pcap_processor/commands/

unique.rs

use crate::cli::{SortOrder, UniqueArgs};
use crate::error::Result;
use crate::output::{OutputData, ValueEntry, format_output};
use crate::tshark::{TsharkConfig, TsharkRunner, TsharkValidator};
use std::collections::HashMap;

pub fn run_unique(args: UniqueArgs, tshark_path: Option<std::path::PathBuf>) -> Result<()> {
    let config = TsharkConfig::detect(tshark_path)?;
    let runner = TsharkRunner::new(config);
    let mut validator = TsharkValidator::new(&runner);

    // Validate field
    validator.validate_field(&args.field)?;

    // Validate filter if provided
    if let Some(ref filter) = args.filter {
        validator.validate_filter(filter)?;
    }

    // Expand file patterns
    let files = validator.expand_files(&args.files)?;

    // Collect all values from all files
    let mut value_counts: HashMap<String, usize> = HashMap::new();

    for file in &files {
        let values = runner.extract_field_values(
            file,
            &args.field,
            args.filter.as_deref(),
            args.no_resolve,
        )?;

        for value in values {
            *value_counts.entry(value).or_insert(0) += 1;
        }
    }

    // Convert to entries
    let mut entries: Vec<ValueEntry> = value_counts
        .into_iter()
        .map(|(value, count)| ValueEntry { value, count })
        .collect();

    // Sort
    match args.sort {
        SortOrder::Value => {
            entries.sort_by(|a, b| a.value.cmp(&b.value));
        }
        SortOrder::Count => {
            entries.sort_by(|a, b| b.count.cmp(&a.count).then(a.value.cmp(&b.value)));
        }
    }

    // Build output data
    let data = OutputData {
        field: args.field,
        total_unique: entries.len(),
        values: entries,
    };

    // Format and print output
    let output = format_output(&data, args.format, args.count)?;
    print!("{}", output);

    Ok(())
}