Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] tshark summary lines

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 2 Oct 2012 12:35:30 -0700
On Oct 2, 2012, at 12:08 PM, Ed Beroset <beroset@xxxxxxxxxxxxxx> wrote:

> Christopher Maynard wrote:
> 
>> So this new one from ask that Ed mentioned here is about printing both the
>> entire summary line, which you get with -P, as well as the packet details,
>> which you get with -V.  Currently if you specify both -P and -V, you get the
>> packets details only, but no summary line.  I'd say this is a reasonable
>> request and that this should probably also work with -O <protocols> as well
>> (any others?).  But best to file an enhancement bug report for it.
> 
> Done.  It's now input as Bug 7782.  I'll see if I can create a patch some time this week.

Note that getting this right is a bit of work:

    if neither -P nor -V nor -x are specified, then packet summaries should be printed if and only if we're not writing to a capture file and -q wasn't specified;

    if any of -P, -V, or -x are specified, then the corresponding information should be printed, even if we're writing to a capture file, but, if we're writing the capture file to the standard output, the command should report an error and fail (as you'll get plain text and binary capture file data mixed up randomly on the standard output).

This means that, in the getopt() loop, -P should probably set a "-P flag specified" boolean, and the same with -V and -x, and only after all the command-line options are parsed should it decide whether to print anything at all (print if either

	-P, -V, or -x specified;

	neither -w nor -q specified;

and maybe fail if -P, -V, or -x are specified *and* -q is specified, as that's inconsistent).

Note also that there are places in tshark.c where it assumes that if you're not printing packet details you're printing packet summaries *and* that if you *are* printing packet summaries you're *not* printing packet details (look for some of the tests of "verbose").

This also raises the question of what "-x" should mean.  Currently, "-x" by itself means "packet summary and hex/ASCII dump", and "-xV" means "packet details and hex/ASCII dump".  Would having "-x" by itself meaning "print *only* the hex/ASCII dump", so that you'd need "-Px" to get what "-x" currently prints, be useful enough to break compatibility?
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube