diff --git a/CHANGELOG.md b/CHANGELOG.md index b77aa5c0a..a00934b77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# fish next-minor + +#### Completions +- Added completions for + - `wireshark`, `tshark`, and `dumpcap` + # fish 3.1b1 (released January 26, 2020) ## Notable improvements and fixes diff --git a/share/completions/dumpcap.fish b/share/completions/dumpcap.fish new file mode 100644 index 000000000..c6ad50f8f --- /dev/null +++ b/share/completions/dumpcap.fish @@ -0,0 +1,11 @@ +# dumpcap - Dump network traffic + +__fish_complete_wireshark dumpcap + +complete -c dumpcap -s C -d 'Limit the amount of memory in bytes for storing captured packets in memory' -x +complete -c dumpcap -s d -d 'Dump the code generated for the capture filter in a human-readable form, and exit' +complete -c dumpcap -s M -d 'When used with -D, -L, -S or --list-time-stamp-types print machine-readable output' +complete -c dumpcap -s N -d 'Limit the number of packets used for storing captured packets in memory' -x +complete -c dumpcap -s P -d 'Save files as pcap instead of the default pcapng' +complete -c dumpcap -s S -d 'Print statistics for each interface once every second' +complete -c dumpcap -s t -d 'Use a separate thread per interface' diff --git a/share/completions/tshark.fish b/share/completions/tshark.fish new file mode 100644 index 000000000..daa05dc38 --- /dev/null +++ b/share/completions/tshark.fish @@ -0,0 +1,57 @@ +# tshark - Dump and analyze network traffic + +__fish_complete_wireshark tshark + +function __fish_tshark_protocols + set -l tok (commandline -ct | string collect) + set -l tok_param (string replace -r -- '^-O' '' $tok) + command tshark -G protocols | while read -d \t name shortname identifier + printf "%s%s\t%s\n" (string replace -r -- '(.+),[^,]*$' '$1,' $tok_param) $tok_no_comma $identifier $name + end +end + +complete -c tshark -s 2 -d 'Perform a two-pass analysis' +# This is fairly expensive, but only done upon the user pressing tab. +complete -c tshark -s e -d 'Add a field to the list of fields to display' -xa '(command tshark -G fields | awk -F\t \'{print $3"\t"$2}\')' +complete -c tshark -s E -d 'Set an option controlling the printing of fields' -xa ' +bom=y\t"Prepend output with the UTF-8 byte order mark" +header=y\t"Print a list of the selected field names" +separator=\t"Set the separator character to use for fields" +occurrence=\t"Select which occurrence to use for fields that have multiple: f=first, l=last, a=all" +aggregator=\t"Set the aggregator character to use for fields that have multiple occurrences" +quote=\t"Set the quote character to use to surround fields d=\", s=\', n=no quotes"' + +complete -c tshark -s F -d 'Set the output capture file format' -xa '(command tshark -F 2>| string replace -rf "\s+(\S+) - (.*)" \'$1\t$2\')' +complete -c tshark -s G -d 'Print a glossary' -xa '( +printf "help\tList available report types\n" +command tshark -G help | string replace -rf "\s+-G (\S+)\s+(.*)" \'$1\t$2\' +)' +complete -c tshark -s H -d 'Read a list of entries from a "hosts" file' -r +complete -c tshark -s j -d 'Protocol match filter used for ek|json|jsonraw|pdml output file types' -x +complete -c tshark -s J -d 'Protocol match filter used, includes all child protocols' -x +complete -c tshark -s l -d 'Flush the standard output after the information for each packet is printed' +complete -c tshark -s O -d 'Show a detailed view of the comma-separated list of protocols' -xa '(__fish_tshark_protocols)' +complete -c tshark -s P -l print -d 'Decode and display packet summary or details' +complete -c tshark -s Q -d "When capturing packets, don't display, on the standard error, the initial message" +complete -c tshark -s S -d 'Set the line separator to be printed between packets' -x +complete -c tshark -s T -d 'Set the format of the output when viewing decoded packet data' -xa ' +ek\t"Newline delimited JSON for bulk import into Elasticsearch" +fields\t"The values of fields specified with the -e option, in a form specified by the -E option" +json\t"JSON file format" +jsonraw\t"JSON file format including only raw hex-encoded packet data" +pdml\t"Packet Details Markup Language, an XML-based format for the details of a decoded packet" +ps\t"PostScript for a human-readable summary of each of the packets" +psml\t"Packet Summary Markup Language" +tabs\t"Tab-separated human-readable one-line packet summaries" +text\t"Default"' + +complete -c tshark -s U -d "PDUs export according to given tap name" -xa '( + printf "%s\tTap name\n" (command tshark -U "" 2>| string replace -rf "^tshark:\s*" "")[2..-1])' +complete -c tshark -s V -d 'Causes TShark to print a view of packet details' +complete -c tshark -s W -d 'Save extra information in the capture file if the format supports it' -xa "n" +complete -c tshark -s x -d 'Print hex and ASCII dumps of packet data' +complete -c tshark -s M -d 'Automatically reset internal session when reaching N packets' -x +complete -c tshark -l color -d 'Enable coloring of packets according to standard Wireshark color filters' +complete -c tshark -l no-duplicate-keys -d 'Merge duplicate keys in json output' +complete -c tshark -l elastic-mapping-filter -d 'Only put specified protocols in an ElasticSearch mapping file' -x # TODO +complete -c tshark -l export-objects -d 'Export all objects within a protocol into directory given destination directory' -x # TODO diff --git a/share/completions/wireshark.fish b/share/completions/wireshark.fish new file mode 100644 index 000000000..f0c21223f --- /dev/null +++ b/share/completions/wireshark.fish @@ -0,0 +1,15 @@ +# Wireshark - Interactively dump and analyze network traffic + +__fish_complete_wireshark wireshark + +complete -c wireshark -l display -d 'Specifies the X display to use' -x +complete -c wireshark -l fullscreen -d 'Start Wireshark in full screen' -x +complete -c wireshark -s g -d 'After reading in a capture file using th e-r flag, go to the given packet number' -x +complete -c wireshark -s H -d 'Hide the capture info dialog during live packet capture' +complete -c wireshark -s j -d 'When no exact match is found by a -J filter, select the first package before' +complete -c wireshark -s J -d 'Jump to packet matching filter (display filter syntax)' -x +complete -c wireshark -s k -d 'Start the capture session immediately' +complete -c wireshark -s l -d 'Turn on automatic scrolling' +complete -c wireshark -s m -d 'Set the font name used for most text' -x +complete -c wireshark -s P -d 'Override a configuration or data path' -x # TODO +complete -c wireshark -s S -d 'Automatically update the packet display as packets are coming in' diff --git a/share/functions/__fish_complete_wireshark.fish b/share/functions/__fish_complete_wireshark.fish new file mode 100644 index 000000000..e208d3e81 --- /dev/null +++ b/share/functions/__fish_complete_wireshark.fish @@ -0,0 +1,114 @@ +# Helper functions for wireshark/tshark/dumpcap completion + +function __fish_wireshark_choices + string replace -rf -- '^\s*(\S+) \(?([^)]*)\)?$' '$1\t$2' $argv +end + +function __fish_wireshark_interface + # no remote capture yet + command tshark -D | string replace -r ".*\. (\S+)\s*\(?([^)]*)\)?\$" '$1\t$2' +end + +function __fish_wireshark_protocol + command tshark -G protocols | awk -F\t '{print $3"\t"$1}' +end + +function __fish_wireshark_heuristic + command tshark -G heuristic-decodes | awk -F\t '{print $2"\t"$1}' +end + +function __fish_tshark_name_resolving_flags + printf -- (commandline -ct | string replace -r -- '^-N' '')%s\n \ + d\t"enable resolution from captured DNS packets" \ + m\t"enable MAC address resolution" \ + n\t"enable network address resolution" \ + N\t"enable using external resolvers (such as DNS) for network address resolution" \ + t\t"enable transport-layer port number resolution" \ + v\t"enable VLAN IDs to names resolution" +end + +function __fish_tshark_decode_as + set -l tok (commandline -ct | string collect) + if string match -rq -- '==$' $tok + return + else if string match -rq -- '(==|,)' $tok + set -l tok_no_comma (string replace -r -- ',.*$' '' $tok) + command tshark -d (string replace -r -- '^-d' '' $tok) 2>| + string replace -rf -- "^\t(\S+) \(?([^\)]*)\)?\$" "$tok_no_comma,\$1\t\$2" + else + command tshark -d . 2>| string replace -rf -- "^\t(\S+) \(?([^\)]*)\)?\$" '$1==\t$2' + end +end + + +function __fish_complete_wireshark + set -l shark $argv + complete -c $shark -s a -l autostop -d 'Specify a criterion to stop writing the capture file' -xa ' +duration:\t"Stop writing to capture files after N seconds have elapsed" +files:\t"Stop writing to capture files after N files were written" +filesize:\t"Stop writing a capture file after it reaches a size of N kB" +packets:\t"Stop writing a capture file after it contains N packets"' + complete -c $shark -s b -l ring-buffer -d 'Write multiple capture files' -xa ' +duration:\t"Switch to the next file after N seconds have elapsed" +files:\t"Begin again with the first file after N files were written" +filesize:\t"Switch to the next file after it reaches a size of N kB" +interval:\t"Switch to the next file when the time is an exact multiple of N seconds" +packets:\t"Switch to the next file after it contains N packets"' + complete -c $shark -s B -l buffer-size -d 'Set capture buffer size (in MiB, default is 2 MiB)' -x + complete -c $shark -s c -d 'Set the maximum number of packets to read' -x + complete -c $shark -l capture-comment -d 'Add a capture comment to the output file' -x + complete -c $shark -s D -l list-interfaces -d "Print a list of interfaces on which $shark can capture and exit" + complete -c $shark -s f -d 'Set a capture filter expression' -x + complete -c $shark -s i -ra '(__fish_wireshark_interface)' + complete -c $shark -s i -ra '-\t"Capture from standard input"' \ + -d 'Network interface or pipe to use for live packet capture' + complete -c $shark -s I -l monitor-mode -d 'Put the interface in "monitor mode"' -xa '(__fish_wireshark_interface)' + complete -c $shark -s L -l list-data-link-types -d 'List the data link types supported by the interface and exit' + complete -c $shark -l list-time-stamp-types -d 'List time stamp types supported for the interface' + complete -c $shark -s p -l no-promiscuous-mode -d "Don't put the interface into promiscuous mode" + complete -c $shark -s s -l snapshot-length -d 'Set the default snapshot length in bytes to use when capturing live data' -x + complete -c $shark -l time-stamp-type -d "Change the interface's timestamp method" -xa '(__fish_wireshark_choices (command tshark --list-time-stamp-types))' + complete -c $shark -s v -l version -d 'Print the version and exit' + complete -c $shark -s w -d 'Write raw packet data to the given file ("-" means stdout)' -r + complete -c $shark -s y -l linktype -d 'Set the data link type to use while capturing packets' -xa '(__fish_wireshark_choices (command tshark -L))' + + switch $shark + case dumpcap tshark + complete -c tshark -s q -d "Don't display the continuous count of packets captured" + complete -c tshark -s g -d 'Create output files with greoup-read permissions' + end + + switch $shark + case wireshark tshark + complete -c $shark -s C -d 'Run with the given configuration profile' -xa '( +set -l folders (tshark -G folders | awk \'/Personal configuration/{ print $NF}\')/profiles/* +string match -r "[^/]*\\$" -- $folders)' + complete -c $shark -s d -d 'Specify how a layer type should be dissected' -xa '(__fish_tshark_decode_as)' + complete -c $shark -l enable-protocol -d 'Enable dissection of the given protocol' -xa '(__fish_wireshark_protocol)' + complete -c $shark -l disable-protocol -d 'Disable dissection of the given protocol' -xa '(__fish_wireshark_protocol)' + complete -c $shark -l enable-heuristic -d 'Enable dissection of heuristic protocol' -xa '(__fish_wireshark_heuristic)' + complete -c $shark -l disable-heuristic -d 'Disable dissection of heuristic protocol' -xa '(__fish_wireshark_heuristic)' + complete -c $shark -s K -d 'Load kerberos crypt keys from the specified keytab file' -r + complete -c $shark -s n -d 'Disable network object name resolution (hostname, TCP and UDP port names)' + complete -c $shark -s N -d 'Turn on name resolution only for particular types of addresses and port numbers' -xa '( __fish_tshark_name_resolving_flags)' + complete -c $shark -s o -d 'Override a preference value' -xa '( + command tshark -G defaultprefs | string replace -rf -- \'^#([a-z].*):.*\' \'$1:\')' + complete -c $shark -s r -l read-file -d 'Read packet data from the given file' -r + complete -c $shark -s R -l read-filter -d 'Apply the given read filter' -x + complete -c $shark -s t -d 'Set the format of the packet timestamp printed in summary lines' -xa ' +a\t"absolute time" +ad\t"absolute time with date" +adoy\t"absolute time with date using day of year" +d\t"delta: time since the previous packet was captured" +dd\t"delta displayed: time since the previous displayed packet was captured" +e\t"epoch: time in seconds since Jan 1, 1970" +r\t"relative time elapsed between the first packet and the current packet" +u\t"absolute UTC time" +ud\t"absolute UTC time with date" +udoy\t"absolute UTC time with date using day of year"' + complete -c $shark -s u -d "Specifies the seconds type" -xa 's\t"seconds" hms\t"hours, minutes and seconds"' + complete -c $shark -s X -d "Specify an extension to be passed to a $shark module" -x # TODO + complete -c $shark -s Y -l display-filter -d 'Apply the given display filter' -x + complete -c $shark -s z -d 'Collect various types of statistics' -x # TODO + end +end