Add functions to PacketListRecord to invalidate a single record's
colorization and column strings, used for a record is modified in a
way that needs to trigger redrawing, but we don't need to redraw
all packets.
Move the functionality for adding, deleting, and setting frame comments
into PacketListModel, operating on QModelIndexes (or on all physical
rows in the case of deleting all comments from a file.) Trigger
recolorization of any record with an updated comment.
Only set a block as modified when deleting comments if we actually
deleted comments. This avoids marking a file as modified if we
delete all comments from all frames, or all comments from selected
frames, when those comments do not actually have frames.
If cf_set_modified_block is used to modify a block that is already
modified, it can't update the comment count. In that case, return
false and have the callers update the comment count. (It already
has a return value, which is always true.) This avoids having the
GUI warning about saving into a format that doesn't support comments
when comments have been added and then removed.
Note that, unlike with time references and time shifts, there
are no fields (and hence no columns nor color filters) that depend
on whether other fields have comments. If for some reason some
were added, then the model data for all frames would have to be
updated instead. Since there aren't, we don't need to
redrawVisiblePackets, but we do need to drawCurrentPacket to ensure
the packet details are redissected.
Fix#12519
Store the field filter strings in a wmem_map pointing to the
field flags for each string. This allows specifying multiple
filter options (-j or -J) on the command line, including some
of both.
Fix#17470
Add the ability to cancel sorting. Since we now parse user inputs
during the sort, test and set the capture file read lock. Try to
sort in PacketList::captureFileReadFinished, since now sorting during
thawing won't happen if it's in the middle of a rescan.
Fix#17640
Dependent frames list order does not matter and thus significantly
faster data structure can be used. Replace the list with hash table to
avoid excessive CPU usage when opening files containing reassembled
packets consisting of large number of fragments.
Keep name resolution information as mandatory elements for
NRBs, and when the ipv4 or ipv6 callback is set, have name
resolution entries from already read NRBs sent to the callback.
rescan_packets can use this when redissecting to reobtain the
name resolution entries from the NRB, similar to what is done
with Decryption Secrets Blocks. (This can also later be used
if we read NRBs and DSBs in pcapng_open before the first packet,
and before the callbacks are set.)
This doesn't yet make the changes to wtap_dumper to write them out,
but is a step towards that too. (It's not clear in cases where we
dissect packets whether we want to copy the entire NRB, or only
write out actually used addresses as done now. For copying without
reading a file, like with editcap, we presumably do want to copy them.)
Fix#13425. Ping #15502
Save all dependent frames when there are multiple levels
of reassembly.
This is a retry of !6329, combined with the fix in !6509 which
were reverted in !6545.
epan: fix a segfault, introduced in !6329
Return an struct containing error information. This simplifies
the interface to more easily provide richer diagnostics in the future.
Add an error code besides a human-readable error string to allow
checking programmatically for errors in a robust manner. Currently
there is only a generic error code, it is expected to increase
in the future.
Move error location information to the struct. Change callers and
implementation to use the new interface.
Add -Werror=unused-but-set-variable to our default compiler flags and fix
```
epan/dissectors/packet-dcerpc-frsrpc.c:709:10: error: variable 'nb_chunk' set but not used [-Werror,-Wunused-but-set-variable]
guint32 nb_chunk = 0;
^
```
```
epan/dissectors/packet-dcom-oxid.c:175:13: error: variable 'u32ItemIdx' set but not used [-Werror,-Wunused-but-set-variable]
guint32 u32ItemIdx;
^
```
```
epan/dissectors/packet-l2tp.c:1775:104: error: parameter 'ccid' set but not used [-Werror,-Wunused-but-set-parameter]
static int dissect_l2tp_ericsson_avps(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, guint32 ccid)
^
```
```
epan/dissectors/packet-ldp.c:1922:19: error: variable 'ix' set but not used [-Werror,-Wunused-but-set-variable]
guint8 ix;
^
```
```
epan/dissectors/packet-nas_5gs.c:4757:14: error: variable 'curr_len' set but not used [-Werror,-Wunused-but-set-variable]
guint i, curr_len;
^
```
```
epan/dissectors/packet-per.c:1769:6: error: variable 'extension_addition_entries' set but not used [-Werror,-Wunused-but-set-variable]
int extension_addition_entries;
^
```
```
epan/dissectors/packet-rtitcp.c:618:11: error: variable 'messages_count' set but not used [-Werror,-Wunused-but-set-variable]
guint messages_count, offset;
^
```
```
epan/dissectors/packet-tcp.c:2130:9: error: variable 'ackcount' set but not used [-Werror,-Wunused-but-set-variable]
int ackcount;
^
epan/dissectors/packet-tcp.c:3317:12: error: variable 'nbOptionsChanged' set but not used [-Werror,-Wunused-but-set-variable]
guint8 nbOptionsChanged = 0;
^
```
```
epan/dissectors/packet-zbee-zcl-se.c:11802:15: error: variable 'i' set but not used [-Werror,-Wunused-but-set-variable]
for (gint i = 0; tvb_reported_length_remaining(tvb, *offset) >= 5; i++) {
^
```
```
ui/iface_lists.c:142:23: error: variable 'linktype_count' set but not used [-Werror,-Wunused-but-set-variable]
gint linktype_count;
^
```
```
ui/voip_calls.c:456:15: error: variable 'item_num' set but not used [-Werror,-Wunused-but-set-variable]
guint item_num;
^
```
```
file.c:572:17: error: variable 'count' set but not used [-Werror,-Wunused-but-set-variable]
guint32 count = 0;
^
```
```
file.c:3667:24: warning: cast from 'const unsigned char *' to 'unsigned char *' drops const qualifier [-Wcast-qual]
pd = (guint8 *)ws_mempbrk_exec(pd, buf_end - pd, pattern, &c_char);
^
```
```
ui/qt/io_graph_dialog.cpp:1932:60: error: variable 'mavg_right' set but not used [-Werror,-Wunused-but-set-variable]
unsigned int mavg_in_average_count = 0, mavg_left = 0, mavg_right = 0;
^
```
```
ui/qt/stats_tree_dialog.cpp:166:9: error: variable 'node_count' set but not used [-Werror,-Wunused-but-set-variable]
int node_count = 0;
^
```
```
ui/qt/models/profile_model.cpp:1142:13: error: variable 'entryCount' set but not used [-Werror,-Wunused-but-set-variable]
int entryCount = 0;
^
```
Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix#18168.
To implement loading a packet list, a lot of helper
methods are required. Those prototypes where split up
over two places and have been moved to packet_list_utils.h
to ensure a single place for lookup
Remove unneeded row number in capture file. The packet list is
the only object that should know the correct number, propagating
it further only complicates things. At the same time, rework
cf_select_packet to select the packet based on frame_data not on
the row (which can be unreliable).
Remove duplicate functionality for jumping to packet and
remove unused function to move to the end. Furthermore
move the code for redraws of visible packets directly
into the calling code
If we do a save with copy, so that we just copied the binary
file, everything in the wtap structure should be the same except
for the filename and the file descriptors, so just change that
instead of closing wtap and reopening it.
The current behavior of calling wtap_open_offline does not work
for files that have blocks (SHBs, IDBs, NRBs, DSBs, ISBs, etc.) in
the middle of the file instead of at the beginning, but we shouldn't
have to waste time rescanning the entire file either.
In the case where a specific file format reader was manually selected,
this will keep the same file format as selected instead of switching to
the auto-detection when opening the copy, just as SAVE_WITH_MOVE already
does and presumably what the user wants.
Update wtap_fdreopen to change the wtap struct's pathname if
wtap_fdreopen is called with a different filename than currently.
Fix#17472
This replaces the current macro reference system with
a completely different implementation. Instead of a macro a reference
is a syntax element. A reference is a constant that can be filled
in the dfilter code after compilation from an existing protocol tree.
It is best understood as a field value that can be read from a fixed
tree that is not the frame being filtered. Usually this fixed tree
is the currently selected frame when the filter is applied. This
allows comparing fields in the filtered frame with fields in the
selected frame.
Because the field reference syntax uses the same sigil notation
as a macro we have to use a heuristic to distinguish them:
if the name has a dot it is a field reference, otherwise
it is a macro name.
The reference is synctatically validated at compile time.
There are two main advantages to this implementation (and a couple of
minor ones):
The protocol tree for each selected frame is only walked if we have a
display filter and if the display filter uses references. Also only the
actual reference values are copied, intead of loading the entire tree
into a hash table (in textual form even).
The other advantage is that the reference is tested like a protocol
field against all the values in the selected frame (if there is more
than one).
Currently the reference fields are not "primed" during dissection, so
the entire tree is walked to find a particular reference (this is
similar to the previous implementation).
If the display filter contains a valid reference and the reference is
not loaded at the time the filter is run the result is the same as a
non existing field for a regular READ_TREE instruction.
Fixes#17599.
This allows the "needs to be reloaded" indication to be set in the close
process, as is the case for ERF; having a routine that returns the value
of that indication is not useful if it gets seet in the close process,
as the handle for the wtap_dumper is no longer valid after
wtap_dump_close() finishes.
We also get rid of wtap_dump_get_needs_reload(), as callers should get
that information via the added argument to wtap_dump_close().
Fixes#17989.
Split the match functions in twain, one for case-sensitive and
one for case-insensitive, so we can use memchr to search for the
first byte in the case-sensitive version and ws_mempbrk for the
case-insensitive version. They are highly optimized on most systems
and considerably faster on large files.
Also fix a few issues regarding wide strings, such as false positives
and the length to highlight when matching. Fix#12908
Add a checkbox to the packet format group box to allow the
hexdump to only have the main frame instead of secondary data
sources as well, so that Print and Export Packet Dissections can
be used for input to text2pcap.
Without that, you could add a comment to a record in a file format the
reading code for which doesn't allocate blocks, but the comment doesn't
get saved, as there's no block in which to save the comment option.
This simplifies some code paths, as we're either using the record's
modified block or we're using the block as read from the file, there's
no third possibility.
If we attempt to read a record, and we get an error, and a block was
allocated for the record, unreference it, so the individual file readers
don't have to worry about it.
Bug 17478 was caused by `wtap_rec.block` being allocated for each
packet, but not freed when it was done being used -- typically at the
end of a loop.
Rather than requiring each caller of `wtap_read()` to know to free a
member of `rec`, I added a new function `wtap_rec_reset()` for a
slightly cleaner API. Added calls to it everywhere that seemed to make
sense.
Fixes#17478
"User" sounds as if the blocks belong to the user; at most, the current
user might have modified them directly, but they might also have, for
example, run a Lua script that, unknown to them, modified comments.
Also, a file might have "user comments" added by a previous user, who
them wrote the file and and provided it to the current user.
"Modified" seems a bit clearer than "changed".
Mostly functioning proof of concept for #14329. This work is intended to
allow Wireshark to support multiple packet comments per packet.
Uses and expands upon the `wtap_block` API in `wiretap/wtap_opttypes.h`.
It attaches a `wtap_block` structure to `wtap_rec` in place of its
current `opt_comment` and `packet_verdict` members to hold OPT_COMMENT
and OPT_PKT_VERDICT option values.
Version info is an aspect of UI implementation so move it to
a more appropriate place, such as ui/. This also helps declutter
the top-level.
A static library is appropriate to encapsulate the dependencies
as private and it is better supported by CMake than object libraries.
Also version_info.h should not be installed as a public header.
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
If cf_export_specified_packets() succeeds, and it wrote to a temporary
file, it leaks the name of the file to which it was writing. Free that
after we've renamed that file on top of the target file (safe save).
In cf_export_specified_packets(), if the loop processing the packets
fails, we're going to go to the failure code, which will unlink the file
to which we were writing if we were writing to a temporary file, so we
don't need to unlink it before going there.
While we're at it, note why we don't report any error from
wtap_dump_close() in that case.
If the user aborted the process of exporting packets, if we're writing
to a temporary file, we unlink the file, but we don't free the
g_mallocated name of the file, so it's leaked. Free it.
John Thacker