On Fri, Dec 03, 2021 at 12:28:23PM +0100, Jaap Keuter wrote:
> With commit a0173cd7 you’ve added ISO-8601 date support to text2pcap.
> The “Import from Hex dump...” feature of Wireshark is supposed to be equally capable.
> Would you be able to add this capability there as well?
While I agree that this would make sense, the C++ code looks so different, that I don't
know where to add this code (and it doesn't help that I don't understand C++ beyond simple
C).
In order for this to really behave the same, the acutual parsing funtionality should
probably be in code used by both text2pcap and the GUI and be put into the ui/ folder,
where we keep code common to CLI and QT. Also, it would be nice if the Regular _expression_
feature from 8c1b29a597764cd3e4 could be ported back to the CLI as well.
So if anyone feels like refactoring these things into common code, that would make sense
from my point of view, but there is really not much I can achieve while only spending a
sensible amount of time.
I have refactored the parsing functionality used by both text2pcap and the GUI into the ui/ folder and checked it in.
The ISO-8601 date support does work in the GUI, through the undocumented hack of putting "ISO" for the time format string (the GUI will accept it), same as what text2pcap accepts. Everything supported by one or the other still works, but there's a few features that only one supports (see
https://gitlab.com/wireshark/wireshark/-/issues/16724 for an issue tracking):
CLI missing:
1) Regex support
2) Export PDU
3) No offset, everything into one big packet (should be easy)
GUI missing:
1) IPv6 dummy headers
2) Custom IPv4 and IPv6 addresses
3) Special try extra hard to deal with hex+ASCII dumps where the ASCII coincidentally looks like a byte
4) Writing to pcap instead of pcapng
The documentation needs to be updated, and then after that there's a few possible enhancements that would be nice to have. (Use command line options similar to other CLI, support other file formats, etc.)
John Thacker