diff options
| -rw-r--r-- | doc/tshark.pod | 6 | ||||
| -rw-r--r-- | print.c | 14 | ||||
| -rw-r--r-- | print.h | 6 | ||||
| -rw-r--r-- | tshark.c | 21 |
4 files changed, 45 insertions, 2 deletions
diff --git a/doc/tshark.pod b/doc/tshark.pod index dffd527134..33bb3465ec 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -37,6 +37,7 @@ S<[ B<-t> ad|a|r|d|dd|e ]> S<[ B<-T> pdml|psml|ps|text|fields ]> S<[ B<-v> ]> S<[ B<-V> ]> +S<[ B<-O> E<lt>protocolsE<gt> ]> S<[ B<-w> E<lt>outfileE<gt>|- ]> S<[ B<-W> E<lt>file format optionE<gt>]> S<[ B<-x> ]> @@ -87,7 +88,10 @@ pane in B<Wireshark>), although if it's writing packets as it captures them, rather than writing packets from a saved capture file, it won't show the "frame number" field. If the B<-V> option is specified, it writes instead a view of the details of the packet, showing all the -fields of all protocols in the packet. +fields of all protocols in the packet. If the B<-O> option is +specified in combination with B<-V>, it will only show the full +protocols specified. Use the output of "tshark -G protocols" to +find the abbrevations of the protocols you can specify. If you want to write the decoded form of packets to a file, run B<TShark> without the B<-w> option, and redirect its standard output to @@ -31,6 +31,8 @@ #include <stdio.h> #include <string.h> +#include <glib.h> + #include <epan/epan.h> #include <epan/epan_dissect.h> #include <epan/tvbuff.h> @@ -83,6 +85,8 @@ struct _output_fields { gchar quote; }; +GHashTable *output_only_tables = NULL; + static gboolean write_headers = FALSE; static const gchar* get_field_hex_value(GSList* src_list, field_info *fi); @@ -188,6 +192,16 @@ void proto_tree_print_node(proto_node *node, gpointer data) return; } + /* + * If -O is specified, only display the protocols which are in the + * lookup table. + */ + if (output_only_tables != NULL + && g_hash_table_lookup(output_only_tables, fi->hfinfo->abbrev) == NULL) { + pdata->success = TRUE; + return; + } + if (PROTO_ITEM_IS_GENERATED(node)) { g_free(label_ptr); } @@ -119,6 +119,12 @@ extern void output_fields_add(output_fields_t* info, const gchar* field); extern gsize output_fields_num_fields(output_fields_t* info); extern gboolean output_fields_set_option(output_fields_t* info, gchar* option); extern void output_fields_list_options(FILE *fh); + +/* + * Output only these protocols + */ +extern GHashTable *output_only_tables; + /* * Higher-level packet-printing code. */ @@ -297,6 +297,7 @@ print_usage(gboolean print_ver) fprintf(output, " -F <output file type> set the output file type, default is libpcap\n"); fprintf(output, " an empty \"-F\" option will list the file types\n"); fprintf(output, " -V add output of packet tree (Packet Details)\n"); + fprintf(output, " -O <protocols> Only show packet details of these protocols, comma separated\n"); fprintf(output, " -S display packets even when writing to a file\n"); fprintf(output, " -x add output of hex and ASCII dump (Packet Bytes)\n"); fprintf(output, " -T pdml|ps|psml|text|fields\n"); @@ -830,6 +831,7 @@ main(int argc, char *argv[]) char badopt; GLogLevelFlags log_flags; int optind_initial; + gchar *output_only = NULL; #ifdef HAVE_LIBPCAP #if defined(_WIN32) || defined(HAVE_PCAP_CREATE) @@ -847,7 +849,7 @@ main(int argc, char *argv[]) #define OPTSTRING_I "" #endif -#define OPTSTRING "a:b:" OPTSTRING_B "c:C:d:De:E:f:F:G:hH:i:" OPTSTRING_I "K:lLnN:o:pPqr:R:s:St:T:u:vVw:W:xX:y:z:" +#define OPTSTRING "a:b:" OPTSTRING_B "c:C:d:De:E:f:F:G:hH:i:" OPTSTRING_I "K:lLnN:o:O:pPqr:R:s:St:T:u:vVw:W:xX:y:z:" static const char optstring[] = OPTSTRING; @@ -1237,6 +1239,9 @@ main(int argc, char *argv[]) break; } break; + case 'O': /* Only output these protocols */ + output_only = g_strdup(optarg); + break; case 'q': /* Quiet */ quiet = TRUE; break; @@ -1456,6 +1461,20 @@ main(int argc, char *argv[]) } } + if (output_only != NULL) { + char *ps; + + if (!verbose) { + cmdarg_err("-O requires -V"); + return 1; + } + + output_only_tables = g_hash_table_new (g_str_hash, g_str_equal); + for (ps = strtok (output_only, ","); ps; ps = strtok (NULL, ",")) { + g_hash_table_insert(output_only_tables, (gpointer)ps, (gpointer)ps); + } + } + #ifdef HAVE_LIBPCAP if (list_link_layer_types) { /* We're supposed to list the link-layer types for an interface; |