Store the field filter strings in a wmem_map pointing to the
field flags for each string. This allows specifying multiple
filter options (-j or -J) on the command line, including some
of both.
Fix#17470
Currently, the Elasticsearch output exports the packet details and,
if -x is specified, the raw hex data.
This change adds the option of exporting the packet summary as well.
The default stays the same (packet details only), but now the existing
-P switch turns on printing of the packet summary. It also turns off
printing packet details, which can be turned back on with -V to print
both, and combined with -x to print all three: summary, details and
raw hex.
The packet summary is especially useful when exploring and visualizing
the data in Kibana, e.g. by displaying the summary "Info" field/column
in a table, as in the Wireshark GUI.
Change-Id: I2030490cfdd905572397bc3d5457ba49d805a5c4
Reviewed-on: https://code.wireshark.org/review/22716
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.
Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.
If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.
"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.
Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.
Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).
Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).
Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 6682
Change-Id: I19330d06aa3d5692503c61369c3c650d595971f5
Reviewed-on: https://code.wireshark.org/review/22077
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Packet ranges are used only in the UI; move the packet range stuff into
libui.
Don't pass a print_args_t structure to libwireshark packet-printing
routines, just pass the few parameters they need. Move the declaration
of print_args_t into file.h.
Change-Id: Icff5991eea7d7d56f33b4716105895263d275bcf
Reviewed-on: https://code.wireshark.org/review/21308
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The check*.pl scripts presume that files with the prefix "packet-"
are dissector files and therefore have different rules than other
files. Rather than trying to clarify that more with additional
directory information, just make any non-dissector file with
"packet-" filename prefix conform if it fails a "dissector specific"
check from the scripts.
Change-Id: I7cb52e1fad4ea62320492bb690904260f958aeb4
Reviewed-on: https://code.wireshark.org/review/19304
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixed json and ek escape function
Fixed -j protocol filter to do exact match
Fixed -T json to correctly close json
Added -j protocol filter also to pdml output
Bug: 11754
Change-Id: I02f274e4a5a02346922b37bbe946c10340c242ea
Reviewed-on: https://code.wireshark.org/review/16034
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I4ec48067e9ca2cbe88e1cf2e6c9dc1e382379221
Reviewed-on: https://code.wireshark.org/review/7767
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Give all routines in epan/print.c that write a particular format a name
beginning with write_{formatname}.
If routines write columns, rather than the raw protocol tree, don't give
it a name containing proto_tree.
Get rid of empty preamble/finale routines.
For CSV, the preamble routine writes out column titles, so call it
write_csv_column_titles().
For C arrays, the body routine writes out raw hex data, so call it
write_carrays_hex_data().
capture_file isn't a structure defined by libwireshark, so don't make it
an argument passed into libwireshark.
Change-Id: I5a7e04de9382cf51a59d9d9802f815b8b3558332
Reviewed-on: https://code.wireshark.org/review/5536
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pass the "output only these protocols" hash table as an argument,
instead.
Change-Id: Id8540943037e7b9bbfe377120c3f60dbe54fe0f1
Reviewed-on: https://code.wireshark.org/review/5440
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have write_psml_preamble() and write_csv_preamble() take a capture_file *
as an argument, so they can print the column titles themselves, rather
than having to defer it to the routine that prints packet data.
Change-Id: Ifd1b7a13062be8ad46846315976922a752778153
Reviewed-on: https://code.wireshark.org/review/5438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Put the low-level print stream code from epan/print.c into
epan/print_stream.c, leaving the higher-level stuff in print.c
Change-Id: Iae961f168ec655a29f434257b1af0937fca9f025
Reviewed-on: https://code.wireshark.org/review/5436
Reviewed-by: Guy Harris <guy@alum.mit.edu>
emem was exposed because of its memory limits trying to output PDML for a very large byte field in a capture file.
When converting from proto_construct_match_selected_string to fvalue_to_string_repr remember proto_construct_match_selected_string includes fieldname + value, not just value
bug:10081
Change-Id: I4fc6ea7fd1f63cff410207c8b30562771af40ada
Reviewed-on: https://code.wireshark.org/review/1578
Reviewed-by: Evan Huus <eapache@gmail.com>
It's causing a few different test failures - I've tracked down at least one of them, but the others are weirder and will require more digging.
This reverts commit 9edba650d1.
Change-Id: I897f8cf1cfbb2a189b2054e5002f59757befa47f
Reviewed-on: https://code.wireshark.org/review/1575
Reviewed-by: Evan Huus <eapache@gmail.com>
emem was exposed because of its memory limits trying to output PDML for a very large byte field in a capture file.
bug:10081
Change-Id: I6346dfdfb5f6381e16761a99291c4be7851185d9
Reviewed-on: https://code.wireshark.org/review/1566
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
John Thacker