diff options
| author | Martin Kacer <kacer.martin@gmail.com> | 2017-02-13 09:36:02 +0100 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2017-02-25 19:11:01 +0000 |
| commit | cd7d159c2ee180be6654a7acbf7c83f902216462 (patch) | |
| tree | 87d5364749f160aacf42b44397ba19e60152c141 /tshark.c | |
| parent | d00dae7af9c590a8100e54dba0685271bd8b1165 (diff) | |
| download | wireshark-cd7d159c2ee180be6654a7acbf7c83f902216462.tar.gz | |
json2pcap support added
Modified tshark -T json -x output
Added tshark -T jsonraw output
json2pcap.py (can be used for basic packet editing by modifying json)
The modification in tshark -T json -x and new tshark -T jsonraw output
add into hex-data output in JSON also information on which position
each field is dissected in the original frame, what is the field length,
bitmask (for not byte aligned fields) and type. This information can be
used for latter processing. One use-case is json2pcap script which
assembles the protocol layers back together from upper to lowers layers,
which allows the basic packet modification/editing/rewriting.
Change-Id: Ibf948eb8fc7e3b0b51c12df6c3855f705a9c7925
Reviewed-on: https://code.wireshark.org/review/19990
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'tshark.c')
| -rw-r--r-- | tshark.c | 70 |
1 files changed, 44 insertions, 26 deletions
@@ -169,7 +169,8 @@ typedef enum { WRITE_TEXT, /* summary or detail text */ WRITE_XML, /* PDML or PSML */ WRITE_FIELDS, /* User defined list of fields */ - WRITE_JSON, /* JSON */ + WRITE_JSON, /* JSON */ + WRITE_JSON_RAW, /* JSON only raw hex */ WRITE_EK /* JSON bulk insert to Elasticsearch */ /* Add CSV and the like here */ } output_action_e; @@ -386,7 +387,7 @@ print_usage(FILE *output) fprintf(output, " -P print packet summary even when writing to a file\n"); fprintf(output, " -S <separator> the line separator to print between packets\n"); fprintf(output, " -x add output of hex and ASCII dump (Packet Bytes)\n"); - fprintf(output, " -T pdml|ps|psml|json|ek|text|fields\n"); + fprintf(output, " -T pdml|ps|psml|json|jsonraw|ek|text|fields\n"); fprintf(output, " format of text output (def: text)\n"); fprintf(output, " -j <protocolfilter> protocols layers filter if -T ek|pdml|json selected\n"); fprintf(output, " (e.g. \"ip ip.flags text\", filter does not expand child\n"); @@ -1320,31 +1321,38 @@ main(int argc, char *argv[]) output_action = WRITE_EK; print_details = TRUE; /* Need details */ print_summary = FALSE; /* Don't allow summary */ + } else if (strcmp(optarg, "jsonraw") == 0) { + output_action = WRITE_JSON_RAW; + print_details = TRUE; /* Need details */ + print_summary = FALSE; /* Don't allow summary */ } else { cmdarg_err("Invalid -T parameter \"%s\"; it must be one of:", optarg); /* x */ - cmdarg_err_cont("\t\"fields\" The values of fields specified with the -e option, in a form\n" - "\t specified by the -E option.\n" - "\t\"pdml\" Packet Details Markup Language, an XML-based format for the\n" - "\t details of a decoded packet. This information is equivalent to\n" - "\t the packet details printed with the -V flag.\n" - "\t\"ps\" PostScript for a human-readable one-line summary of each of\n" - "\t the packets, or a multi-line view of the details of each of\n" - "\t the packets, depending on whether the -V flag was specified.\n" - "\t\"psml\" Packet Summary Markup Language, an XML-based format for the\n" - "\t summary information of a decoded packet. This information is\n" - "\t equivalent to the information shown in the one-line summary\n" - "\t printed by default.\n" - "\t\"json\" Packet Summary, an JSON-based format for the details\n" - "\t summary information of a decoded packet. This information is \n" - "\t equivalent to the packet details printed with the -V flag.\n" - "\t\"ek\" Packet Summary, an EK JSON-based format for the bulk insert \n" - "\t into elastic search cluster. This information is \n" - "\t equivalent to the packet details printed with the -V flag.\n" - "\t\"text\" Text of a human-readable one-line summary of each of the\n" - "\t packets, or a multi-line view of the details of each of the\n" - "\t packets, depending on whether the -V flag was specified.\n" - "\t This is the default."); + cmdarg_err_cont("\t\"fields\" The values of fields specified with the -e option, in a form\n" + "\t specified by the -E option.\n" + "\t\"pdml\" Packet Details Markup Language, an XML-based format for the\n" + "\t details of a decoded packet. This information is equivalent to\n" + "\t the packet details printed with the -V flag.\n" + "\t\"ps\" PostScript for a human-readable one-line summary of each of\n" + "\t the packets, or a multi-line view of the details of each of\n" + "\t the packets, depending on whether the -V flag was specified.\n" + "\t\"psml\" Packet Summary Markup Language, an XML-based format for the\n" + "\t summary information of a decoded packet. This information is\n" + "\t equivalent to the information shown in the one-line summary\n" + "\t printed by default.\n" + "\t\"json\" Packet Summary, an JSON-based format for the details\n" + "\t summary information of a decoded packet. This information is \n" + "\t equivalent to the packet details printed with the -V flag.\n" + "\t\"jsonraw\" Packet Details, a JSON-based format for machine parsing\n" + "\t including only raw hex decoded fields (same as -T json -x but\n" + "\t without text decoding, only raw fields included). \n" + "\t\"ek\" Packet Details, an EK JSON-based format for the bulk insert \n" + "\t into elastic search cluster. This information is \n" + "\t equivalent to the packet details printed with the -V flag.\n" + "\t\"text\" Text of a human-readable one-line summary of each of the\n" + "\t packets, or a multi-line view of the details of each of the\n" + "\t packets, depending on whether the -V flag was specified.\n" + "\t This is the default."); exit_status = INVALID_OPTION; goto clean_exit; } @@ -1553,8 +1561,8 @@ main(int argc, char *argv[]) } if (print_hex) { - if (output_action != WRITE_TEXT && output_action != WRITE_JSON && output_action != WRITE_EK) { - cmdarg_err("Raw packet hex data can only be printed as text, PostScript, JSON or EK JSON"); + if (output_action != WRITE_TEXT && output_action != WRITE_JSON && output_action != WRITE_JSON_RAW && output_action != WRITE_EK) { + cmdarg_err("Raw packet hex data can only be printed as text, PostScript, JSON, JSONRAW or EK JSON"); exit_status = INVALID_OPTION; goto clean_exit; } @@ -3678,6 +3686,7 @@ write_preamble(capture_file *cf) return !ferror(stdout); case WRITE_JSON: + case WRITE_JSON_RAW: write_json_preamble(stdout); return !ferror(stdout); @@ -3989,6 +3998,7 @@ print_packet(capture_file *cf, epan_dissect_t *edt) case WRITE_FIELDS: /*No non-verbose "fields" format */ case WRITE_JSON: case WRITE_EK: + case WRITE_JSON_RAW: g_assert_not_reached(); break; } @@ -4028,10 +4038,17 @@ print_packet(capture_file *cf, epan_dissect_t *edt) printf("\n"); return !ferror(stdout); case WRITE_JSON: + print_args.print_dissections = print_dissections_expanded; print_args.print_hex = print_hex; write_json_proto_tree(output_fields, &print_args, protocolfilter, protocolfilter_flags, edt, stdout); printf("\n"); return !ferror(stdout); + case WRITE_JSON_RAW: + print_args.print_dissections = print_dissections_none; + print_args.print_hex = TRUE; + write_json_proto_tree(output_fields, &print_args, protocolfilter, protocolfilter_flags, edt, stdout); + printf("\n"); + return !ferror(stdout); case WRITE_EK: print_args.print_hex = print_hex; write_ek_proto_tree(output_fields, &print_args, protocolfilter, protocolfilter_flags, edt, stdout); @@ -4071,6 +4088,7 @@ write_finale(void) return !ferror(stdout); case WRITE_JSON: + case WRITE_JSON_RAW: write_json_finale(stdout); return !ferror(stdout); |