From 939972800e04c1f7707ef632135ccdc392d4c423 Mon Sep 17 00:00:00 2001 From: John Thacker Date: Fri, 25 Feb 2022 07:49:51 -0500 Subject: [PATCH] Strip Headers: Add separate menu dialog, tshark help Add a separate menu for Strip Headers (similar to Export PDU, but exporting to an encapsulation other than WIRESHARK_UPPER_PDU everything for that encapsulation). Add to the usage output of tshark for the "-U" option which encapsulation a export tap will produce. --- docbook/wsug_src/WSUG_chapter_io.adoc | 36 +++++++-- tshark.c | 4 +- ui/qt/CMakeLists.txt | 3 + ui/qt/export_pdu_dialog.cpp | 4 +- ui/qt/main_window.cpp | 2 + ui/qt/main_window.h | 1 + ui/qt/main_window.ui | 9 +++ ui/qt/main_window_slots.cpp | 19 +++++ ui/qt/strip_headers_dialog.cpp | 47 ++++++++++++ ui/qt/strip_headers_dialog.h | 35 +++++++++ ui/qt/strip_headers_dialog.ui | 106 ++++++++++++++++++++++++++ 11 files changed, 256 insertions(+), 10 deletions(-) create mode 100644 ui/qt/strip_headers_dialog.cpp create mode 100644 ui/qt/strip_headers_dialog.h create mode 100644 ui/qt/strip_headers_dialog.ui diff --git a/docbook/wsug_src/WSUG_chapter_io.adoc b/docbook/wsug_src/WSUG_chapter_io.adoc index 232c019814..e202a2fc54 100644 --- a/docbook/wsug_src/WSUG_chapter_io.adoc +++ b/docbook/wsug_src/WSUG_chapter_io.adoc @@ -999,18 +999,14 @@ The “Export PDUs to File...” dialog box allows you to filter the captured Pr .Export PDUs to File window image::wsug_graphics/ws-export-pdus-to-file.png[{screenshot-attrs}] -. To select the data according to your needs, type the filter value into the `Display Filter` field. For more information about filters syntax, see the link:https://www.wireshark.org/docs/man-pages/wireshark-filter.html[Wireshark Filters] man page. +. To select the data according to your needs, optionally type a filter value into the `Display Filter` field. For more information about filter syntax, see the link:https://www.wireshark.org/docs/man-pages/wireshark-filter.html[Wireshark Filters] man page. -. In the field below the `Display Filter` field you can choose the level from which you want to export the PDUs to the file. There are nine levels: +. In the field below the `Display Filter` field you can choose the level from which you want to export the PDUs to the file. There are seven levels: + .. `DLT User`. You can export a protocol, which is framed in the user data link type table without the need to reconfigure the DLT user table. For more information, see the link:https://gitlab.com/wireshark/wireshark/-/wikis/HowToDissectAnything[How to Dissect Anything] page. + .. `DVB-CI`. You can use it for the Digital Video Broadcasting (DVB) protocol. + -.. `Ethernet`. You can use it to export Ethernet encapsulated in other protocols. -+ -.. `IP`. You can use it to export IPv4 and IPv6 encapsulated in other protocols. -+ .. `Logcat` and `Logcat Text`. You can use them for the Android logs. + .. `OSI layer 3`. You can use it to export PDUs encapsulated in the IPSec or SCTP protocols. @@ -1025,7 +1021,33 @@ NOTE: As a developer you can add any dissector to the existing list or define a . You may save the temporary file just like any captured file. See <> for details. + -NOTE: The `Ethernet` and `IP` options produce capture files with common encapsulation types that can be read in virtually any other tool, but the other options produce files with a `Wireshark Upper PDU` encapsulation type that has more limited support outside of Wireshark. +NOTE: The file produced has a `Wireshark Upper PDU` encapsulation type that has somewhat limited support outside of Wireshark, but is very flexible and can contain PDUs for any protocol for which there is a Wireshark dissector. + +[#ChIOStripHeaders] + +==== The “Strip Headers...” Dialog Box + +The “Strip Headers...” dialog box allows you to filter known encapsulation types on whatever protocol layer they appear and export them into a new capture file, removing lower level protocols. It allows you to export reassembled packets and frames without lower layers such as GPF, GRE, GSE, GTP-U, MPLS, MPE, PPP, and more. If Wireshark has performed decryption, then you can export decrypted IP from protocols like IEEE 802.11 or IPSec without having to save encryption keys. + +The procedure is similar to that of <>: + +. In the main menu select menu:File[Strip Headers...]. Wireshark will open a corresponding dialog. + +. To select the data according to your needs, optionally type a filter value into the `Display Filter` field. For more information about filter syntax, see the link:https://www.wireshark.org/docs/man-pages/wireshark-filter.html[Wireshark Filters] man page. + +. In the field below the `Display Filter` field you can choose the encapsulation type you want to find and export to the file. There are two encapsulations supported: ++ +.. `Ethernet`. You can use it to export Ethernet encapsulated in other protocols. ++ +.. `IP`. You can use it to export IPv4 and IPv6 encapsulated in other protocols. ++ +NOTE: As a developer you can add encapsulations to the list by using the functions in `epan/exported_pdu.h`. + +. To finish exporting to file, click the btn:[OK] button in the bottom-right corner. This will close the originally captured file and open the exported results instead as a temporary file in the main Wireshark window. + +. You may save the temporary file just like any captured file. See <> for details. ++ +NOTE: The new capture files produced have standard encapsulation types and can be read in nearly any tool. [#ChIOExportTLSSessionKeys] diff --git a/tshark.c b/tshark.c index 3971fac16f..fc3060a88d 100644 --- a/tshark.c +++ b/tshark.c @@ -323,11 +323,11 @@ list_read_capture_types(void) static void list_export_pdu_taps(void) { - fprintf(stderr, "tshark: The available export tap names for the \"-U tap_name\" option are:\n"); + fprintf(stderr, "tshark: The available export tap names and the encapsulation types they produce for the \"-U tap_name\" option are:\n"); for (GSList *export_pdu_tap_name_list = get_export_pdu_tap_list(); export_pdu_tap_name_list != NULL; export_pdu_tap_name_list = g_slist_next(export_pdu_tap_name_list)) { - fprintf(stderr, " %s\n", (const char*)(export_pdu_tap_name_list->data)); + fprintf(stderr, " %s - %s\n", (const char*)(export_pdu_tap_name_list->data), wtap_encap_description(export_pdu_tap_get_encap((const char*)export_pdu_tap_name_list->data))); } } diff --git a/ui/qt/CMakeLists.txt b/ui/qt/CMakeLists.txt index c206c2f138..2738eb747b 100644 --- a/ui/qt/CMakeLists.txt +++ b/ui/qt/CMakeLists.txt @@ -230,6 +230,7 @@ set(WIRESHARK_QT_HEADERS show_packet_bytes_dialog.h simple_statistics_dialog.h stats_tree_dialog.h + strip_headers_dialog.h supported_protocols_dialog.h tabnav_tree_widget.h tap_parameter_dialog.h @@ -465,6 +466,7 @@ set(WIRESHARK_QT_SRC simple_dialog.cpp simple_statistics_dialog.cpp supported_protocols_dialog.cpp + strip_headers_dialog.cpp tabnav_tree_widget.cpp tap_parameter_dialog.cpp tcp_stream_dialog.cpp @@ -587,6 +589,7 @@ set(WIRESHARK_QT_UI search_frame.ui sequence_dialog.ui show_packet_bytes_dialog.ui + strip_headers_dialog.ui supported_protocols_dialog.ui tap_parameter_dialog.ui tcp_stream_dialog.ui diff --git a/ui/qt/export_pdu_dialog.cpp b/ui/qt/export_pdu_dialog.cpp index ac51d8ed64..09709e1815 100644 --- a/ui/qt/export_pdu_dialog.cpp +++ b/ui/qt/export_pdu_dialog.cpp @@ -28,7 +28,9 @@ ExportPDUDialog::ExportPDUDialog(QWidget *parent) : ui->setupUi(this); for (tap_name_list = get_export_pdu_tap_list(); tap_name_list; tap_name_list = g_slist_next(tap_name_list)) { - ui->comboBox->addItem((const char*)(tap_name_list->data)); + if (export_pdu_tap_get_encap((const char*)tap_name_list->data) == WTAP_ENCAP_WIRESHARK_UPPER_PDU) { + ui->comboBox->addItem((const char*)(tap_name_list->data)); + } } } void ExportPDUDialog::on_buttonBox_accepted() diff --git a/ui/qt/main_window.cpp b/ui/qt/main_window.cpp index 9df7fba33d..dcd3849a74 100644 --- a/ui/qt/main_window.cpp +++ b/ui/qt/main_window.cpp @@ -2488,6 +2488,7 @@ void MainWindow::setMenusForCaptureFile(bool force_disable) main_ui_->actionFileExportPacketBytes->setEnabled(enable); main_ui_->actionFileExportPDU->setEnabled(enable); + main_ui_->actionFileStripHeaders->setEnabled(enable); main_ui_->actionFileExportTLSSessionKeys->setEnabled(enable); foreach(QAction *eo_action, main_ui_->menuFileExportObjects->actions()) { @@ -2518,6 +2519,7 @@ void MainWindow::setMenusForCaptureInProgress(bool capture_in_progress) { main_ui_->actionFileExportPacketBytes->setEnabled(capture_in_progress); main_ui_->actionFileExportPDU->setEnabled(!capture_in_progress); + main_ui_->actionFileStripHeaders->setEnabled(!capture_in_progress); main_ui_->actionFileExportTLSSessionKeys->setEnabled(capture_in_progress); foreach(QAction *eo_action, main_ui_->menuFileExportObjects->actions()) { diff --git a/ui/qt/main_window.h b/ui/qt/main_window.h index e24b228eac..923ee7802d 100644 --- a/ui/qt/main_window.h +++ b/ui/qt/main_window.h @@ -490,6 +490,7 @@ private slots: void on_actionFilePrint_triggered(); void on_actionFileExportPDU_triggered(); + void on_actionFileStripHeaders_triggered(); void on_actionFileExportTLSSessionKeys_triggered(); void actionEditCopyTriggered(MainWindow::CopySelected selection_type); diff --git a/ui/qt/main_window.ui b/ui/qt/main_window.ui index 228347409a..0fc75613b8 100644 --- a/ui/qt/main_window.ui +++ b/ui/qt/main_window.ui @@ -194,6 +194,7 @@ + @@ -2121,6 +2122,14 @@ Export PDUs to File… + + + Strip Headers… + + + Strip headers and export higher level encapsulations to file + + &I/O Graphs diff --git a/ui/qt/main_window_slots.cpp b/ui/qt/main_window_slots.cpp index 6a767296c8..b299f13160 100644 --- a/ui/qt/main_window_slots.cpp +++ b/ui/qt/main_window_slots.cpp @@ -150,6 +150,7 @@ DIAG_ON(frame-larger-than=) #include "sequence_dialog.h" #include "show_packet_bytes_dialog.h" #include "stats_tree_dialog.h" +#include "strip_headers_dialog.h" #include #include "supported_protocols_dialog.h" #include "tap_parameter_dialog.h" @@ -1941,6 +1942,24 @@ void MainWindow::on_actionFileExportPDU_triggered() exportpdu_dialog->activateWindow(); } +void MainWindow::on_actionFileStripHeaders_triggered() +{ + StripHeadersDialog *stripheaders_dialog = new StripHeadersDialog(this); + + if (stripheaders_dialog->isMinimized() == true) + { + stripheaders_dialog->showNormal(); + } + else + { + stripheaders_dialog->show(); + } + + stripheaders_dialog->raise(); + stripheaders_dialog->activateWindow(); +} + + void MainWindow::on_actionFileExportTLSSessionKeys_triggered() { QString file_name; diff --git a/ui/qt/strip_headers_dialog.cpp b/ui/qt/strip_headers_dialog.cpp new file mode 100644 index 0000000000..73775ddfb2 --- /dev/null +++ b/ui/qt/strip_headers_dialog.cpp @@ -0,0 +1,47 @@ +/* strip_headers_dialog.cpp + * Dialog for stripping lower level protocols and outputting protocols + * with a native encapsulation to file + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" + +#include "strip_headers_dialog.h" +#include + +#include +#include + +#include "ui/export_pdu_ui_utils.h" +#include "ui/capture_globals.h" + +StripHeadersDialog::StripHeadersDialog(QWidget *parent) : + QDialog(parent), + ui(new Ui::StripHeadersDialog) +{ + GSList *tap_name_list; + + ui->setupUi(this); + + for (tap_name_list = get_export_pdu_tap_list(); tap_name_list; tap_name_list = g_slist_next(tap_name_list)) { + if (export_pdu_tap_get_encap((const char*)tap_name_list->data) != WTAP_ENCAP_WIRESHARK_UPPER_PDU) { + ui->comboBox->addItem((const char*)(tap_name_list->data)); + } + } +} +void StripHeadersDialog::on_buttonBox_accepted() +{ + const QByteArray& filter = ui->displayFilterLineEdit->text().toUtf8(); + const QByteArray& tap_name = ui->comboBox->currentText().toUtf8(); + + do_export_pdu(filter.constData(), global_capture_opts.temp_dir, tap_name.constData()); +} +StripHeadersDialog::~StripHeadersDialog() +{ + delete ui; +} diff --git a/ui/qt/strip_headers_dialog.h b/ui/qt/strip_headers_dialog.h new file mode 100644 index 0000000000..bce547841f --- /dev/null +++ b/ui/qt/strip_headers_dialog.h @@ -0,0 +1,35 @@ +/** @file + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef STRIP_HEADERS_DIALOG_H +#define STRIP_HEADERS_DIALOG_H + +#include +#include + +namespace Ui { +class StripHeadersDialog; +} + +class StripHeadersDialog : public QDialog +{ + Q_OBJECT + +public: + explicit StripHeadersDialog(QWidget *parent = 0); + ~StripHeadersDialog(); + +private: + Ui::StripHeadersDialog *ui; + +private slots: + void on_buttonBox_accepted(); +}; + +#endif // STRIP_HEADERS_DIALOG_H diff --git a/ui/qt/strip_headers_dialog.ui b/ui/qt/strip_headers_dialog.ui new file mode 100644 index 0000000000..cc40162a9f --- /dev/null +++ b/ui/qt/strip_headers_dialog.ui @@ -0,0 +1,106 @@ + + + StripHeadersDialog + + + + 0 + 0 + 393 + 158 + + + + Dialog + + + + + 30 + 100 + 341 + 32 + + + + Qt::Horizontal + + + QDialogButtonBox::Cancel|QDialogButtonBox::Ok + + + + + + 16 + 20 + 361 + 29 + + + + + + + Display filter: + + + + + + + + + + + + 10 + 60 + 120 + 30 + + + + + + + DisplayFilterEdit + QLineEdit +
widgets/display_filter_edit.h
+ + + + + buttonBox + accepted() + StripHeadersDialog + accept() + + + 248 + 254 + + + 157 + 274 + + + + + buttonBox + rejected() + StripHeadersDialog + reject() + + + 316 + 260 + + + 286 + 274 + + + + +