tshark: improve -G elastic-mapping command by adding filters.

The generated elastic mapping file is huge and it can hassle softwares
like Kibana. This change adds the ability to append desired filters
that will appear in the mapping file.

This change adds the option --elastic-mapping-filter <protocols> to tshark.

Example: tshark -G elastic-mapping --elastic-mapping-filter ip,udp,dns

make only those 3 protocols to appear in the mapping file.

Change-Id: Ie2dcd6e44be2d084e8e50cd6554bd90178da4e38
Reviewed-on: https://code.wireshark.org/review/27001
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>

1 files changed, 20 insertions, 2 deletions

diff --git a/tshark.c b/tshark.c
index fb8c6ede12..504aae4226 100644
--- a/tshark.c
+++ b/tshark.c
@@ -142,6 +142,9 @@
  */
 #define LONGOPT_COLOR (65536+1000)
 #define LONGOPT_NO_DUPLICATE_KEYS (65536+1001)
+#ifdef HAVE_JSONGLIB
+#define LONGOPT_ELASTIC_MAPPING_FILTER (65536+1002)
+#endif
 
 #if 0
 #define tshark_debug(...) g_warning(__VA_ARGS__)
@@ -439,7 +442,11 @@ print_usage(FILE *output)
   fprintf(output, "                           (Note that attributes are nonstandard)\n");
   fprintf(output, "  --no-duplicate-keys      If -T json is specified, merge duplicate keys in an object\n");
   fprintf(output, "                           into a single key with as value a json array containing all\n");
-  fprintf(output, "                           values");
+  fprintf(output, "                           values\n");
+#ifdef HAVE_JSONGLIB
+  fprintf(output, "  --elastic-mapping-filter <protocols> If -G elastic-mapping is specified, put only the\n");
+  fprintf(output, "                           specified protocols within the mapping file\n");
+#endif
 
   fprintf(output, "\n");
   fprintf(output, "Miscellaneous:\n");
@@ -680,6 +687,9 @@ main(int argc, char *argv[])
     {"export-objects", required_argument, NULL, LONGOPT_EXPORT_OBJECTS},
     {"color", no_argument, NULL, LONGOPT_COLOR},
     {"no-duplicate-keys", no_argument, NULL, LONGOPT_NO_DUPLICATE_KEYS},
+#ifdef HAVE_JSONGLIB
+    {"elastic-mapping-filter", required_argument, NULL, LONGOPT_ELASTIC_MAPPING_FILTER},
+#endif
     {0, 0, 0, 0 }
   };
   gboolean             arg_error = FALSE;
@@ -723,6 +733,9 @@ main(int argc, char *argv[])
   gchar               *volatile pdu_export_arg = NULL;
   const char          *volatile exp_pdu_filename = NULL;
   exp_pdu_t            exp_pdu_tap_data;
+#ifdef HAVE_JSONGLIB
+  const gchar*         elastic_mapping_filter = NULL;
+#endif
 
 /*
  * The leading + ensures that getopt_long() does not permute the argv[]
@@ -864,6 +877,11 @@ main(int argc, char *argv[])
     case 'X':
       ex_opt_add(optarg);
       break;
+#ifdef HAVE_JSONGLIB
+    case LONGOPT_ELASTIC_MAPPING_FILTER:
+      elastic_mapping_filter = optarg;
+      break;
+#endif
     default:
       break;
     }
@@ -969,7 +987,7 @@ main(int argc, char *argv[])
         dissector_dump_dissector_tables();
 #ifdef HAVE_JSONGLIB
       else if (strcmp(argv[2], "elastic-mapping") == 0)
-        proto_registrar_dump_elastic();
+        proto_registrar_dump_elastic(elastic_mapping_filter);
 #endif
       else if (strcmp(argv[2], "fieldcount") == 0) {
         /* return value for the test suite */