Search is tried as user enter regex string. Regex will be
invalid as they type it (starts with "\" or fat fingered "*")
If Wireshark is run from command line, error line is generated
for every attempted match in the search list.
** (wireshark:8344) 00:29:15.353028 [GUI WARNING] --
QString::contains: invalid QRegularExpression object
This reverts commit 248955d614.
It speeds up the loop when type_ is EveryWhere (see: enum SearchType)
but a hang or crash for other combinations of type_ and protocolType_.
In Only enabled/disabled protocols lists, the rowCount decreases
as item state is changed in the parent. An equlibrium point is
reached at halfway when rows processed == remaining size of list.
Grab a static rowcount before entering the loop.
The correct place to delete the dissector_info_t pointers added
to the editor is when destroyEditor is called. Override the
virtual function and delete the pointers for the colProtocol
index before calling the inherited function.
Fix#17127
Instead of having the UI have to know about each type of follow
stream, and how to retrieve its total number of streams, have
each follow type register a function that returns the total
number of stream. (The function can be NULL, for protocols like
SIP that do not use this.)
This gets us closer to making follow stream registration generic.
Rename dissector_handle_get_long_name() and
dissector_handle_get_short_name() to
dissector_handle_get_protocol_long_name() and
dissector_handle_get_protocol_short_name(), to clarify that they fetch
names for the protocol that the dissector dissects, not for the
dissector *itself*. Leave a deprecated
dissector_handle_get_short_name() wrapper, and export
dissector_handle_get_protocol_long_name(), as it's now used in some
dissectors.
Change some calls to dissector_handle_get_description() back to
dissector_handle_get_protocol_short_name(), as they appear to be made in
order to display a *protocol* name.
Rename some methods, variables, enums, and table column names to reflect
cases where the dissector description is being used.
Similar to work done in !8070 and !8072 to move off a function
that was deprecated in Qt5 and obsoleted in Qt6. Also migrate to
syntax laid out in !4560 and !4565.
It defaults to the short name of the protocol dissected by the
descriptor, but it's now possible to register a dissector with an
explicit description.
This is mainly for use in the Decode As UI. It handles the case where
the same protocol might have different "Decode As..."-specifiable
dissectors for different situations.
A given protocol's packet format may depend, for example, on which
lower-level protocol is transporting the protocol in question. For
example, protocols that run atop both byte-stream protocols such as TCP
and TLS, and packet-oriented protocols such as UDP or DTLS, might begin
the packet with a length when running atop a byte-stream protocol, to
indicate where this packet ends and the next packet begins in the byte
stream, but not do so when running atop a packet-oriented protocol.
Dissectors can handle this in various ways:
For example, the dissector could attempt to determine the protocol over
which the packet was transported.
Unfortunately, many of those mechanisms do so by fetching data from the
packet_info structure, and many items in that structure act as global
variables, so that, for example, if there are two two PDUs for protocol
A inside a TCP segment, and the first protocol for PDU A contains a PDU
for protocol B, and protocol B's dissector, or a dissector it calls,
modifies the information in the packet_info structure so that it no
longer indicates that the parent protocol is TCP, the second PDU for
protocol A might not be correctly dissected.
Another such mechanism is to query the previous element in the layers
structure of the packet_info structure, which is a list of protocol IDs.
Unfortunately, that is not a list of earlier protocols in the protocol
stack, it's a list of earlier protocols in the dissection, which means
that, in the above example, when the second PDU for protocol A is
dissected, the list is {...,TCP,A,B,...,A}, which means that the
previous element in the list is not TCP, so, again, the second PDU for
protocol A will not be correctly dissected.
An alternative is to have multiple dissectors for the same protocol,
with the part of the protocol that's independent of the protocol
transporting the PDU being dissected by common code. Protocol B might
have an "over a byte-stream transport" dissector and an "over a packet
transport" dissector, with the first dissector being registered for use
over TCP and TLS and the other dissector being registered for use over
packet protocols. This mechanism, unlike the other mechanisms, is not
dependent on information in the packet_info structure that might be
affected by dissectors other than the one for the protocol that
transports protocol B.
Furthermore, in a LINKTYPE_WIRESHARK_UPPER_PDU pcap or pcapng packet for
protocol B, there might not be any information to indicate the protocol
that transports protocol B, so there would have to be separate
dissectors for protocol B, with separate names, so that a tag giving the
protocol name would differ for B-over-byte-stream and B-over-packets.
So:
We rename EXP_PDU_TAG_PROTO_NAME and EXP_PDU_TAG_HEUR_PROTO_NAME to
EXP_PDU_TAG_DISSECTOR_NAME and EXP_PDU_TAG_HEUR_DISSECTOR_NAME, to
emphasize that they are *not* protocol names, they are dissector names
(which has always been the case - if there's a protocol with that name,
but no dissector with that name, Wireshark will not be able to handle
the packet, as it will try to look up a dissector given that name and
fail).
We fix that exported PDU dissector to refer to those tags as dissector
names, not protocol names.
We update documentation to refer to them as DISSECTOR_NAME tags, not
PROTO_NAME tags. (If there is any documentation for this outside the
Wireshark source, it should be updated as well.)
We add comments for calls to dissector_handle_get_dissector_name() where
the dissector name is shown to the user, to indicate that it might be
that the protocol name should be used.
We update the TLS and DTLS dissectors to show the encapsulated protocol
as the string returned by dissector_handle_get_long_name(); as the
default is "Application Data", it appeaers that a descriptive name,
rather than a short API name, should be used. (We continue to use the
dissector name in debugging messages, to indicate which dissector was
called.)
Prevent crash due to premature menu object deletion caused by call to
QCoreApplication::processEvents() by executing the slot only after menu
handling has finished.
Fixes#18251 and #18270
Qt6 removed QComboBox:currentIndexChanged(QString), which had
previously been deprecated in favor of the version with an int.
Switch to using the supported function, so that the comboboxes
work.
The models used for the resolved addresses require that the
source models be set first before setting other properties,
so do that so that filtering works.
For some reason the portTypeModel has to indicate that the
port number column is numeric in order for the ports to
numerically sort instead of lexicographically, so do that too.
Add the Ethernet addresses in their specific groups (Addresses,
Manufacturers, Well-Known Hosts) instead of adding them all
to the Well-Known hosts groups, so that that filtering works.
Fix#18087
Strip the timestamps and function names from extcap errors before
displaying them in a dialog. This keeps us from spewing
```
Error by extcap pipe: ** (falcodump:24913) 15:08:20.263535 [falcodump
WARNING] extcap/falcodump.cpp:593 -- main(): cloudtrail plugin error:
failed to list objects: ExpiredToken: The provided token has expired.
status code: 400, request id: M2PYJOT4JGVAA6B9, host id:
+4V8Q+DGV+80Jd3fdc7tODyVdTRvepNgCD9zuvXeL7kzvp2oikaoi9CLMW+UKt/
aR1G2UXIqyQ8=
```
at the user.
Check for warning messages and set our dialog type accordingly.
QComboBox::currentIndexChanged(QString) has been marked
obsolete for a while and finally removed in Qt 6 in favor
of currentIndexChanged(int) and currentTextChanged(const QString)
Use QComboBox::currentTextChanged(const QString) instead.
Also do a little bit of checking to see if the return value
of dcerpc_get_proto_sub_dissector is NULL.
Fix#18319.
QFileDialog.accept() emits the filesSelected signal when the
dialog is accepted but before it calls QDialog.accept().
Connect our dialogAccepted function the filesSelected signal
instead of the accepted signal, so that all the exporting
happens sooner, before the ExportDissectionDialog gets
closed (and then deleted, since DeleteOnClose is set on the
dialog.)
This fixes use-after-free and segfaults in Qt 6.3 (which changed
things so that QDialog and widgets that inherit from it get closed
earlier.) Fix#18318
Add lricon.svg and lriconinst.svg, which provide the core graphic
element for the various Logray icons. Add lricon*.png, which were
created using the templates at
https://developer.apple.com/design/resources/. Add Logray.icns,
logray.ico, and lograyinst.ico, and use them in various packaging
resources.
Add Percent-encoding to the list of encoding types that Show
Packet Bytes can handle.
There's a function added to glib 2.66 to handle this for arbitrary
bytes that might have internal nulls (and which allows the result
to be non UTF-8), but we don't require that version yet, so extend
the existing function.
Related to #1084
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
In the case that this is being called with an address type that
is neither IPv4 or IPv6, make sure that the char array used
to construct the QString is null terminated so that there's no
warning about using addr uninitialized or a possible strlen running
off the end.
gcc 12.1 thinks that there's a signed/unsigned qsize issue with
the Qt6 sources. Enable compilation until this gets fixed upstream.
/usr/include/qt6/QtCore/qarraydataops.h:98:17: error: ‘void* memcpy(void*, const void*, size_t)’ specified size between 9223372036854775808 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=]
98 | ::memcpy(static_cast<void *>(this->end()), static_cast<const void *>(b), (e - b) * sizeof(T));
| ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
If display filter compilation fails and the expression has a syntax
error and associated location, it will be displayed in the filter
tooltip, using a textual underline.
As far as I can tell using a graphical squiggly underline seems extremely
difficult for an object inheriting from QLineEdit, so the tooltip
textual method was used instead.
Move all the declarations of routines that are internal and
not for use by dissectors from column-utils.h column-info.h
Move the column max length defines into column-utils.h because
dissectors might need that
Since packet.h already includes column-utils.h, dissectors don't
need to include column-utils.h anymore.
Remove or downgrade a few other column header includes that are
unnecessary.
Send SIGTERM on UNIX systems to all extcap processes when user requests
capture stop. Wait up to 30 seconds for extcaps to finish. If extcaps do
not finish in time, send SIGKILL to remaining extcaps.
Do not call TerminateProcess() on Windows in the same place where UNIX
SIGTERM is sent. Instead schedule extcap termination timeout to happen
as soon as control returns back to the event loop.
There is no universally agreed replacement for SIGTERM on Windows, so
just keep things simple (forcefully terminate like always) until we
have agreed on something.
Any time an expert info is added to the Expert Info tap, the
Expert Info GUI tap listener needs to set TAP_PACKET_REDRAW.
draw_tap_listeners(FALSE) is called from MainApplication::updateTaps()
on a timer (controlled by a preference, defaulting to 3 seconds),
and that clears the Expert Info tap's need_redraw flag. The larger
a capture and the more expert infos, the more likely that the timer
can trigger while epan_dissect_run_with_taps() is still generating
more EI entries, but has already generated EIs of all severities
that are present in the capture. This prevents the expertInfoTreeView
from being redrawn at the end when the captureEvent is finished
retapping the packets.
Fix#18232. Fix#16591.
Allow conversation/endpoint tabs that include IP address and
port number to resolve either or both. Currently IP address
(network) resolution is required to resolve tcp/udp ports.
The signal attached "currentIndexChanged" takes only int as argument,
the correct signal is "currentTextChanged". This also fixes a crash
whenever you changed the visible/nonvisible setting for an interface
_WIN32 is defined by the compiler, and is arguably a more reliable
test that WIN32. Switch to checking for _WIN32 in a couple of places in
the code.
Remove a WIN32 definition from config.h. It was added for the WinPcap
developer pack but we no longer use that.
Check in both editcap and Wireshark to make sure that comments have
fewer than 65536 bytes before accepting them.
This shoudl fix#18235, although there should also be checks in
libwiretap to catch cases where the user interface code doesn't do the
check (it should be done in the UI so that the user gets notified
appropriately).
The TCP and UDP follow conversation filter functions should
only retrieve a conversation and conversation data, not
create new conversations or new stream numbers. (That should
only happen during actual packet processing.) So they should
match on the endpoint type and not look up endpoints (since
TCP and UDP don't use the endpoint API.)
They still don't work with tunneling, or any other situation where
the addresses and ports have been changed (see #18231), but this
at least works when some other protocol _has_ used the endpoint
API, and also avoids creating nonsensical streams.
Making them work properly with tunneling either requires adding
packet info to each packet with the stream information, or using
the endpoint API (after finishing it to allow more than one endpoint
on the packet, and a way of searching for endpoints other than
the most recent.)
Uncapitalize Open Source Software. Prefer the well established umbrella
term "free and open source software". Add specifics about the license
version.
Most references use an hyphen with "open-source". Do that as well.
To maintain familiarity and keep to expectations do an exact copy.
The last sentence to check the man page is an exception because it
is an addenda and recognizing that this clipboard information will
be used mostly in bug reports, it might get annoying.
Move Acknowledgements to a separate file to enable some code
simplification and improve maintenance and discoverability
for acknowlegements.
Convert the Acknowledgements file to Github flavored markdown
and display it in rich text using QTextBrowser.
Add Acknowledgements.md to NSIS installer
ISO C Std § 6.7.2, 5: "for bit-fields, it is implementation-defined
whether the specifier int designates the same type as signed int or the
same type as unsigned int." (See also the note in § 6.7.2.1 and ISO C
Std Appendix J.3.9.)
A gboolean is a typedef'd gint. Therefore, many implementations,
including gcc and clang, treat a gboolean bitfield of width 1 as
signed, meaning that it has two possible values: 0 and -1, any time
the integer promotions occur (which is all the time.) Constructs like this:
dgram_info->from_server = TRUE;
if (dgram_info->from_server == TRUE) ws_warning("True");
will not work as expected, though gcc (but not clang) will give an
error:
/home/johnthacker/wireshark/epan/dissectors/packet-quic.c:3457:37: error: comparison is always false due to limited range of data type [-Werror=type-limits]
3457 | if (dgram_info->from_server == TRUE)
|
proto_tree_add_debug_text(quic_tree, "Connection: %d %p from_server:%d", pinfo->num, dgram_info->conn, dgram_info->from_server);
Connection: 1 0x7fc4b47f2be0 from_server:0
Connection: 2 0x7fc4b47f2be0 from_server:-1
Connection: 3 0x7fc4b47f2be0 from_server:0
Connection: 4 0x7fc4b47f2be0 from_server:-1
At worst this can cause buffer overruns.
If a bitfield is desired, to guarantee expected behavior the standard
_Bool/bool should be used instead.
GLib watches and timeouts require GLib mainloop iterations. If the GLib
mainloop is not running, then GLib watches and timeouts won't trigger.
Back in the GTK+ days, then GLib mainloop was running on all systems.
Since the Qt transition, GLib mainloop only runs on Linux when Qt does
support it and environment variable QT_NO_GLIB=1 is not set.
Start polling GLib mainloop in separate thread if Qt is not running GLib
mainloop. Note that only the polling is handled in separate thread, the
dispatch and thus all user callbacks execute in the main thread.
Running GLib mainloop when needed enables full GLib functionality on all
platforms and thus allows us to simplify our code by using GLib platform
specific code.
Changes:
- audio rates are fixed, I selected common ones
- fixed signal names - they didn't matched expected autogenerated ones
- first play notification delay on Qt6 compensated
Add the text of the GPLv2 in HTML, taken from the FSF website,
and use rich text to display the license in the GUI.
Move the introductory note about the GPL from the COPYING
license text file to the README.
Remove various other license callouts at the end of the COPYING file
as unnecessary and unhelpful. This information is present in
each source file, where it belongs.
If the packetlist is navigated via the up/down keys, the viewport
may jump, if the cell that is being navigated to, has content that
is greated than what is currently displayed
Fixes#16363
In order to phase out older versions, we recommed 5.12 as a
minimum Qt version going forward. Although build support for
5.10 and 5.11 is not being removed at this point, it might
be for 4.x at a later time.
Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix#18168.
Use QtConcurrent to create and sort widget items. The dialog window is
immediately visible and usable. Search becomes available once all items
are added to the tree.
When compiled with Qt5, all items are added in bulk. Qt6 features new
QPromise interface that makes it possible to add tree items one by one.
Pass comparator function so the list gets sorted alphabetically. Without
the comparator function, the pointer values were sorted. Insert already
sorted data into tree widget and thus remove the redundant sort call.
Use std::stable_sort() instead of std::sort() as stable sort is actually
faster here. The std::stable_sort() tends to do fewer comparisons and
more moves than std::sort(). When sorting QTreeWidgetItem pointers, the
move is very low cost (only the pointer itself is moved) and string
comparison is quite heavy (especially because the strings share common
prefix).
This enables the traffic dialogs to filter data based on the
context menu entries. For instance, one can only show rows,
where the number of packets is not greater than 10
If a configuration profile is requested on the command line that
does not exist as a personal profile but does exist as a global
profile, copy it to the personal directory and use it, the same
as when selecting a global profile in the GUI.
Add the same feature to tshark and tfshark as well, where it
is particularly useful.
Add and install default coloring rules and filter buttons for Logray.
Add is_packet_configuration_namespace() and use it to set the default
timestamp type for Logray to "Absolute", which is more appropriate for
log entries.
Switch to the name "Logray" for the log analyzer. Rays are biological
cousins of sharks and more people like the name "Logray" in a completely
unscientific survey here. Apologies for any inconvenience this might
cause.
It looks like 1eafee6566 wasn't sufficient to fix the Qt 6 background
paint issue, at least for Qt 6.2.3. Explicitly set our background brush
before filling our rect.
Fixes#18175.
There is no need for nesting event loops when showing menus. Show menus
asynchronously to limit possibilities of hard to debug problems related
to re-entering event loop.
Make it so that "Edit->Preferences->Columns" can also set the
resolved/unresolved status of custom columns. Hide the checkbox
when the fields don't support it (including any non custom
columns.) Also make the checkbox entries in the column list model
not editable.
Fix#15394
Add a textbox to allow for filtering the traffic types
in the conversation and endpoint dialog. The current implementation
allows for an easier growth of the list entries. To ensure that
the user can find the entry he/she/they is looking for fast, add
a textbox for filtering
Not all display filters are valid for custom columns (see #15990).
Use the validation function for custom columns instead of the
display filter validation when adding or editing a custom column
through Edit->Preferences, as the Edit Column in the packet list
header already does.
Revisit this if we ever do expand the list of possible custom
columns.
Propagating the capture_file was required for a single
function as was the cast for the model. Both are not
needed, as the functionality can be either moved to
PacketListModel or was already included in PacketList
To implement loading a packet list, a lot of helper
methods are required. Those prototypes where split up
over two places and have been moved to packet_list_utils.h
to ensure a single place for lookup
conversation_dialog.h:24:15: warning: parameter 'cli_proto_id' not found in the function declaration [-Wdocumentation]
conversation_dialog.h:25:15: warning: parameter 'filter' not found in the function declaration [-Wdocumentation]
Remove unneeded row number in capture file. The packet list is
the only object that should know the correct number, propagating
it further only complicates things. At the same time, rework
cf_select_packet to select the packet based on frame_data not on
the row (which can be unreliable).
Remove duplicate functionality for jumping to packet and
remove unused function to move to the end. Furthermore
move the code for redraws of visible packets directly
into the calling code
Setting sorting enabled/disabled resorts the list. If this happens
too often, sometimes it can lead to the physical view models
not present anymore and therefore crashing.
Ping #18159
The progress frame animation is so slow, that it might not show
up on certain setups. Reduce the initial speed and duration for
the animation, which also speeds up calculations as well as dissection
as less animation has to be rendered/calculated
Instead of letting the model do the filtering and having
a bunch of exceptions in cases where columns are hidden
in between other columns, the model will present all columns
all the time, and it is the job of a top-level proxy to
filter out columns not required for current display
Set our idle dissection single-shot timer to 0, i.e. whenever the Qt
event loop can fit us in. This fixes a performance issue here with
libsinsp and doesn't appear to cause any issues otherwise.
Add a numeric address type analog to StringZ for
protocols who only use numeric values as addresses
with no further handling.
e.g. IAT protocols which only enumerate the devices
Don't require there to be at least two values in a packet for
a dissector table in order to have a combobox instead of a single
text box.
While perhaps having an editable combobox with only one drop down
option looks a bit funny, that is outweighed by the UI advantages
of being able to easily select the values that occur in the packet.
This makes it possible to change the dissector for the currently
selected packet's IP protocol or Ethertype when those are not the
last protocol layer without having to type it in manually, for
example.
Some lines in Acknowledgements are mistakenly matching the regular
expression to capture authors and email addresses, resulting in
bogus authors entries.
Stop matching authors after we reach the Acknowledgements section.
This matches the structure of the AUTHORS-SHORT file and fixes the
bogus entries.
Allow the traffic columns to automatically sort on secondary columns if
applicable. e.g. the address and port column for TCP and UDP, or the
secondary address for conversations
If a display filter had been applied during the opening
of the conversation or endpoint dialog, automatically check
the entry for "Limit to display filter" to ensure that
the filtered result is being shown, as expected by the user.
It's only necessary to check that cap_file_.capFile()->edt is
not NULL if use_stream_index is FALSE.
This prevents failure and an inaccurate error message about the
capture file being invalid when using the spinbox to cycle through
a stream when all packets are filtered out.(E.g., Follow a stream,
append to the filter looking for something, no packets match, try to
go to the next stream.)
Convert the address+port conversation code to element lists. Make our
conversation keys element lists. Document more of the conversation API.
Update the Conversation Hash Table dialog to use the new API.
Describe an alternative key type and data structure at the top of
conversation.c.
Allow the endpoint and conversation dialogs to have detachable
tabs. At the same time move the tree functionality to a subclass
to better be able to handle the context menu when detached.
Right now, still a lot of tree stuff is in the tabwidget, but
could be moved to the tree for the future
Retapping can have some side-effects and was done in
an overflowing way. Reducing the number of times retapping
is required and done, and also giving control for taps
reload to TrafficTab
Instead of instantiating CaptureFileDialog with a reference to
the filter (which means allocating a new empty QString when using
it for Save As and Export Packets, which don't use a filter), pass
the filter reference into the open and merge functions.
This plugs a memory leak that happened each time the Save As or
Export Packets dialog was created.
Allow the option to save the data from the traffic dialogs
as raw data and enable it as the default option for 4.0. The
option to display the data with pretty formatting is still
available.
The current model makes it very hard to extend the traffic tables
with new functionality. For instance, having a total view column
additionally to the normal columns when filtered.
This change removes the QTreeWidget and moves to a more generic
approach using QAbstractListModel elements.
It is implemented in thtree parts:
- ATapDataModel implements the basic collection and handling of
the tap data information, as well as updating if new data is
becoming available
- EndpointDataModel / ConversationDataModel handles the display
and representation of the data
- Implementing TrafficTab as a TabWidget which will handle the
adding/removing of new protocol tabs
Almost all the ints in tap-iostat are loop counters, numbers of columns
or rows, durations, lengths, widths, or magnitudes, all things that are
inherently unsigned. Make them unsigned.
This has the incidental effect of fixing an odd alloc-size-larger-than
error with gcc 12.1, which is afraid that if borderlen is signed that
g_malloc will somehow be called with value -1 (18446744071562067969):
Fix#18089
The Qt implicit casts from QByteArray to QString all use
size = -1, meaning to the end of the string.
This causes gcc 12.1 with -O2 to produce a very dubious stringop-overread
warning, by computing both sides of a branch even when it shouldn't:
/usr/include/qt5/QtCore/qstring.h:706:69: error: ‘size_t strlen(const char*)’ reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
706 | return fromUtf8_helper(str, (str && size == -1) ? int(strlen(str)) : size);
| ~~~~~~^~~~~
There's also a similar error with QByteArray.constData(), even though
isEmpty() should return True when the QByteArray is NULL.
(Adding isNull() prevents the warning but is redundant.)
Use DIAG_OFF and DIAG_ON to ignore the warning on GCC 12.1 and higher.
Fix#18090.
Set the row colors in the traffic dialogs to alternating for better
readibility and add a context menu option to resize the columns back
to content
Fixes#16189
Remote traffic_table_ui.? and move the JSON stuff into endpoint.
This is in preparation for larger work on both the conversation
table as well as the endpoint table, and to start using Qt code
in the UI where it should be used.
After selecting field values to be shown or not shown
residues of the former diagram may reside until the next
scroll event. This updates the viewport to trigger the
paintEvent earlier.
Fixes#17997
This is a small speedup for the ResolvedAddressesDialog. QString::arg
is a copy-by-call method as QString::append just extends the space
occupied by the string, leading to a major speed improvement.
Same goes for configuring the proxymodels first and then assigning the
data model as this will lead not to reorganization everytime
invalideFilter is being called
Windows implements so called CRT handlers, which will catch any
assertions happening inside so called crt routines and either
displays a debug dialog (Cancel, Retry, Ignore) or outright crashes
the application.
See
https://docs.microsoft.com/en-us/cpp/c-runtime-library/parameter-validation?view=msvc-170
for an explanation of the behaviour.
Now, in the current situation here, close will detect (correctly)
that the pipe it is supposed to be closing is already closed. This
happens (again correctly) because it had been closed by the extcap
application.
The change added, checks for a closed pipe first, and if so just
returns -1 (as it should) silently without calling the CRT routine,
therefore not crashing
The current situation in UatDelegate as well as PathChooserDelegate leads to issues, where Wireshark crashes if the button is clicked. This is due to the UI not correctly positioning the button inside the cell.
This change implements a widget, which will serve as cell content, handling all relations with choosing the file, but also properly handling the size and geometry of said cell content, therefore no longer leading to crashes and cleaning up code at the same time, as duplicate methods are being removed.
Fixes#17789, #17819, #18088
Display filters on Windows where broken in such a way that the file was generated with empty lines and the wrong file delimiters.
Likewise, loading the file lead to issues when the formatting was not 100% match by the plattform being used
Fixes#18082
If name resolution is enabled in the conversations and endpoints
dialogs, sort address columns by the resolved names, not by the
addresses; sorting them by address will give *very* unexpected results,
and not make it easier to look for addresses by name.
Add get_configuration_namespace() and use it in code that writes
"generated by" comments at the top of various configuration files.
Update our Logwolf colorfilters.
setTab(0) should not be required, as this belongs in the constructor as being
part of the general setup of the dialog itself. Outside code should not setup
the correct startview of the dialog.
(the problem exists in the first place, as the wrong tab may be selected via
the .ui file after editing that)
getPoints never worked in the new system therefore it is removed. SparkLineDelegate uses the underlying model to ensure the correct data being transmitted
Sparklines should display to the user, which interfaces are active
and ready for capture. Additionally it should be easy to find active
interfaces, without filtering first.
This change reorders the interface list, in order to sort active
interfaces on top, as well as hide information if no packet has been
received on that interface, to ensure that the user can find active
interfaces faster, making it easier to capture on systems where
the interfaces have very generic names.
The interface context menu has been amended to allow interfaces to be
hidden/unhidden from the main interface list as well
Skip non protocols in process_tree before calling process_node(), and
in process_node() before calling itself recursively, instead of at
the beginning of process_node(), decreaing the number of recursive
calls.
This reduces possible stack overflows in cases arising from dissectors
that call proto_item_get_parent(), which can result in many top level
non protocol items due to items not properly being faked. (#8069)
Use proto_register_is_protocol for the test instead of testing for
a name, which has not been a useful test for some time.
Add some comments about possibly wanting to skip PINOs that have
field_type FT_BYTES if they end up being toplevel items, and about
possibly wanting to descend into the tree to pick up protocols not
at the top level.
Increase the minimum required version of Qt from 5.6 to the next
LTS version, 5.9. The various Linux distributions that have not
released an update to 5.9 or later (SLES 12, Debian stretch) are
nearing end of support, and can be supported by the Wireshark 3.6 LTS
release.
Qt 5.9 requires macOS 10.0, so make that the minimum macOS version
as well.
Remove unneeded version checks (except from QCustomPlot).
Convert our conversation protocols to a dynamic list and add
add_conversation_filter_protocol(). Use it in the Falco Bridge plugin to
add protocols with conversation filters.
Use proto_registrar_is_protocol instead of directly comparing
hfinfo->parent to -1 when determining if the field info is related
to a protocol or not.
This avoids adding the special case text only field, which does not
have a parent protocol id, to the protocol hierarchy. These fields are
merely strings on the GUI tree, not actual protocols.
The same hierarchy of protocols can appear multiple times in a frame,
for example if there are multiple PDUs for a protocol that begin in
that frame. Keep track of the last frame where we incremented our
stat node and use that to only increment it once per frame.
Add a "total number of PDUs with this hierarchy" statistic and
display it as a new final column in the GUI. Update the User Guide.
In the purpose of doing this, get rid of temporary variables and
increment the ph_stats_t members directly, since we pass that
into our functions already, and thus have access to the current
packet count.
Fix#17553. Fix#18034. Fix#12565.
In conversation_filter.h, add a separate log_conv_filter_list. Use it in
register_log_conversation_filter and add conversation_filter_from_log.
It looks like we no longer use find_conversation_filter externally, so
remove it from the API.
RTP dialogs can stay opened, therefore calls of its functions are
protected by locks. There was issue that same mutex was used during
construction of the dialog and calling functions. It created possible
deadlock.
Change separates lock used for dialog creation and lock for function calls.
When function call lock is locked, new calls are ignored and warning is
printed to STDERR. Showing a dialog with warning looks too intrusive to me.
Fixes#18025
Rename LogsharkApplication to LogwolfApplication. Rename other Logshark
references in ui/qt_logshark to Logwolf. Update our CMake target and
variable names.
Rename init_progfile_dir to configuration_init. Add an argument which
specifies our configuration namespace, which can be "Wireshark"
(default) or "Logwolf".
Rename the main_window class and UIC files to wireshark_main_window and
the MainWindow class to WiresharkMainWindow. Copy wireshark_main_window
/ WiresharkMainWindow to logwolf_main_window / LogwolfMainWindow.
Remove the Wireless menu from Logwolf.
Move WiresharkApplication.{cpp,h} to MainApplication.{cpp,h}. Add back
WiresharkApplication as a thin superclass of MainApplication, similar to
LogsharkApplication. Change all of our wsApp references to mainApp. We
will likely have to change many or most of them back, but that's a
commit for another time.
Add a separate UI application named "Logshark". It's currently a very
thin superclass of Wireshark, but that will change over time. Based on
work by Loris Degioanni.
Fix
ui/qt/models/filter_list_model.cpp:299:33: warning: implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' [-Wshorten-64-to-32]
storage.move(strow, storeTo);
~~~~ ^~~~~~~
when building with Qt 5.
Fix
** (wireshark:77415) 10:53:35.149736 [GUI WARNING] -- QObject::connect: No such signal QComboBox::currentIndexChanged(QString) in ui/qt/about_dialog.cpp:352
** (wireshark:77415) 10:53:35.149760 [GUI WARNING] -- QObject::connect: (sender name: 'cmbType')
Use new-style connections everywhere in about_dialog.cpp.
Qt 5.10 added qsizetype, aka an ssize_t and Qt 6 makes extensive use of
it. Add a compatibility typedef and use it where we can. Cast it away
where we can't.
Fix
ui/qt/rtp_stream_dialog.cpp:708:26: error: 'type' is deprecated: Use typeId() or metaType(). [-Werror,-Wdeprecated-declarations]
} else if (v.type() == QVariant::String) {
^
and similar errors. Although the warnings recommend typeId() or
metaType(), userType() exists in both Qt 5 and 6 so use it instead.
Gerald Combs
Pau Espin