add completions for wireshark/tshark/dumpcap

2024-11-10 15:14:44 +00:00 · 2020-01-27 16:43:56 +01:00 · 2020-01-27 16:43:56 +01:00 · 50e08dc3a0
commit 50e08dc3a0
parent f4d0bafbd4
5 changed files with 203 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,9 @@
+# fish next-minor
+
+#### Completions
+- Added completions for
+  - `wireshark`, `tshark`, and `dumpcap`
+
 # fish 3.1b1 (released January 26, 2020)

 ## Notable improvements and fixes
--- a/share/completions/dumpcap.fish
+++ b/share/completions/dumpcap.fish
@ -0,0 +1,11 @@
+# dumpcap - Dump network traffic
+
+__fish_complete_wireshark dumpcap
+
+complete -c dumpcap -s C -d 'Limit the amount of memory in bytes for storing captured packets in memory' -x
+complete -c dumpcap -s d -d 'Dump the code generated for the capture filter in a human-readable form, and exit'
+complete -c dumpcap -s M -d 'When used with -D, -L, -S or --list-time-stamp-types print machine-readable output'
+complete -c dumpcap -s N -d 'Limit the number of packets used for storing captured packets in memory' -x
+complete -c dumpcap -s P -d 'Save files as pcap instead of the default pcapng'
+complete -c dumpcap -s S -d 'Print statistics for each interface once every second'
+complete -c dumpcap -s t -d 'Use a separate thread per interface'
--- a/share/completions/tshark.fish
+++ b/share/completions/tshark.fish
@ -0,0 +1,57 @@
+# tshark - Dump and analyze network traffic
+
+__fish_complete_wireshark tshark
+
+function __fish_tshark_protocols
+    set -l tok (commandline -ct | string collect)
+    set -l tok_param (string replace -r -- '^-O' '' $tok)
+    command tshark -G protocols | while read -d \t name shortname identifier
+        printf "%s%s\t%s\n" (string replace -r -- '(.+),[^,]*$' '$1,' $tok_param) $tok_no_comma $identifier $name
+    end
+end
+
+complete -c tshark -s 2 -d 'Perform a two-pass analysis'
+# This is fairly expensive, but only done upon the user pressing tab.
+complete -c tshark -s e -d 'Add a field to the list of fields to display' -xa '(command tshark -G fields | awk -F\t \'{print $3"\t"$2}\')'
+complete -c tshark -s E -d 'Set an option controlling the printing of fields' -xa '
+bom=y\t"Prepend output with the UTF-8 byte order mark"
+header=y\t"Print a list of the selected field names"
+separator=\t"Set the separator character to use for fields"
+occurrence=\t"Select which occurrence to use for fields that have multiple: f=first, l=last, a=all"
+aggregator=\t"Set the aggregator character to use for fields that have multiple occurrences"
+quote=\t"Set the quote character to use to surround fields d=\", s=\', n=no quotes"'
+
+complete -c tshark -s F -d 'Set the output capture file format' -xa '(command tshark -F 2>| string replace -rf "\s+(\S+) - (.*)" \'$1\t$2\')'
+complete -c tshark -s G -d 'Print a glossary' -xa '(
+printf "help\tList available report types\n"
+command tshark -G help | string replace -rf "\s+-G (\S+)\s+(.*)" \'$1\t$2\'
+)'
+complete -c tshark -s H -d 'Read a list of entries from a "hosts" file' -r
+complete -c tshark -s j -d 'Protocol match filter used for ek|json|jsonraw|pdml output file types' -x
+complete -c tshark -s J -d 'Protocol match filter used, includes all child protocols' -x
+complete -c tshark -s l -d 'Flush the standard output after the information for each packet is printed'
+complete -c tshark -s O -d 'Show a detailed view of the comma-separated list of protocols' -xa '(__fish_tshark_protocols)'
+complete -c tshark -s P -l print -d 'Decode and display packet summary or details'
+complete -c tshark -s Q -d "When capturing packets, don't display, on the standard error, the initial message"
+complete -c tshark -s S -d 'Set the line separator to be printed between packets' -x
+complete -c tshark -s T -d 'Set the format of the output when viewing decoded packet data' -xa '
+ek\t"Newline delimited JSON for bulk import into Elasticsearch"
+fields\t"The values of fields specified with the -e option, in a form specified by the -E option"
+json\t"JSON file format"
+jsonraw\t"JSON file format including only raw hex-encoded packet data"
+pdml\t"Packet Details Markup Language, an XML-based format for the details of a decoded packet"
+ps\t"PostScript for a human-readable summary of each of the packets"
+psml\t"Packet Summary Markup Language"
+tabs\t"Tab-separated human-readable one-line packet summaries"
+text\t"Default"'
+
+complete -c tshark -s U -d "PDUs export according to given tap name" -xa '(
+    printf "%s\tTap name\n" (command tshark -U "" 2>| string replace -rf "^tshark:\s*" "")[2..-1])'
+complete -c tshark -s V -d 'Causes TShark to print a view of packet details'
+complete -c tshark -s W -d 'Save extra information in the capture file if the format supports it' -xa "n"
+complete -c tshark -s x -d 'Print hex and ASCII dumps of packet data'
+complete -c tshark -s M -d 'Automatically reset internal session when reaching N packets' -x
+complete -c tshark -l color -d 'Enable coloring of packets according to standard Wireshark color filters'
+complete -c tshark -l no-duplicate-keys -d 'Merge duplicate keys in json output'
+complete -c tshark -l elastic-mapping-filter -d 'Only put specified protocols in an ElasticSearch mapping file' -x # TODO
+complete -c tshark -l export-objects -d 'Export all objects within a protocol into directory given destination directory' -x # TODO
--- a/share/completions/wireshark.fish
+++ b/share/completions/wireshark.fish
@ -0,0 +1,15 @@
+# Wireshark - Interactively dump and analyze network traffic
+
+__fish_complete_wireshark wireshark
+
+complete -c wireshark -l display -d 'Specifies the X display to use' -x
+complete -c wireshark -l fullscreen -d 'Start Wireshark in full screen' -x
+complete -c wireshark -s g -d 'After reading in a capture file using th e-r flag, go to the given packet number' -x
+complete -c wireshark -s H -d 'Hide the capture info dialog during live packet capture'
+complete -c wireshark -s j -d 'When no exact match is found by a -J filter, select the first package before'
+complete -c wireshark -s J -d 'Jump to packet matching filter (display filter syntax)' -x
+complete -c wireshark -s k -d 'Start the capture session immediately'
+complete -c wireshark -s l -d 'Turn on automatic scrolling'
+complete -c wireshark -s m -d 'Set the font name used for most text' -x
+complete -c wireshark -s P -d 'Override a configuration or data path' -x # TODO
+complete -c wireshark -s S -d 'Automatically update the packet display as packets are coming in'
--- a/share/functions/__fish_complete_wireshark.fish
+++ b/share/functions/__fish_complete_wireshark.fish
@ -0,0 +1,114 @@
+# Helper functions for wireshark/tshark/dumpcap completion
+
+function __fish_wireshark_choices
+    string replace -rf -- '^\s*(\S+) \(?([^)]*)\)?$' '$1\t$2' $argv
+end
+
+function __fish_wireshark_interface
+    # no remote capture yet
+    command tshark -D | string replace -r ".*\. (\S+)\s*\(?([^)]*)\)?\$" '$1\t$2'
+end
+
+function __fish_wireshark_protocol
+    command tshark -G protocols | awk -F\t '{print $3"\t"$1}'
+end
+
+function __fish_wireshark_heuristic
+    command tshark -G heuristic-decodes | awk -F\t '{print $2"\t"$1}'
+end
+
+function __fish_tshark_name_resolving_flags
+    printf -- (commandline -ct | string replace -r -- '^-N' '')%s\n \
+        d\t"enable resolution from captured DNS packets" \
+        m\t"enable MAC address resolution" \
+        n\t"enable network address resolution" \
+        N\t"enable using external resolvers (such as DNS) for network address resolution" \
+        t\t"enable transport-layer port number resolution" \
+        v\t"enable VLAN IDs to names resolution"
+end
+
+function __fish_tshark_decode_as
+    set -l tok (commandline -ct | string collect)
+    if string match -rq -- '==$' $tok
+        return
+    else if string match -rq -- '(==|,)' $tok
+        set -l tok_no_comma (string replace -r -- ',.*$' '' $tok)
+        command tshark -d (string replace -r -- '^-d' '' $tok) 2>|
+        string replace -rf -- "^\t(\S+) \(?([^\)]*)\)?\$" "$tok_no_comma,\$1\t\$2"
+    else
+        command tshark -d . 2>| string replace -rf -- "^\t(\S+) \(?([^\)]*)\)?\$" '$1==\t$2'
+    end
+end
+
+
+function __fish_complete_wireshark
+    set -l shark $argv
+    complete -c $shark -s a -l autostop -d 'Specify a criterion to stop writing the capture file' -xa '
+duration:\t"Stop writing to capture files after N seconds have elapsed"
+files:\t"Stop writing to capture files after N files were written"
+filesize:\t"Stop writing a capture file after it reaches a size of N kB"
+packets:\t"Stop writing a capture file after it contains N packets"'
+    complete -c $shark -s b -l ring-buffer -d 'Write multiple capture files' -xa '
+duration:\t"Switch to the next file after N seconds have elapsed"
+files:\t"Begin again with the first file after N files were written"
+filesize:\t"Switch to the next file after it reaches a size of N kB"
+interval:\t"Switch to the next file when the time is an exact multiple of N seconds"
+packets:\t"Switch to the next file after it contains N packets"'
+    complete -c $shark -s B -l buffer-size -d 'Set capture buffer size (in MiB, default is 2 MiB)' -x
+    complete -c $shark -s c -d 'Set the maximum number of packets to read' -x
+    complete -c $shark -l capture-comment -d 'Add a capture comment to the output file' -x
+    complete -c $shark -s D -l list-interfaces -d "Print a list of interfaces on which $shark can capture and exit"
+    complete -c $shark -s f -d 'Set a capture filter expression' -x
+    complete -c $shark -s i -ra '(__fish_wireshark_interface)'
+    complete -c $shark -s i -ra '-\t"Capture from standard input"' \
+        -d 'Network interface or pipe to use for live packet capture'
+    complete -c $shark -s I -l monitor-mode -d 'Put the interface in "monitor mode"' -xa '(__fish_wireshark_interface)'
+    complete -c $shark -s L -l list-data-link-types -d 'List the data link types supported by the interface and exit'
+    complete -c $shark -l list-time-stamp-types -d 'List time stamp types supported for the interface'
+    complete -c $shark -s p -l no-promiscuous-mode -d "Don't put the interface into promiscuous mode"
+    complete -c $shark -s s -l snapshot-length -d 'Set the default snapshot length in bytes to use when capturing live data' -x
+    complete -c $shark -l time-stamp-type -d "Change the interface's timestamp method" -xa '(__fish_wireshark_choices (command tshark --list-time-stamp-types))'
+    complete -c $shark -s v -l version -d 'Print the version and exit'
+    complete -c $shark -s w -d 'Write raw packet data to the given file ("-" means stdout)' -r
+    complete -c $shark -s y -l linktype -d 'Set the data link type to use while capturing packets' -xa '(__fish_wireshark_choices (command tshark -L))'
+
+    switch $shark
+        case dumpcap tshark
+            complete -c tshark -s q -d "Don't display the continuous count of packets captured"
+            complete -c tshark -s g -d 'Create output files with greoup-read permissions'
+    end
+
+    switch $shark
+        case wireshark tshark
+            complete -c $shark -s C -d 'Run with the given configuration profile' -xa '(
+set -l folders (tshark -G folders | awk \'/Personal configuration/{ print $NF}\')/profiles/*
+string match -r "[^/]*\\$" -- $folders)'
+            complete -c $shark -s d -d 'Specify how a layer type should be dissected' -xa '(__fish_tshark_decode_as)'
+            complete -c $shark -l enable-protocol -d 'Enable dissection of the given protocol' -xa '(__fish_wireshark_protocol)'
+            complete -c $shark -l disable-protocol -d 'Disable dissection of the given protocol' -xa '(__fish_wireshark_protocol)'
+            complete -c $shark -l enable-heuristic -d 'Enable dissection of heuristic protocol' -xa '(__fish_wireshark_heuristic)'
+            complete -c $shark -l disable-heuristic -d 'Disable dissection of heuristic protocol' -xa '(__fish_wireshark_heuristic)'
+            complete -c $shark -s K -d 'Load kerberos crypt keys from the specified keytab file' -r
+            complete -c $shark -s n -d 'Disable network object name resolution (hostname, TCP and UDP port names)'
+            complete -c $shark -s N -d 'Turn on name resolution only for particular types of addresses and port numbers' -xa '( __fish_tshark_name_resolving_flags)'
+            complete -c $shark -s o -d 'Override a preference value' -xa '(
+    command tshark -G defaultprefs | string replace -rf -- \'^#([a-z].*):.*\' \'$1:\')'
+            complete -c $shark -s r -l read-file -d 'Read packet data from the given file' -r
+            complete -c $shark -s R -l read-filter -d 'Apply the given read filter' -x
+            complete -c $shark -s t -d 'Set the format of the packet timestamp printed in summary lines' -xa '
+a\t"absolute time"
+ad\t"absolute time with date"
+adoy\t"absolute time with date using day of year"
+d\t"delta: time since the previous packet was captured"
+dd\t"delta displayed: time since the previous displayed packet was captured"
+e\t"epoch: time in seconds since Jan 1, 1970"
+r\t"relative time elapsed between the first packet and the current packet"
+u\t"absolute UTC time"
+ud\t"absolute UTC time with date"
+udoy\t"absolute UTC time with date using day of year"'
+            complete -c $shark -s u -d "Specifies the seconds type" -xa 's\t"seconds" hms\t"hours, minutes and seconds"'
+            complete -c $shark -s X -d "Specify an extension to be passed to a $shark module" -x # TODO
+            complete -c $shark -s Y -l display-filter -d 'Apply the given display filter' -x
+            complete -c $shark -s z -d 'Collect various types of statistics' -x # TODO
+    end
+end