Re: tshark summary lines

[Guy Harris <guy () alum mit edu>]

On Oct 2, 2012, at 12:08 PM, Ed Beroset <beroset () mindspring com> wrote:

> Christopher Maynard wrote:
>
> > So this new one from ask that Ed mentioned here is about printing both the
> > entire summary line, which you get with -P, as well as the packet details,
> > which you get with -V.  Currently if you specify both -P and -V, you get the
> > packets details only, but no summary line.  I'd say this is a reasonable
> > request and that this should probably also work with -O <protocols> as well
> > (any others?).  But best to file an enhancement bug report for it.
>
> Done.  It's now input as Bug 7782.  I'll see if I can create a patch some time this week.

Note that getting this right is a bit of work:

    if neither -P nor -V nor -x are specified, then packet summaries should be printed if and only if we're not writing 
to a capture file and -q wasn't specified;

    if any of -P, -V, or -x are specified, then the corresponding information should be printed, even if we're writing 
to a capture file, but, if we're writing the capture file to the standard output, the command should report an error 
and fail (as you'll get plain text and binary capture file data mixed up randomly on the standard output).

This means that, in the getopt() loop, -P should probably set a "-P flag specified" boolean, and the same with -V and 
-x, and only after all the command-line options are parsed should it decide whether to print anything at all (print if 
either

        -P, -V, or -x specified;

        neither -w nor -q specified;

and maybe fail if -P, -V, or -x are specified *and* -q is specified, as that's inconsistent).

Note also that there are places in tshark.c where it assumes that if you're not printing packet details you're printing 
packet summaries *and* that if you *are* printing packet summaries you're *not* printing packet details (look for some 
of the tests of "verbose").

This also raises the question of what "-x" should mean.  Currently, "-x" by itself means "packet summary and hex/ASCII 
dump", and "-xV" means "packet details and hex/ASCII dump".  Would having "-x" by itself meaning "print *only* the 
hex/ASCII dump", so that you'd need "-Px" to get what "-x" currently prints, be useful enough to break compatibility?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe