osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

rawshark: Use the common dissection options 

Use the common dissection options processing for rawshark.
This means that the error message for resolving options includes
all the possible resolving options (e.g. instead of omitting VLAN).

This add support for the other options, which generally make sense,
like enabling and disabling protocols and heuristics.

The only option that isn't supported is the Decode As option, only
because '-d' is used by rawshark for its payload link layer type /
dissector selection.
This commit is contained in:
John Thacker 2023-03-24 20:51:09 -04:00
parent b226b6b68e
commit 86a84b15ad
3 changed files with 51 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/dissection-options.adoc
View File

@ -1,5 +1,6 @@
== DISSECTION OPTIONS
// tag::decode_as[]
[#decode_as]
-d <layer type>==<selector>,<decode-as protocol>::
+
@ -41,6 +42,7 @@ that can be selected with an ethertype.
See the xref:tshark.html#decode_as[tshark](1) manual page for more examples.
// end::not_tshark[]
--
// end::decode_as[]
--disable-protocol <proto_name>::
+

79
doc/rawshark.adoc
View File

@ -18,16 +18,14 @@ rawshark - Dump and analyze raw pcap data
[ *-h* ]
[ *-l* ]
[ *-m* <bytes> ]
[ *-n* ]
[ *-N* <name resolving flags> ]
[ *-o* <preference setting> ] ...
[ *-p* ]
[ *-r* <pipe>|- ]
[ *-R* <read (display) filter> ]
[ *-s* ]
[ *-S* <field format> ]
[ *-t* a|ad|adoy|d|dd|e|r|u|ud|udoy ]
[ *-v* ]
[ *options* ]
== DESCRIPTION
@ -167,38 +165,6 @@ Limit rawshark's memory usage to the specified number of bytes. POSIX
(non-Windows) only.
--
-n::
+
--
Disable network object name resolution (such as hostname, TCP and UDP port
names), the *-N* flag might override this one.
--
-N <name resolving flags>::
+
--
Turn on name resolving only for particular types of addresses and port
numbers, with name resolving for other types of addresses and port
numbers turned off. This flag overrides *-n* if both *-N* and *-n* are
present. If both *-N* and *-n* flags are not present, all name resolutions are
turned on.
The argument is a string that may contain the letters:
*m* to enable MAC address resolution
*n* to enable network address resolution
*N* to enable using external resolvers (e.g., DNS) for network address
resolution
*t* to enable transport-layer port number resolution
*d* to enable resolution from captured DNS packets
*v* to enable VLAN IDs to names resolution
--
-o <preference>:<value>::
+
--
@ -260,53 +226,14 @@ For something similar to Wireshark's standard display ("Type: A (1)") you
could use *%D: %S (%N)*.
--
-t a|ad|adoy|d|dd|e|r|u|ud|udoy::
+
--
Set the format of the packet timestamp printed in summary lines.
The format can be one of:
*a* absolute: The absolute time, as local time in your time zone,
is the actual time the packet was captured, with no date displayed
*ad* absolute with date: The absolute date, displayed as YYYY-MM-DD,
and time, as local time in your time zone, is the actual time and date
the packet was captured
*adoy* absolute with date using day of year: The absolute date,
displayed as YYYY/DOY, and time, as local time in your time zone,
is the actual time and date the packet was captured
*d* delta: The delta time is the time since the previous packet was
captured
*dd* delta_displayed: The delta_displayed time is the time since the
previous displayed packet was captured
*e* epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00)
*r* relative: The relative time is the time elapsed between the first packet
and the current packet
*u* UTC: The absolute time, as UTC, is the actual time the packet was
captured, with no date displayed
*ud* UTC with date: The absolute date, displayed as YYYY-MM-DD,
and time, as UTC, is the actual time and date the packet was captured
*udoy* UTC with date using day of year: The absolute date, displayed
as YYYY/DOY, and time, as UTC, is the actual time and date the packet
was captured
The default format is relative.
--
-v::
+
--
Print the version and exit.
--
include::dissection-options.adoc[tags=!tshark;!decode_as]
include::diagnostic-options.adoc[]
== READ FILTER SYNTAX

103
rawshark.c
View File

@ -179,19 +179,30 @@ print_usage(FILE *output)
#ifndef _WIN32
fprintf(output, " -m virtual memory limit, in bytes\n");
#endif
fprintf(output, " -n disable all name resolution (def: all enabled)\n");
fprintf(output, " -n disable all name resolutions (def: \"mNd\" enabled, or\n");
fprintf(output, " as set in preferences)\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtdv\"\n");
fprintf(output, " -p use the system's packet header format\n");
fprintf(output, " (which may have 64-bit timestamps)\n");
fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n");
fprintf(output, " -s skip PCAP header on input\n");
fprintf(output, " --enable-protocol <proto_name>\n");
fprintf(output, " enable dissection of proto_name\n");
fprintf(output, " --disable-protocol <proto_name>\n");
fprintf(output, " disable dissection of proto_name\n");
fprintf(output, " --enable-heuristic <short_name>\n");
fprintf(output, " enable dissection of heuristic protocol\n");
fprintf(output, " --disable-heuristic <short_name>\n");
fprintf(output, " disable dissection of heuristic protocol\n");
fprintf(output, "\n");
fprintf(output, "Output:\n");
fprintf(output, " -l flush output after each packet\n");
fprintf(output, " -S format string for fields\n");
fprintf(output, " (%%D - name, %%S - stringval, %%N numval)\n");
fprintf(output, " -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)\n");
fprintf(output, " -t (a|ad|adoy|d|dd|e|r|u|ud|udoy)[.[N]]|.[N]\n");
fprintf(output, " output format of time stamps (def: r: rel. to first)\n");
fprintf(output, " -u s|hms output format of seconds (def: s: seconds)\n");
fprintf(output, "\n");
ws_log_print_usage(output);
@ -199,9 +210,10 @@ print_usage(FILE *output)
fprintf(output, "\n");
fprintf(output, "Miscellaneous:\n");
fprintf(output, " -h display this help and exit\n");
fprintf(output, " -h, --help display this help and exit\n");
fprintf(output, " -v, --version display version info and exit\n");
fprintf(output, " -o <name>:<value> ... override preference setting\n");
fprintf(output, " -v display version info and exit\n");
fprintf(output, " -K <keytab> keytab file to use for kerberos decryption\n");
}
/**
@ -407,7 +419,6 @@ main(int argc, char *argv[])
gchar *pipe_name = NULL;
gchar *rfilters[64];
e_prefs *prefs_p;
char badopt;
GPtrArray *disp_fields = g_ptr_array_new();
guint fc;
gboolean skip_pcap_header = FALSE;
@ -415,10 +426,11 @@ main(int argc, char *argv[])
static const struct ws_option long_options[] = {
{"help", ws_no_argument, NULL, 'h'},
{"version", ws_no_argument, NULL, 'v'},
LONGOPT_DISSECT_COMMON
{0, 0, 0, 0 }
};
#define OPTSTRING_INIT "d:F:hlm:nN:o:pr:R:sS:t:v"
#define OPTSTRING_INIT OPTSTRING_DISSECT_COMMON "F:hlm:o:pr:R:sS:v"
static const char optstring[] = OPTSTRING_INIT;
static const struct report_message_routines rawshark_report_routines = {
@ -540,6 +552,9 @@ main(int argc, char *argv[])
while ((opt = ws_getopt_long(argc, argv, optstring, long_options, NULL)) != -1) {
switch (opt) {
case 'd': /* Payload type */
/* XXX: This option should probably be changed so it doesn't
* conflict with the common dissection option for Decode As.
*/
if (!set_link_type(ws_optarg)) {
cmdarg_err("Invalid link type or protocol \"%s\"", ws_optarg);
ret = WS_EXIT_INVALID_OPTION;
@ -581,18 +596,6 @@ main(int argc, char *argv[])
}
break;
#endif
case 'n': /* No name resolution */
disable_name_resolution();
break;
case 'N': /* Select what types of addresses/port #s to resolve */
badopt = string_to_name_resolve(ws_optarg, &gbl_resolv_flags);
if (badopt != '\0') {
cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'd', m', 'n', 'N', and 't'",
badopt);
ret = WS_EXIT_INVALID_OPTION;
goto clean_exit;
}
break;
case 'o': /* Override preference from command line */
{
char *errmsg = NULL;
@ -650,49 +653,29 @@ main(int argc, char *argv[])
goto clean_exit;
}
break;
case 't': /* Time stamp type */
if (strcmp(ws_optarg, "r") == 0)
timestamp_set_type(TS_RELATIVE);
else if (strcmp(ws_optarg, "a") == 0)
timestamp_set_type(TS_ABSOLUTE);
else if (strcmp(ws_optarg, "ad") == 0)
timestamp_set_type(TS_ABSOLUTE_WITH_YMD);
else if (strcmp(ws_optarg, "adoy") == 0)
timestamp_set_type(TS_ABSOLUTE_WITH_YDOY);
else if (strcmp(ws_optarg, "d") == 0)
timestamp_set_type(TS_DELTA);
else if (strcmp(ws_optarg, "dd") == 0)
timestamp_set_type(TS_DELTA_DIS);
else if (strcmp(ws_optarg, "e") == 0)
timestamp_set_type(TS_EPOCH);
else if (strcmp(ws_optarg, "u") == 0)
timestamp_set_type(TS_UTC);
else if (strcmp(ws_optarg, "ud") == 0)
timestamp_set_type(TS_UTC_WITH_YMD);
else if (strcmp(ws_optarg, "udoy") == 0)
timestamp_set_type(TS_UTC_WITH_YDOY);
else {
cmdarg_err("Invalid time stamp type \"%s\"",
ws_optarg);
cmdarg_err_cont(
"It must be \"a\" for absolute, \"ad\" for absolute with YYYY-MM-DD date,");
cmdarg_err_cont(
"\"adoy\" for absolute with YYYY/DOY date, \"d\" for delta,");
cmdarg_err_cont(
"\"dd\" for delta displayed, \"e\" for epoch, \"r\" for relative,");
cmdarg_err_cont(
"\"u\" for absolute UTC, \"ud\" for absolute UTC with YYYY-MM-DD date,");
cmdarg_err_cont(
"or \"udoy\" for absolute UTC with YYYY/DOY date.");
ret = WS_EXIT_INVALID_OPTION;
goto clean_exit;
}
break;
case 'v': /* Show version and exit */
{
show_version();
goto clean_exit;
}
/* Common dissection options - 'd' for Decode As also makes
* sense, but rawshark uses it for the payload link layer/
* dissector selection.
*/
case 'K': /* Kerberos keytab file */
case 'n': /* No name resolution */
case 'N': /* Select what types of addresses/port #s to resolve */
case 't': /* Time stamp type */
case 'u': /* Seconds type */
case LONGOPT_DISABLE_PROTOCOL: /* disable dissection of protocol */
case LONGOPT_ENABLE_HEURISTIC: /* enable heuristic dissection of protocol */
case LONGOPT_DISABLE_HEURISTIC: /* disable heuristic dissection of protocol */
case LONGOPT_ENABLE_PROTOCOL: /* enable dissection of protocol (that is disabled by default) */
if (!dissect_opts_handle_opt(opt, ws_optarg)) {
ret = WS_EXIT_INVALID_OPTION;
goto clean_exit;
}
break;
default:
case '?': /* Bad flag - print usage message */
print_usage(stderr);
@ -749,11 +732,17 @@ main(int argc, char *argv[])
goto clean_exit;
}
timestamp_set_type(global_dissect_options.time_format);
timestamp_set_precision(global_dissect_options.time_precision);
/*
* Enabled and disabled protocols and heuristic dissectors as per
* command-line options.
*/
setup_enabled_and_disabled_protocols();
if (!setup_enabled_and_disabled_protocols()) {
ret = WS_EXIT_INVALID_OPTION;
goto clean_exit;
}
/* Build the column format array */
build_column_format_array(&cfile.cinfo, prefs_p->num_cols, TRUE);