Obtain the capture file read lock when computing protocol hierarchy
stats to prevent segfaulting if the file is closed.
The protocol hierarchy stats are always computed on all the packets
of the current file that pass the current filter, so don't let it run
until a read or rescan is complete.
Since the protocol hierarchy stats use the common progress bar,
these two changes keep it from hijacking the progress bar when a
rescan is in progress, which led to anomolies with the stop button
behavior and clearing the progress bar when the stats were done
(but not the temporarily paused rescan.)
Make the stop button actually stop the protocol hierarchy stats.
In the future, the protocol hierarchy stats could perhaps use
process_specified_records from file.c
Fix#18787. Fix#18788.
ElidedLabel escapes HTML after !9261, so use its own methods to make text
small and italicized instead of passing in rich text.
IOGraphDialog used to make an error message, if it existed, bold.
Perhaps ElidedLabel should have a way to have prepended bold
text for such usage.
Autoset "Limit to display filter" if a display filter is
present when the dialog is open, but do not re-enable it each
time the widget is updated, if the user has unchecked it.
[skip ci]
Fix#18461
QVariant canConvert<double>() does not test that a particular QVariant
value can be converted to a double, but only that at least some values
of that type can convert. (Just checking the type is much faster than
actually trying the conversion; this is why convert() has a boolean
output parameter as well.) It thus always returns TRUE for strings even
for strings that fail to convert, and is not by itself a useful test
when trying to sort unknown types.
Luckily, we don't need to test this anyway. Set the default data role used
for sorting to UNFORMATTED_DISPLAYDATA, so the parent QSortFilterProxyModel
will handle QVariants that are numbers appropriately. In particular,
this makes the GeoIP city and country column strings in the Endpoints
table sort correctly.
Fix#18749
When converting from our columns as displayed to the canonical
list of columns, add 1 for the missing conversation ID if it
is not present (as opposed to if it is present.) Also change the
test for the total packets to account for the new conversation ID
column.
Related to #18738
We want to return with failure when the number of entries in
the row we're trying to append is greater than the number of
columns, not less than the number of rows in the table.
The IO Graph is the only place that uses appendEntry, and this
allows adding IO Graphs past the tenth graph.
Fix#18762
Make the "ninja install" target in the MINGW64 shell work and
allow Wireshark to run from the msys2 installation, besides
the build directory.
To clarify the names used here MSYSTEM is the distribution with a
Linux-like environment for Windows. MINGW is the toolchain.
It is possible to use MinGW without MSYS2 and we generally select
the CMake variables WIN32/MSVC/MINGW/USE_MSYSTEM taking that into
consideration but that WIN32+MINGW platform is not supported at the
moment and it's unlikely to be supported in the near future.
Originally WS_DISABLE_DEBUG was chosen to be
similar to G_DISABLE_ASSERT and NDEBUG.
However generator expressions are essential for modern CMake
but the syntax is weird and having to use negations makes it
ten-fold worse.
Remove the negation. Instead of changing the CMake variable
reverse the macro definition for WS_DISABLE_DEBUG.
The $<CONFIG:cgs> generator expression with multiple config arguments
requires CMake >= 3.19 so we can't use that yet for a further
syntactical simplification.
Instead of connecting ColoringRulesDialog's buttonBox accepted()
signal to two different slots (once in the .ui file, and one
automatically from a name), accept the dialog only after writing
the colors.
This prevents starting to recolor the PacketList before the new color
list has been been written.
Fix#12475. Fix#15471.
The filterPackets method calls file.c/cf_filter_packets,
which calls rescan_packets, which sends signals when done that
eventually calls the PacketList::captureFileReadFinished
PacketList::captureFileReadFinished invalidates all the column
strings after the rescan may have updated their information
(e.g., delta time to previous displayed packet), so it is not
necessary to reset the column strings a second time explicitly
in filterPackets.
Commit 38cde83a5c added the reset
to filterPackets, but commit bbe5fc1028
added the invalidateAllColumnStrings to captureFileReadFinished
that made the prior commit unnecessary.
Introduce a preference for the number of rows whose column text can
be cached, and allow sorting of the packet list only when the
number of displayed rows can fit in the cache. This preference only has
an effect for sorting based on columns that require dissection and
caching the column text. This reduces the number of dissections from
O(N log N) to N. Subsequent sorts are even faster.
Columns based on frame data are unaffected, as they sort much faster
as dissection is not required.
Set the size of the QCache introduced in 8c6854fb65 based
on this preference.
Send a temporary status message to the status bar if we try to sort
but there are too many rows, explaining why sorting did not happen and
that the layout preferences can be changed.
Ping #18741
When dissectors register for Follow Stream, have them register a
function for finding the next valid sub stream id for a given
stream and substream id pair. This function is NULL if the dissector
does not use sub stream IDs.
Use this function in follow_stream_dialog to update the sub stream
id widget (and use the absence of the function to disable and hide
the widget.) Use this function in the CLI tap-follow to determine
whether to parse a sub stream id from the command line options.
This removes the dependencies on epan/dissectors from the Qt
follow_stream_dialog, and gets us closer to having dissectors
being able to register for Follow Stream without having to update
anything in the common source code.
Remove MINIMIZE_STRING_COPYING define because the code does not even
compile anymore. Do not cache strings when ensuring rows are colorized
to avoid thrashing cache. Store column data only for last 500 accessed
records to ensure there is upper bound for the cache size.
Fixes#18741
Similar to commit dbb9fe2a37, proto_item_fill_display_label
now uses address_to_display for FT_IPv4, FT_IPv6, and FT_FCWWN,
the other three address types that double as field types and which
have optional name resolution.
Add these to the list of types that, if present in a custom column,
has the GUI enable the checkbox to switch between "resolved" (names)
and not (values).
This allows adding custom columns with these field types with both
resolved and non resolved text. Note that the appropriate Name
Resolution preference settings must be enabled for the type as well.
Display it as a pathname in the native format (e.g., C:\this\is\wrong),
not as the path component of the URL supplied (e.g., /C/this/is/wrong).
Fixes some confusion that appeared in a comment in #15592 (but not the
underlying bug - fixing that bug should prevent that dialog from popping
up in the first place).
Have proto_item_fill_display_label (which is used for custom
columns resolved type and packet diagrams) use address_to_display
for FT_ETHER. This is resolved when name resolution for MAC
Addresses is enabled.
Add FT_ETHER to the list of types that, if present in a custom
column, has the GUI enable the checkbox to switch between "resolved"
and "unresolved" text.
This allows FT_ETHER custom columns to be displayed as either
resolved addresses or unresolved. (Note that to be displayed
as resolved, the column resolved option must be checked and
the name resolution preference enabled.)
Fix#18665
The shortcut for adding a new packet comment is not available
until the menu has first been shown, or a packet has been selected.
This is a bug, as it is not clear to the user, why the shortcut should
exist in one instance and not in the other. Therefore the shortcut is
always added.
It is not added in the .ui files, as this would trigger a new set of
translations.
Fixes#18673
Commit e1a8f0119e ("Extcap prefs: Editor remembers empty values")
inadvertently made the immutable checkbox visible next to uncheckable
multicheck items. Restore former behavior, that is display only labels
for uncheckable multicheck items, by setting unchecked state only for
checkable items.
Uncheckable items, since its introduction in commit 9c1225f735
("Modify multicheck to accept parent parameter."), were used to display
additional labels in USBPcap configuration options to aid user in
determining which individual device to filter on. Without the additional
information determining for example which "USB composite device" is of
interest to the user is really problematic.
Disable UTF-8 debug checks for release builds for optimization
purposes.
Also remove unused macro that currently lacks a proper use case.
Change version info to be more complete about the build type without
being too verbose.
This adds support to Wireshark for custom context menus for packets, so
that when a packet's context menu is opened (e.g., by right-clicking),
Wireshark can support doing things like "run a program" or
"open a URL" with a field from the packet as a parameter. Note that
this is similar to ArcSight's integration commands feature.
For example, it could be used like the following:
```
ROBTEX_URL = "https://www.robtex.com/dns-lookup/"
local function search_robtex(...)
local fields = {...};
for i, field in ipairs( fields ) do
if (field.name == 'http.host') then
browser_open_url(ROBTEX_URL .. field.value)
break
end
end
end
register_packet_menu("Search host in Robtex", search_robtex, "http.host");
```
Fixes issue #14998
As the QString::toLocal8Bit() documentation says,
"On Unix systems this is equivalen to toUtf8(), on Windows the systems
current code page is being used."
This is problematic for the Packet Comments dialog, since the comments
need to be UTF-8 as per the pcapng specification. Use toUtf8() instead
there and in the Import Text dialog.
Remove the toLocal8Bit() calls from the Extcap Options dialog since they
weren'nt needed.
Blind attempt at fixing #18698.
Currently the autocompletion engine always suggests a protocol
field completion, even in places where it isn't syntactically
valid.
Fix that by compiling the preamble to the token under the cursor
and checking the returned error. If it is DF_ERROR_UNEXPECTED_END
that indicates a field or literal value was expected. Otherwise
a field replacement is not valid in this position.
Fixes#12811.
Return an struct containing error information. This simplifies
the interface to more easily provide richer diagnostics in the future.
Add an error code besides a human-readable error string to allow
checking programmatically for errors in a robust manner. Currently
there is only a generic error code, it is expected to increase
in the future.
Move error location information to the struct. Change callers and
implementation to use the new interface.
qcustomplot.cpp:34001:37: warning: The left operand of '-' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:34001:37: warning: The right operand of '-' is a garbage value [core.UndefinedBinaryOperatorResult]
(ported from commit a0328bdb03)
qcustomplot.cpp:26643:9: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:27752:11: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:27779:11: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:34087:7: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
(ported from commit 075ee9138a)
qcustomplot.cpp:22400:17: warning: The left operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:22400:17: warning: The right operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35170:17: warning: The left operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35170:17: warning: The right operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
(ported from commit 6fd4188804)
Warning triggered using AppleClang 11.0.0.
/Users/buildslave/builds/UfJL1hoT/0/wireshark/wireshark/ui/qt/widgets/qcustomplot.cpp:16020:17: error: HTML tag 'tt' requires an end tag [-Werror,-Wdocumentation-html]
parameter as <tt>QVariant(\ref QCPDataSelection)</tt>. All plottables that weren't touched by \a
~^~~
1 error generated.
(ported from commit 6d2aea45e4)
(ported from commit 3903740534)
QCustomPlot's adaptive sampling decimates the data to be plotted based
on the screen resolution. Specifically, if many data points fit within
the same pixel on the X (key) axis, then QCustomPlot attempts to plot
only the min value, the max value, and a few values in-between to
maintain a good "density" on the Y (value) axis.
The density QCustomPlot wants is about one datapoint for every 4 pixels
covered by the value range of a single X (key) pixel. Unfortunately,
this calculation is flawed if all values also fit within a single pixel
on the Y (value) axis - so this change fixes that bug.
(cherry picked from commit 92e652ebfa)
Starting with Qt 5.10 (our earliest supported version),
Qt has a qsizetype (alias of ssize_t) that functions
like size() and indexOf() return. On clang that does not
have the same size as an int, so cast it away in a number
of places.
Rename flex macros using parenthesis (mostly a style issue):
DIAG_OFF_FLEX -> DIAG_OFF_FLEX()
DIAG_ON_FLEX -> DIAG_ON_FLEX()
Use the same kind of construct with lemon generated code using
DIAG_OFF_LEMON() and DIAG_ON_LEMON(). Use %include and %code
directives to enforce the desired order with generated code
in the middle in between pragmas.
Fix a clang-specific pragma to use DIAG_OFF_CLANG().
DIAG_OFF(unreachable-code) -> DIAG_OFF_CLANG(unreachable-code).
Apparently GCC is ignoring the -Wunreachable flag, that's why
it did not trigger an unknown pragma warning. From [1}:
The -Wunreachable-code has been removed, because it was unstable: it
relied on the optimizer, and so different versions of gcc would warn
about different code. The compiler still accepts and ignores the
command line option so that existing Makefiles are not broken. In some
future release the option will be removed entirely. - Ian
[1] https://gcc.gnu.org/legacy-ml/gcc-help/2011-05/msg00360.html
/Users/buildslave/builds/UfJL1hoT/0/wireshark/wireshark/ui/qt/widgets/qcustomplot.cpp:16020:17: error: HTML tag 'tt' requires an end tag [-Werror,-Wdocumentation-html]
parameter as <tt>QVariant(\ref QCPDataSelection)</tt>. All plottables that weren't touched by \a
~^~~
1 error generated.
On older Qt versions (5.12?) QVector needs to be included,
not just QObject. (It isn't needed on 5.15, possibly because
QVector is an alias for QList in newer Qt versions.)
When creating a ProtoNode, count the (non-hidden) children and put
them in a QVector. This saves time having to iterate through all
of a node's children (or the parent's children) each time the
model or view wants to get the row or index number. Create and
delete the needed ProtoNodes when the root node is changed, instead
of recreating them on demand from the proto_nodes (since they're no
longer a thin wrapper.)
Fix#18625
Add -Werror=unused-but-set-variable to our default compiler flags and fix
```
epan/dissectors/packet-dcerpc-frsrpc.c:709:10: error: variable 'nb_chunk' set but not used [-Werror,-Wunused-but-set-variable]
guint32 nb_chunk = 0;
^
```
```
epan/dissectors/packet-dcom-oxid.c:175:13: error: variable 'u32ItemIdx' set but not used [-Werror,-Wunused-but-set-variable]
guint32 u32ItemIdx;
^
```
```
epan/dissectors/packet-l2tp.c:1775:104: error: parameter 'ccid' set but not used [-Werror,-Wunused-but-set-parameter]
static int dissect_l2tp_ericsson_avps(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, guint32 ccid)
^
```
```
epan/dissectors/packet-ldp.c:1922:19: error: variable 'ix' set but not used [-Werror,-Wunused-but-set-variable]
guint8 ix;
^
```
```
epan/dissectors/packet-nas_5gs.c:4757:14: error: variable 'curr_len' set but not used [-Werror,-Wunused-but-set-variable]
guint i, curr_len;
^
```
```
epan/dissectors/packet-per.c:1769:6: error: variable 'extension_addition_entries' set but not used [-Werror,-Wunused-but-set-variable]
int extension_addition_entries;
^
```
```
epan/dissectors/packet-rtitcp.c:618:11: error: variable 'messages_count' set but not used [-Werror,-Wunused-but-set-variable]
guint messages_count, offset;
^
```
```
epan/dissectors/packet-tcp.c:2130:9: error: variable 'ackcount' set but not used [-Werror,-Wunused-but-set-variable]
int ackcount;
^
epan/dissectors/packet-tcp.c:3317:12: error: variable 'nbOptionsChanged' set but not used [-Werror,-Wunused-but-set-variable]
guint8 nbOptionsChanged = 0;
^
```
```
epan/dissectors/packet-zbee-zcl-se.c:11802:15: error: variable 'i' set but not used [-Werror,-Wunused-but-set-variable]
for (gint i = 0; tvb_reported_length_remaining(tvb, *offset) >= 5; i++) {
^
```
```
ui/iface_lists.c:142:23: error: variable 'linktype_count' set but not used [-Werror,-Wunused-but-set-variable]
gint linktype_count;
^
```
```
ui/voip_calls.c:456:15: error: variable 'item_num' set but not used [-Werror,-Wunused-but-set-variable]
guint item_num;
^
```
```
file.c:572:17: error: variable 'count' set but not used [-Werror,-Wunused-but-set-variable]
guint32 count = 0;
^
```
```
file.c:3667:24: warning: cast from 'const unsigned char *' to 'unsigned char *' drops const qualifier [-Wcast-qual]
pd = (guint8 *)ws_mempbrk_exec(pd, buf_end - pd, pattern, &c_char);
^
```
```
ui/qt/io_graph_dialog.cpp:1932:60: error: variable 'mavg_right' set but not used [-Werror,-Wunused-but-set-variable]
unsigned int mavg_in_average_count = 0, mavg_left = 0, mavg_right = 0;
^
```
```
ui/qt/stats_tree_dialog.cpp:166:9: error: variable 'node_count' set but not used [-Werror,-Wunused-but-set-variable]
int node_count = 0;
^
```
```
ui/qt/models/profile_model.cpp:1142:13: error: variable 'entryCount' set but not used [-Werror,-Wunused-but-set-variable]
int entryCount = 0;
^
```
Properly generate filter expressions for custom columns by
using proto_construct_match_selected_string on each value and
then joining them together later instead of trying to split
the column expression value.
This ensures that escaping is done properly for display filter
strings, that commas internal to field values are not confused
with commas between occurrences, that for multifield columns
we can distinguish which field each value matches, etc.
It's not entirely clear whether AND or OR logic is appropriate
for multiple occurrences; currently OR is used.
Bump glib requirement to 2.54 for g_ptr_array_find_with_equal_func
(this doesn't drop support for any major distribution that already
meets our other library requirements, like Qt.)
Fix#18001.
Gtk popped up a search box when typing in the tree view.
Most places in Qt, a Search: field was added to the dialog.
Looks possible to buffer keystrokes and do a string search in Qt.
Default value is 400ms (even on Windows). Average typing speed of
200 cpm = 300ms per character = too close to 400ms when searching
the protocol name in Preferences -> Protocols.
When the classic profile has been cloned, and it contains
coloring rules, that are no longer valid or their syntax is
wrong, the export of single profiles will fail.
The reason for that is still being investigated. It seems
there might be an issue with selecting the right coloringfilter
to be selected.
This change only fixes the coloringrules file and the
index is selected from the base model instead
Previously, Wireshark was sorting all packets in a capture,
regardless whether they were actually visible or not. If you
are working with large PCAPs & filters, this is a MASSIVE
performance drag. Therefore, this commit changes this
by only sorting the visible packets which boosts the
sorting performance in filtered views massively.
Generate filter expressions for columns with multiple occurrences
by using the membership operator (which is semantically OR).
It's not clear if this approach makes more sense than AND;
there's use cases for both.
Don't do this for multifield custom columns, since we don't know
which values were found by which field. That takes changing
the column logic in several places.
Ping #18001
When running the profiles dialog from the main status bar,
some objects appear to be not cleaned up properly with Qt 6.
This will circumvent this, by creating an object for the
dialog and cleaning it on closing.
Fixes#18525
Gerald Combs