osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Strip Headers: Add separate menu dialog, tshark help 

Add a separate menu for Strip Headers (similar to Export PDU, but exporting
to an encapsulation other than WIRESHARK_UPPER_PDU everything for
that encapsulation). Add to the usage output of tshark for the "-U"
option which encapsulation a export tap will produce.
This commit is contained in:
John Thacker 2022-02-25 07:49:51 -05:00
parent cbf76ea22f
commit 939972800e
11 changed files with 256 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
docbook/wsug_src/WSUG_chapter_io.adoc
View File

@ -999,18 +999,14 @@ The “Export PDUs to File...” dialog box allows you to filter the captured Pr
.Export PDUs to File window
image::wsug_graphics/ws-export-pdus-to-file.png[{screenshot-attrs}]
. To select the data according to your needs, type the filter value into the `Display Filter` field. For more information about filters syntax, see the link:https://www.wireshark.org/docs/man-pages/wireshark-filter.html[Wireshark Filters] man page.
. To select the data according to your needs, optionally type a filter value into the `Display Filter` field. For more information about filter syntax, see the link:https://www.wireshark.org/docs/man-pages/wireshark-filter.html[Wireshark Filters] man page.
. In the field below the `Display Filter` field you can choose the level from which you want to export the PDUs to the file. There are nine levels:
. In the field below the `Display Filter` field you can choose the level from which you want to export the PDUs to the file. There are seven levels:
+
.. `DLT User`. You can export a protocol, which is framed in the user data link type table without the need to reconfigure the DLT user table. For more information, see the link:https://gitlab.com/wireshark/wireshark/-/wikis/HowToDissectAnything[How to Dissect Anything] page.
+
.. `DVB-CI`. You can use it for the Digital Video Broadcasting (DVB) protocol.
+
.. `Ethernet`. You can use it to export Ethernet encapsulated in other protocols.
+
.. `IP`. You can use it to export IPv4 and IPv6 encapsulated in other protocols.
+
.. `Logcat` and `Logcat Text`. You can use them for the Android logs.
+
.. `OSI layer 3`. You can use it to export PDUs encapsulated in the IPSec or SCTP protocols.
@ -1025,7 +1021,33 @@ NOTE: As a developer you can add any dissector to the existing list or define a
. You may save the temporary file just like any captured file. See <<ChIOSaveSection>> for details.
+
NOTE: The `Ethernet` and `IP` options produce capture files with common encapsulation types that can be read in virtually any other tool, but the other options produce files with a `Wireshark Upper PDU` encapsulation type that has more limited support outside of Wireshark.
NOTE: The file produced has a `Wireshark Upper PDU` encapsulation type that has somewhat limited support outside of Wireshark, but is very flexible and can contain PDUs for any protocol for which there is a Wireshark dissector.
[#ChIOStripHeaders]
==== The “Strip Headers...” Dialog Box
The “Strip Headers...” dialog box allows you to filter known encapsulation types on whatever protocol layer they appear and export them into a new capture file, removing lower level protocols. It allows you to export reassembled packets and frames without lower layers such as GPF, GRE, GSE, GTP-U, MPLS, MPE, PPP, and more. If Wireshark has performed decryption, then you can export decrypted IP from protocols like IEEE 802.11 or IPSec without having to save encryption keys.
The procedure is similar to that of <<ChIOExportPDUSDialog>>:
. In the main menu select menu:File[Strip Headers...]. Wireshark will open a corresponding dialog.
. To select the data according to your needs, optionally type a filter value into the `Display Filter` field. For more information about filter syntax, see the link:https://www.wireshark.org/docs/man-pages/wireshark-filter.html[Wireshark Filters] man page.
. In the field below the `Display Filter` field you can choose the encapsulation type you want to find and export to the file. There are two encapsulations supported:
+
.. `Ethernet`. You can use it to export Ethernet encapsulated in other protocols.
+
.. `IP`. You can use it to export IPv4 and IPv6 encapsulated in other protocols.
+
NOTE: As a developer you can add encapsulations to the list by using the functions in `epan/exported_pdu.h`.
. To finish exporting to file, click the btn:[OK] button in the bottom-right corner. This will close the originally captured file and open the exported results instead as a temporary file in the main Wireshark window.
. You may save the temporary file just like any captured file. See <<ChIOSaveSection>> for details.
+
NOTE: The new capture files produced have standard encapsulation types and can be read in nearly any tool.
[#ChIOExportTLSSessionKeys]

4
tshark.c
View File

@ -323,11 +323,11 @@ list_read_capture_types(void)
static void
list_export_pdu_taps(void)
{
fprintf(stderr, "tshark: The available export tap names for the \"-U tap_name\" option are:\n");
fprintf(stderr, "tshark: The available export tap names and the encapsulation types they produce for the \"-U tap_name\" option are:\n");
for (GSList *export_pdu_tap_name_list = get_export_pdu_tap_list();
export_pdu_tap_name_list != NULL;
export_pdu_tap_name_list = g_slist_next(export_pdu_tap_name_list)) {
fprintf(stderr, " %s\n", (const char*)(export_pdu_tap_name_list->data));
fprintf(stderr, " %s - %s\n", (const char*)(export_pdu_tap_name_list->data), wtap_encap_description(export_pdu_tap_get_encap((const char*)export_pdu_tap_name_list->data)));
}
}

3
ui/qt/CMakeLists.txt
View File

@ -230,6 +230,7 @@ set(WIRESHARK_QT_HEADERS
show_packet_bytes_dialog.h
simple_statistics_dialog.h
stats_tree_dialog.h
strip_headers_dialog.h
supported_protocols_dialog.h
tabnav_tree_widget.h
tap_parameter_dialog.h
@ -465,6 +466,7 @@ set(WIRESHARK_QT_SRC
simple_dialog.cpp
simple_statistics_dialog.cpp
supported_protocols_dialog.cpp
strip_headers_dialog.cpp
tabnav_tree_widget.cpp
tap_parameter_dialog.cpp
tcp_stream_dialog.cpp
@ -587,6 +589,7 @@ set(WIRESHARK_QT_UI
search_frame.ui
sequence_dialog.ui
show_packet_bytes_dialog.ui
strip_headers_dialog.ui
supported_protocols_dialog.ui
tap_parameter_dialog.ui
tcp_stream_dialog.ui

4
ui/qt/export_pdu_dialog.cpp
View File

@ -28,7 +28,9 @@ ExportPDUDialog::ExportPDUDialog(QWidget *parent) :
ui->setupUi(this);
for (tap_name_list = get_export_pdu_tap_list(); tap_name_list; tap_name_list = g_slist_next(tap_name_list)) {
ui->comboBox->addItem((const char*)(tap_name_list->data));
if (export_pdu_tap_get_encap((const char*)tap_name_list->data) == WTAP_ENCAP_WIRESHARK_UPPER_PDU) {
ui->comboBox->addItem((const char*)(tap_name_list->data));
}
}
}
void ExportPDUDialog::on_buttonBox_accepted()

2
ui/qt/main_window.cpp
View File

@ -2488,6 +2488,7 @@ void MainWindow::setMenusForCaptureFile(bool force_disable)
main_ui_->actionFileExportPacketBytes->setEnabled(enable);
main_ui_->actionFileExportPDU->setEnabled(enable);
main_ui_->actionFileStripHeaders->setEnabled(enable);
main_ui_->actionFileExportTLSSessionKeys->setEnabled(enable);
foreach(QAction *eo_action, main_ui_->menuFileExportObjects->actions()) {
@ -2518,6 +2519,7 @@ void MainWindow::setMenusForCaptureInProgress(bool capture_in_progress) {
main_ui_->actionFileExportPacketBytes->setEnabled(capture_in_progress);
main_ui_->actionFileExportPDU->setEnabled(!capture_in_progress);
main_ui_->actionFileStripHeaders->setEnabled(!capture_in_progress);
main_ui_->actionFileExportTLSSessionKeys->setEnabled(capture_in_progress);
foreach(QAction *eo_action, main_ui_->menuFileExportObjects->actions()) {

1
ui/qt/main_window.h
View File

@ -490,6 +490,7 @@ private slots:
void on_actionFilePrint_triggered();
void on_actionFileExportPDU_triggered();
void on_actionFileStripHeaders_triggered();
void on_actionFileExportTLSSessionKeys_triggered();
void actionEditCopyTriggered(MainWindow::CopySelected selection_type);

9
ui/qt/main_window.ui
View File

@ -194,6 +194,7 @@
<addaction name="menuFileExportPacketDissections"/>
<addaction name="actionFileExportPacketBytes"/>
<addaction name="actionFileExportPDU"/>
<addaction name="actionFileStripHeaders"/>
<addaction name="actionFileExportTLSSessionKeys"/>
<addaction name="menuFileExportObjects"/>
<addaction name="separator"/>
@ -2121,6 +2122,14 @@
<string>Export PDUs to File…</string>
</property>
</action>
<action name="actionFileStripHeaders">
<property name="text">
<string>Strip Headers…</string>
</property>
<property name="toolTip">
<string>Strip headers and export higher level encapsulations to file</string>
</property>
</action>
<action name="actionStatisticsIOGraph">
<property name="text">
<string>&amp;I/O Graphs</string>

19
ui/qt/main_window_slots.cpp
View File

@ -150,6 +150,7 @@ DIAG_ON(frame-larger-than=)
#include "sequence_dialog.h"
#include "show_packet_bytes_dialog.h"
#include "stats_tree_dialog.h"
#include "strip_headers_dialog.h"
#include <ui/qt/utils/stock_icon.h>
#include "supported_protocols_dialog.h"
#include "tap_parameter_dialog.h"
@ -1941,6 +1942,24 @@ void MainWindow::on_actionFileExportPDU_triggered()
exportpdu_dialog->activateWindow();
}
void MainWindow::on_actionFileStripHeaders_triggered()
{
StripHeadersDialog *stripheaders_dialog = new StripHeadersDialog(this);
if (stripheaders_dialog->isMinimized() == true)
{
stripheaders_dialog->showNormal();
}
else
{
stripheaders_dialog->show();
}
stripheaders_dialog->raise();
stripheaders_dialog->activateWindow();
}
void MainWindow::on_actionFileExportTLSSessionKeys_triggered()
{
QString file_name;

47
ui/qt/strip_headers_dialog.cpp Normal file
View File

@ -0,0 +1,47 @@
/* strip_headers_dialog.cpp
* Dialog for stripping lower level protocols and outputting protocols
* with a native encapsulation to file
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "config.h"
#include "strip_headers_dialog.h"
#include <ui_strip_headers_dialog.h>
#include <epan/tap.h>
#include <epan/exported_pdu.h>
#include "ui/export_pdu_ui_utils.h"
#include "ui/capture_globals.h"
StripHeadersDialog::StripHeadersDialog(QWidget *parent) :
QDialog(parent),
ui(new Ui::StripHeadersDialog)
{
GSList *tap_name_list;
ui->setupUi(this);
for (tap_name_list = get_export_pdu_tap_list(); tap_name_list; tap_name_list = g_slist_next(tap_name_list)) {
if (export_pdu_tap_get_encap((const char*)tap_name_list->data) != WTAP_ENCAP_WIRESHARK_UPPER_PDU) {
ui->comboBox->addItem((const char*)(tap_name_list->data));
}
}
}
void StripHeadersDialog::on_buttonBox_accepted()
{
const QByteArray& filter = ui->displayFilterLineEdit->text().toUtf8();
const QByteArray& tap_name = ui->comboBox->currentText().toUtf8();
do_export_pdu(filter.constData(), global_capture_opts.temp_dir, tap_name.constData());
}
StripHeadersDialog::~StripHeadersDialog()
{
delete ui;
}

35
ui/qt/strip_headers_dialog.h Normal file
View File

@ -0,0 +1,35 @@
/** @file
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef STRIP_HEADERS_DIALOG_H
#define STRIP_HEADERS_DIALOG_H
#include <QDialog>
#include <QDebug>
namespace Ui {
class StripHeadersDialog;
}
class StripHeadersDialog : public QDialog
{
Q_OBJECT
public:
explicit StripHeadersDialog(QWidget *parent = 0);
~StripHeadersDialog();
private:
Ui::StripHeadersDialog *ui;
private slots:
void on_buttonBox_accepted();
};
#endif // STRIP_HEADERS_DIALOG_H

106
ui/qt/strip_headers_dialog.ui Normal file
View File

@ -0,0 +1,106 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>StripHeadersDialog</class>
<widget class="QDialog" name="StripHeadersDialog">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>393</width>
<height>158</height>
</rect>
</property>
<property name="windowTitle">
<string>Dialog</string>
</property>
<widget class="QDialogButtonBox" name="buttonBox">
<property name="geometry">
<rect>
<x>30</x>
<y>100</y>
<width>341</width>
<height>32</height>
</rect>
</property>
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="standardButtons">
<set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
</property>
</widget>
<widget class="QWidget" name="layoutWidget">
<property name="geometry">
<rect>
<x>16</x>
<y>20</y>
<width>361</width>
<height>29</height>
</rect>
</property>
<layout class="QHBoxLayout" name="horizontalLayout">
<item>
<widget class="QLabel" name="label">
<property name="text">
<string>Display filter:</string>
</property>
</widget>
</item>
<item>
<widget class="DisplayFilterEdit" name="displayFilterLineEdit"/>
</item>
</layout>
</widget>
<widget class="QComboBox" name="comboBox">
<property name="geometry">
<rect>
<x>10</x>
<y>60</y>
<width>120</width>
<height>30</height>
</rect>
</property>
</widget>
</widget>
<customwidgets>
<customwidget>
<class>DisplayFilterEdit</class>
<extends>QLineEdit</extends>
<header>widgets/display_filter_edit.h</header>
</customwidget>
</customwidgets>
<connections>
<connection>
<sender>buttonBox</sender>
<signal>accepted()</signal>
<receiver>StripHeadersDialog</receiver>
<slot>accept()</slot>
<hints>
<hint type="sourcelabel">
<x>248</x>
<y>254</y>
</hint>
<hint type="destinationlabel">
<x>157</x>
<y>274</y>
</hint>
</hints>
</connection>
<connection>
<sender>buttonBox</sender>
<signal>rejected()</signal>
<receiver>StripHeadersDialog</receiver>
<slot>reject()</slot>
<hints>
<hint type="sourcelabel">
<x>316</x>
<y>260</y>
</hint>
<hint type="destinationlabel">
<x>286</x>
<y>274</y>
</hint>
</hints>
</connection>
</connections>
</ui>