2

我写了一个awk脚本,但我不断收到以下错误:

awk: line 29: syntax error at or near :

我不明白为什么我不断收到此错误。

脚本如下(脚本很大,但错误仅在顶部。为了完整起见,刚刚添加了脚本。已为错误行标记了一个标志)。

#!/bin/sh

tshark -V -r $1 > .pcap_out1_ver.txt
tshark -r $1 > .pcap_out_summ.txt

awk -F ":" '
BEGIN {
#Packet types and subtypes.
    frame_id[0] = "Association Request";
    frame_id[1] = "Association Response";
    frame_id[2] = "Association Response";
    frame_id[3] = "Reassociation Response";
    frame_id[4] = "Probe Request";
    frame_id[5] = "Probe Response";
    frame_id[6] = "Reserved";
    frame_id[7] = "Reserved";
    frame_id[8] = "Beacon";
    frame_id[9] = "ATIM";
    frame_id[10] = "Disassociation";
    frame_id[11] = "Authentication";
    frame_id[12] = "Deauthentication";
    frame_id[13] = "Action";
    for(x=14; x<24; ++x) {
        frame_id[x] = "Reserved";   
    }
    frame_id[24] = "Block Ack Request";
    frame_id[25] = "Block Ack";
    frame_id[26] = "PS-Poll";
    frame_id[27] = "RTS";     #******Error here****
    frame_id[28] = "CTS";
    frame_id[29] = "ACK";
    frame_id[30] = "CF-end";
    frame_id[31] = "CF-end + CF-ack";
    frame_id[32] = "Data";
    frame_id[33] = "Data + CF-ack";
    frame_id[34] = "Data + CF-poll";
    frame_id[35] = "Data + CF-ack +CF-poll";
    frame_id[36] = "Null";
    frame_id[37] = "CF-ack";
    frame_id[38] = "CF-poll";
    frame_id[39] = "CF-ack + CF-poll";
    frame_id[40] = "QoS data";
    frame_id[41] = "QoS data + CF-ack";
    frame_id[42] = "QoS data + CF-poll";
    frame_id[43] = "QoS data + CF-ack + CF-poll";
    frame_id[44] = "QoS Null";
    frame_id[45] = "Reserved";
    frame_id[46] = "QoS + CF-poll (no data)";
    frame_id[47] = "Qos + CF-ack (no data)";
    packet_type[0] = "Management";
    packet_type[1] = "Control";
    packet_type[2] = "Data";
#Variables for storing stats.
    captured_length = 0;
    for(x=0; x<50; ++x) {
        count[x]=0;
        traffic[x]=0;
    }
#Counter for Epoch Time. Avg data rates.
    next_mark=0;
    j=0;
    first_epoch_time = 0;
    cur_epoch_time = 0;
#Counter for rssi values.
    k=0;
}
{
    gsub(/^[ \t]+/, "", $1);
    if($1=="Frame Control") { 
        gsub(/^[ \t]+/, "", $2);
        intRep = sprintf("%d", "0x" substr($2, 4, 2));
        traffic[intRep] += captured_length;
        count[intRep] += 1;
    } else if($1=="Capture Length") {
        gsub(/^[ \t]+/, "", $2);
        gsub(/ [^\0]*/,"", $2);
        captured_length = $2;
    } else if($1=="Epoch Time") {
        gsub(/^[ \t]+/, "", $2);
        gsub(/ [^\0]*/, "", $2);
        if(next_mark<$2) {
            if(next_mark==0) {
                next_mark = $2+60;
                first_epoch_time = $2;
            } else {
                next_mark += 60;
                j++;
            }
            #initialization of array element before using.
            traffic_per_min[j] = 0;
            count_per_min[j] = 0;
            data_rate[j] = 0;
        }
        cur_epoch_time = $2;
        traffic_per_min[j] += captured_length;
        count_per_min[j] += 1;
    } else if($1=="SSI signal") {
        gsub(/^[ \t]+/, "", $2);
        print "ssi signal"
        if( substr($2, 0, 1) == "-") {
            rssi_v[k] = $2;
            rssi_t[k] = cur_epoch_time;
            print rssi_v[k];
            print rssi_t[k];
            k++;
        }
    } else if($1=="Data Rate") {
        gsub(/^[ \t]+/, "", $2);
        gsub(/ [^\0]*/, "", $2);
        data_rate_avg[j] += $2;
        data_rate[k] = $2;
    }
}
END {
#   print "Packet Subtype" "No. of Packets" "Amount of traffic"
    for(x=0; x<48; ++x) {
        if(count[x] != 0) {
            print frame_id[x]":"count[x]":"traffic[x];
        }
    }
    print "-----"
    for(x=0; x<=j; ++x) {
        print x traffic_per_min[x]/count_per_min[x];
    }

}
' .pcap_out1_ver.txt > .parsed.txt

awk -F " \t" '
BEGIN {
    for(x=0; x<6; ++x)
        count[6] = 0;
    protocol[0] = "HTTP";
    protocol[1] = "ARP";
    protocol[2] = "SMTP";
    protocol[3] = "DNS";
    protocol[4] = "FTP";
    protocol[5] = "DHCP";
}
{
    if($5==protocol[0]){
        count[0] += 1;
    } else if($5==protocol[1]) {
        count[1] += 1;
    } else if($5==protocol[2]) {
        count[2] += 1;
    } else if($5==protocol[3]) {
        count[3] += 1;
    } else if($5==protocol[4]) {
        count[4] += 1;  
    } else if($5==protocol[5]) {
        count[5] += 1;  
    }
}
END {
    for(x=0; x<6; ++x) {
        print protocol[x]:count[x]
    }
}
' .pcap_out_summ.txt > .app_net.txt 
4

3 回答 3

3

You have this line in the END block:

print protocol[x]:count[x]

It should be replaced with:

print protocol[x]":"count[x]
于 2013-02-08T19:14:45.770 回答
3

除了您的语法错误之外,我能否就您的 awk 脚本提出建议或 2:

  1. 摆脱所有那些空语句(虚假的尾随分号)。
  2. 您似乎没有掌握 awks 关联数组的强大功能。以您的第二个脚本为例。它可以重写为:

    awk -F " \t" '
       BEGIN { n=split("HTTP ARP SMTP DNS FTP DHCP",protocol,/ /) }
       { count[$5]++ }
       END { for(x=0;x<n;++x) print protocol[x]":"count[protocol[x]]+0 }
    ' .pcap_out_summ.txt > .app_net.txt
    

您可能想看看 Arnold Robbins 的《Effective Awk Programming, Third Edition》一书 ( http://www.oreilly.com/catalog/awkprog3/ )。

于 2013-02-08T20:19:57.007 回答
0

As awk tells you, this line of your second awk script is wrong:

print protocol[x]:count[x]

You probably meant to print a colon:

print protocol[x] ":" count[x]
于 2013-02-08T19:14:49.087 回答