.
+--
+
+-E <encapsulation type>::
++
+--
+Sets the packet encapsulation type of the output capture file.
+*text2pcap -E* provides a list of the available types; note that not
+all file formats support all encapsulation types.  The default type is
+ether (Ethernet).
+
+*NOTE:* This sets the encapsulation type of the output file, but does
+not translate the packet headers or add additional headers. It is used
+to specify the encapsulation that matches the input data.
 --
 
--F  <file format>::
+-F <file format>::
 +
 --
 Sets the file format of the output capture file. *Text2pcap* can write
@@ -232,15 +252,14 @@ https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml for
 the complete list of assigned internet protocol numbers.
 --
 
--l::
+-l <typenum>::
 +
 --
-Specify the link-layer header type of this packet.  Default is Ethernet
-(1).  See https://www.tcpdump.org/linktypes.html for the complete list
-of possible encapsulations.  Note that this option should be used if
-your dump is a complete hex dump of an encapsulated packet and you wish
-to specify the exact type of encapsulation.  Example: __-l 7__ for ARCNet
-packets encapsulated BSD-style.
+Sets the packet encapsulation type of the output capture file, using
+pcap link-layer header type numbers.  Default is Ethernet (1).
+See https://www.tcpdump.org/linktypes.html for the complete list
+of possible encapsulations.
+Example: __-l 7__ for ARCNet packets encapsulated BSD-style.
 --
 
 -m <max-packet>::
diff --git a/docbook/release-notes.adoc b/docbook/release-notes.adoc
index 38f3884360..e783472e5e 100644
--- a/docbook/release-notes.adoc
+++ b/docbook/release-notes.adoc
@@ -62,6 +62,9 @@ They previously shipped with Npcap 1.55.
 ** text2pcap supports writing the output file in all the capture file formats
    that wiretap library supports, using the same "-F" option as editcap,
    mergecap, and tshark.
+** text2pcap supports selecting the encapsulation type of the output file
+   format using the wiretap library short names with an "-E" option, similiar
+   to the "-T" option of editcap.
 ** text2pcap has been updated to use the new logging output options and the
   "-d" flag has been removed. The "debug" log level corresponds to the old
   "-d" flag, and the "noisy" log level corresponds to using "-d" multiple times.
diff --git a/text2pcap.c b/text2pcap.c
index 627cbef61a..0d6718d638 100644
--- a/text2pcap.c
+++ b/text2pcap.c
@@ -86,6 +86,7 @@
 #include <glib.h>
 
 #include <wsutil/str_util.h>
+#include <wsutil/strnatcmp.h>
 #include <wsutil/wslog.h>
 #include <wsutil/ws_getopt.h>
 
@@ -162,9 +163,6 @@ static char *output_filename;
 
 static wtap_dumper* wdh;
 
-/* Encapsulation type; see wiretap/wtap.h for details */
-static guint32 wtap_encap_type = 1;   /* Default is WTAP_ENCAP_ETHERNET */
-
 /*----------------------------------------------------------------------
  * Print usage string and exit
  */
@@ -214,11 +212,13 @@ print_usage (FILE *output)
             "Output:\n"
             "  -F <capture type>      set the output file type; default is pcap.\n"
             "                         an empty \"-F\" option will list the file types.\n"
-            "  -l <typenum>           link-layer type number; default is 1 (Ethernet).  See\n"
+            "  -E <encap type>        set the output file encapsulation type; default is\n"
+            "                         ether (Ethernet). An empty \"-E\" option will list\n"
+            "                         the encapsulation types.\n"
+            "  -l <typenum>           set the output file encapsulation type via link-layer\n"
+            "                         type number; default is 1 (Ethernet). See\n"
             "                         https://www.tcpdump.org/linktypes.html for a list of\n"
-            "                         numbers.  Use this option if your dump is a complete\n"
-            "                         hex dump of an encapsulated packet and you wish to\n"
-            "                         specify the exact type of encapsulation.\n"
+            "                         numbers.\n"
             "                         Example: -l 7 for ARCNet packets.\n"
             "  -m <max-packet>        max packet length in output; default is %d\n"
             "  -n                     use pcapng instead of pcap as output format.\n"
@@ -289,16 +289,62 @@ set_hdr_ip_proto(guint8 ip_proto)
 
 static void
 list_capture_types(void) {
-  GArray *writable_type_subtypes;
+    GArray *writable_type_subtypes;
 
-  cmdarg_err("The available capture file types for the \"-F\" flag are:\n");
-  writable_type_subtypes = wtap_get_writable_file_types_subtypes(FT_SORT_BY_NAME);
-  for (guint i = 0; i < writable_type_subtypes->len; i++) {
-    int ft = g_array_index(writable_type_subtypes, int, i);
-    fprintf(stderr, "    %s - %s\n", wtap_file_type_subtype_name(ft),
+    cmdarg_err("The available capture file types for the \"-F\" flag are:\n");
+    writable_type_subtypes = wtap_get_writable_file_types_subtypes(FT_SORT_BY_NAME);
+    for (guint i = 0; i < writable_type_subtypes->len; i++) {
+        int ft = g_array_index(writable_type_subtypes, int, i);
+        fprintf(stderr, "    %s - %s\n", wtap_file_type_subtype_name(ft),
             wtap_file_type_subtype_description(ft));
-  }
-  g_array_free(writable_type_subtypes, TRUE);
+    }
+    g_array_free(writable_type_subtypes, TRUE);
+}
+
+struct string_elem {
+    const char *sstr;   /* The short string */
+    const char *lstr;   /* The long string */
+};
+
+static gint
+string_nat_compare(gconstpointer a, gconstpointer b)
+{
+    return ws_ascii_strnatcmp(((const struct string_elem *)a)->sstr,
+        ((const struct string_elem *)b)->sstr);
+}
+
+static void
+string_elem_print(gpointer data, gpointer stream_ptr)
+{
+    fprintf((FILE *) stream_ptr, "    %s - %s\n",
+        ((struct string_elem *)data)->sstr,
+        ((struct string_elem *)data)->lstr);
+}
+
+static void
+list_encap_types(void) {
+    int i;
+    struct string_elem *encaps;
+    GSList *list = NULL;
+
+    encaps = g_new(struct string_elem, wtap_get_num_encap_types());
+    cmdarg_err("The available encapsulation types for the \"-E\" flag are:\n");
+    for (i = 0; i < wtap_get_num_encap_types(); i++) {
+        /* Exclude wtap encapsulations that require a pseudo header,
+         * because we won't setup one from the text we import and
+         * wiretap doesn't allow us to write 'raw' frames
+         */
+        if (!wtap_encap_requires_phdr(i)) {
+            encaps[i].sstr = wtap_encap_name(i);
+            if (encaps[i].sstr != NULL) {
+                encaps[i].lstr = wtap_encap_description(i);
+                list = g_slist_insert_sorted(list, &encaps[i], string_nat_compare);
+            }
+        }
+    }
+    g_slist_foreach(list, string_elem_print, stderr);
+    g_slist_free(list);
+    g_free(encaps);
 }
 
 /*----------------------------------------------------------------------
@@ -319,6 +365,7 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
     /* Link-layer type; see https://www.tcpdump.org/linktypes.html for details */
     guint32 pcap_link_type = 1;   /* Default is LINKTYPE_ETHERNET */
     int file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_UNKNOWN;
+    int wtap_encap_type = WTAP_ENCAP_ETHERNET;
     int err;
     char* err_info;
     GError* gerror = NULL;
@@ -333,7 +380,7 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
     ws_init_version_info("Text2pcap (Wireshark)", NULL, NULL, NULL);
 
     /* Scan CLI parameters */
-    while ((c = ws_getopt_long(argc, argv, "hqab:De:F:i:l:m:nN:o:u:P:r:s:S:t:T:v4:6:", long_options, NULL)) != -1) {
+    while ((c = ws_getopt_long(argc, argv, "hqab:De:E:F:i:l:m:nN:o:u:P:r:s:S:t:T:v4:6:", long_options, NULL)) != -1) {
         switch (c) {
         case 'h':
             show_help_header("Generate a capture file from an ASCII hexdump of packets.");
@@ -343,7 +390,10 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
         case 'q': quiet = TRUE; break;
         case 'a': info->hexdump.identify_ascii = TRUE; break;
         case 'D': info->hexdump.has_direction = TRUE; break;
-        case 'l': pcap_link_type = (guint32)strtol(ws_optarg, NULL, 0); break;
+        case 'l':
+            pcap_link_type = (guint32)strtol(ws_optarg, NULL, 0);
+            wtap_encap_type = wtap_pcap_encap_to_wtap_encap(pcap_link_type);
+            break;
         case 'm': max_offset = (guint32)strtol(ws_optarg, NULL, 0); break;
         case 'n': file_type_subtype = wtap_pcapng_file_type_subtype(); break;
         case 'N': interface_name = ws_optarg; break;
@@ -391,6 +441,15 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
             }
             break;
 
+        case 'E':
+            wtap_encap_type = wtap_name_to_encap(ws_optarg);
+            if (wtap_encap_type < 0) {
+                cmdarg_err("\"%s\" isn't a valid encapsulation type", ws_optarg);
+                list_encap_types();
+                return INVALID_OPTION;
+            }
+            break;
+
         case 'F':
             file_type_subtype = wtap_name_to_file_type_subtype(ws_optarg);
             if  (file_type_subtype < 0) {
@@ -649,6 +708,10 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
 
         case '?':
             switch(ws_optopt) {
+            case 'E':
+                list_encap_types();
+                return INVALID_OPTION;
+                break;
             case 'F':
                 list_capture_types();
                 return INVALID_OPTION;
@@ -712,8 +775,6 @@ parse_options(int argc, char *argv[], text_import_info_t * const info, wtap_dump
         hdr_ip = TRUE;
     }
 
-    wtap_encap_type = wtap_pcap_encap_to_wtap_encap(pcap_link_type);
-
     if (hdr_export_pdu && wtap_encap_type != WTAP_ENCAP_WIRESHARK_UPPER_PDU) {
         cmdarg_err("Export PDU (-P) requires WIRESHARK_UPPER_PDU link type (252)");
         return INVALID_OPTION;