pcap_processor/

cli.rs

use clap::{Parser, Subcommand, ValueEnum};
use std::path::PathBuf;

#[derive(Parser)]
#[command(name = "pcap-processor")]
#[command(about = "Extract and summarize information from pcap files")]
#[command(version)]
pub struct Cli {
    #[command(subcommand)]
    pub command: Commands,

    /// Custom tshark path
    #[arg(long, global = true, env = "PCAP_PROCESSOR_TSHARK")]
    pub tshark: Option<PathBuf>,
}

#[derive(Subcommand)]
pub enum Commands {
    /// Extract unique values for a packet field
    Unique(UniqueArgs),

    /// Extract matching packets to a new pcap file (not yet implemented)
    Extract(ExtractArgs),
}

#[derive(Parser)]
pub struct UniqueArgs {
    /// Wireshark field name (e.g., ip.src, tcp.port, cflow.inputint)
    pub field: String,

    /// Input pcap file(s) - supports glob patterns
    #[arg(required = true)]
    pub files: Vec<String>,

    /// Wireshark display filter
    #[arg(short, long)]
    pub filter: Option<String>,

    /// Output format
    #[arg(short = 'F', long, value_enum, default_value = "plain")]
    pub format: OutputFormat,

    /// Include occurrence counts
    #[arg(short, long)]
    pub count: bool,

    /// Sort order for results
    #[arg(short, long, value_enum, default_value = "value")]
    pub sort: SortOrder,

    /// Disable name resolution (faster)
    #[arg(short, long)]
    pub no_resolve: bool,
}

#[derive(Parser)]
pub struct ExtractArgs {
    /// Wireshark display filter for matching packets
    #[arg(short, long)]
    pub filter: String,

    /// Input pcap file(s)
    #[arg(required = true)]
    pub files: Vec<String>,

    /// Output pcap file
    #[arg(short, long)]
    pub output: PathBuf,
}

#[derive(ValueEnum, Clone, Copy, Default)]
pub enum OutputFormat {
    #[default]
    Plain,
    Json,
    Csv,
}

#[derive(ValueEnum, Clone, Copy, Default)]
pub enum SortOrder {
    #[default]
    Value,
    Count,
}