3 # Reads the display filter keyword dump produced by 'tshark -G' and
4 # formats it for a pod document. The pod document is then used to
7 # STDIN is the wireshark glossary
8 # arg1 is the pod template file. The =insert_dfilter_table token
9 # will be replaced by the pod-formatted glossary
10 # STDOUT is the output
12 # Gilbert Ramirez <gram [AT] alumni.rice.edu>
14 # Wireshark - Network traffic analyzer
15 # By Gerald Combs <gerald@wireshark.org>
16 # Copyright 1998 Gerald Combs
18 # This program is free software; you can redistribute it and/or
19 # modify it under the terms of the GNU General Public License
20 # as published by the Free Software Foundation; either version 2
21 # of the License, or (at your option) any later version.
23 # This program is distributed in the hope that it will be useful,
24 # but WITHOUT ANY WARRANTY; without even the implied warranty of
25 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 # GNU General Public License for more details.
28 # You should have received a copy of the GNU General Public License
29 # along with this program; if not, write to the Free Software
30 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 'FT_NONE', 'No value',
36 'FT_PROTOCOL', 'Protocol',
37 'FT_BOOLEAN', 'Boolean',
38 'FT_UINT8', 'Unsigned 8-bit integer',
39 'FT_UINT16', 'Unsigned 16-bit integer',
40 'FT_UINT24', 'Unsigned 24-bit integer',
41 'FT_UINT32', 'Unsigned 32-bit integer',
42 'FT_UINT64', 'Unsigned 64-bit integer',
43 'FT_INT8', 'Signed 8-bit integer',
44 'FT_INT16', 'Signed 16-bit integer',
45 'FT_INT24', 'Signed 24-bit integer',
46 'FT_INT32', 'Signed 32-bit integer',
47 'FT_INT64', 'Signed 64-bit integer',
48 'FT_FLOAT', 'Single-precision floating point',
49 'FT_DOUBLE', 'Double-precision floating point',
50 'FT_ABSOLUTE_TIME', 'Date/Time stamp',
51 'FT_RELATIVE_TIME', 'Time duration',
52 'FT_STRING', 'String',
53 'FT_STRINGZ', 'NULL terminated string',
54 'FT_EBCDIC', 'EBCDIC string',
55 'FT_UINT_STRING', 'Length string pair',
56 'FT_ETHER', '6-byte Hardware (MAC) Address',
57 'FT_BYTES', 'Byte array',
58 'FT_UINT_BYTES', 'Length byte array pair',
59 'FT_IPv4', 'IPv4 address',
60 'FT_IPv6', 'IPv6 address',
61 'FT_IPXNET', 'IPX network or server name',
62 'FT_FRAMENUM', 'Frame number',
63 'FT_PCRE', 'Perl Compatible Regular Expression',
64 'FT_GUID', 'Globally Unique Identifier',
65 'FT_OID', 'Object Identifier',
66 'FT_REL_OID', 'Relative Object Identifier',
72 $proto_abbrev{'Unable to generate filter documentation'} =
73 'Please refer to https://www.wireshark.org/docs/dfref/';
74 printf STDERR "Creating empty filter list.\n";
76 # Read all the data into memory
78 next unless (/^([PF])/);
81 # Strip the line from its line-end sequence
82 # chomp($_) won't work on Win32/CygWin as it leaves the '\r' character.
85 # Store protocol information
86 if ($record_type eq 'P') {
87 ($junk, $name, $abbrev) = split(/\t+/, $_);
88 $proto_abbrev{$name} = $abbrev;
90 # Store header field information
92 ($junk, $name, $abbrev, $type, $parent, $blurb) =
94 push(@{$field_abbrev{$parent}}, $abbrev);
95 $field_info{$abbrev} = [ $name, $type, $blurb ];
100 # if there was no input on stdin, bail out
101 if ($record_type ne 'P' and $record_type ne 'F' and !defined($opt_e)) {
105 $template = shift(@ARGV);
107 open(TEMPLATE, $template) || die "Can't open $template for reading: $!\n";
110 if (/=insert_dfilter_table/) {
111 &create_dfilter_table;
118 close(TEMPLATE) || die "Can't close $template: $!\n";
120 sub create_dfilter_table {
122 # Print each protocol
123 for $proto_name (sort keys %proto_abbrev) {
125 print "=head2 $proto_name ($proto_abbrev{$proto_name})\n\n";
127 # If this proto has children fields, print those
128 if ($field_abbrev{$proto_abbrev{$proto_name}}) {
130 for $field_abbrev (sort @{$field_abbrev{$proto_abbrev{$proto_name}}}) {
131 print " $field_abbrev ", $field_info{$field_abbrev}[0],"\n",
132 " ", $ftenum_names{$field_info{$field_abbrev}[1]},
134 print " ", $field_info{$field_abbrev}[2], "\n"
135 if $field_info{$field_abbrev}[2];