If name resolution is enabled in the conversations and endpoints
dialogs, sort address columns by the resolved names, not by the
addresses; sorting them by address will give *very* unexpected results,
and not make it easier to look for addresses by name.
Add get_configuration_namespace() and use it in code that writes
"generated by" comments at the top of various configuration files.
Update our Logwolf colorfilters.
setTab(0) should not be required, as this belongs in the constructor as being
part of the general setup of the dialog itself. Outside code should not setup
the correct startview of the dialog.
(the problem exists in the first place, as the wrong tab may be selected via
the .ui file after editing that)
getPoints never worked in the new system therefore it is removed. SparkLineDelegate uses the underlying model to ensure the correct data being transmitted
Sparklines should display to the user, which interfaces are active
and ready for capture. Additionally it should be easy to find active
interfaces, without filtering first.
This change reorders the interface list, in order to sort active
interfaces on top, as well as hide information if no packet has been
received on that interface, to ensure that the user can find active
interfaces faster, making it easier to capture on systems where
the interfaces have very generic names.
The interface context menu has been amended to allow interfaces to be
hidden/unhidden from the main interface list as well
Skip non protocols in process_tree before calling process_node(), and
in process_node() before calling itself recursively, instead of at
the beginning of process_node(), decreaing the number of recursive
calls.
This reduces possible stack overflows in cases arising from dissectors
that call proto_item_get_parent(), which can result in many top level
non protocol items due to items not properly being faked. (#8069)
Use proto_register_is_protocol for the test instead of testing for
a name, which has not been a useful test for some time.
Add some comments about possibly wanting to skip PINOs that have
field_type FT_BYTES if they end up being toplevel items, and about
possibly wanting to descend into the tree to pick up protocols not
at the top level.
Increase the minimum required version of Qt from 5.6 to the next
LTS version, 5.9. The various Linux distributions that have not
released an update to 5.9 or later (SLES 12, Debian stretch) are
nearing end of support, and can be supported by the Wireshark 3.6 LTS
release.
Qt 5.9 requires macOS 10.0, so make that the minimum macOS version
as well.
Remove unneeded version checks (except from QCustomPlot).
Convert our conversation protocols to a dynamic list and add
add_conversation_filter_protocol(). Use it in the Falco Bridge plugin to
add protocols with conversation filters.
Use proto_registrar_is_protocol instead of directly comparing
hfinfo->parent to -1 when determining if the field info is related
to a protocol or not.
This avoids adding the special case text only field, which does not
have a parent protocol id, to the protocol hierarchy. These fields are
merely strings on the GUI tree, not actual protocols.
The same hierarchy of protocols can appear multiple times in a frame,
for example if there are multiple PDUs for a protocol that begin in
that frame. Keep track of the last frame where we incremented our
stat node and use that to only increment it once per frame.
Add a "total number of PDUs with this hierarchy" statistic and
display it as a new final column in the GUI. Update the User Guide.
In the purpose of doing this, get rid of temporary variables and
increment the ph_stats_t members directly, since we pass that
into our functions already, and thus have access to the current
packet count.
Fix#17553. Fix#18034. Fix#12565.
In conversation_filter.h, add a separate log_conv_filter_list. Use it in
register_log_conversation_filter and add conversation_filter_from_log.
It looks like we no longer use find_conversation_filter externally, so
remove it from the API.
RTP dialogs can stay opened, therefore calls of its functions are
protected by locks. There was issue that same mutex was used during
construction of the dialog and calling functions. It created possible
deadlock.
Change separates lock used for dialog creation and lock for function calls.
When function call lock is locked, new calls are ignored and warning is
printed to STDERR. Showing a dialog with warning looks too intrusive to me.
Fixes#18025
Rename LogsharkApplication to LogwolfApplication. Rename other Logshark
references in ui/qt_logshark to Logwolf. Update our CMake target and
variable names.
Rename init_progfile_dir to configuration_init. Add an argument which
specifies our configuration namespace, which can be "Wireshark"
(default) or "Logwolf".
Rename the main_window class and UIC files to wireshark_main_window and
the MainWindow class to WiresharkMainWindow. Copy wireshark_main_window
/ WiresharkMainWindow to logwolf_main_window / LogwolfMainWindow.
Remove the Wireless menu from Logwolf.
Move WiresharkApplication.{cpp,h} to MainApplication.{cpp,h}. Add back
WiresharkApplication as a thin superclass of MainApplication, similar to
LogsharkApplication. Change all of our wsApp references to mainApp. We
will likely have to change many or most of them back, but that's a
commit for another time.
Add a separate UI application named "Logshark". It's currently a very
thin superclass of Wireshark, but that will change over time. Based on
work by Loris Degioanni.
Fix
ui/qt/models/filter_list_model.cpp:299:33: warning: implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' [-Wshorten-64-to-32]
storage.move(strow, storeTo);
~~~~ ^~~~~~~
when building with Qt 5.
Fix
** (wireshark:77415) 10:53:35.149736 [GUI WARNING] -- QObject::connect: No such signal QComboBox::currentIndexChanged(QString) in ui/qt/about_dialog.cpp:352
** (wireshark:77415) 10:53:35.149760 [GUI WARNING] -- QObject::connect: (sender name: 'cmbType')
Use new-style connections everywhere in about_dialog.cpp.
Qt 5.10 added qsizetype, aka an ssize_t and Qt 6 makes extensive use of
it. Add a compatibility typedef and use it where we can. Cast it away
where we can't.
Fix
ui/qt/rtp_stream_dialog.cpp:708:26: error: 'type' is deprecated: Use typeId() or metaType(). [-Werror,-Wdeprecated-declarations]
} else if (v.type() == QVariant::String) {
^
and similar errors. Although the warnings recommend typeId() or
metaType(), userType() exists in both Qt 5 and 6 so use it instead.
Fix
ui/qt/tcp_stream_dialog.cpp:1669:31: error: 'globalPos' is deprecated: Use globalPosition() [-Werror,-Wdeprecated-declarations]
ctx_menu_.exec(event->globalPos());
^
and similar warnings.
This allows the "needs to be reloaded" indication to be set in the close
process, as is the case for ERF; having a routine that returns the value
of that indication is not useful if it gets seet in the close process,
as the handle for the wtap_dumper is no longer valid after
wtap_dump_close() finishes.
We also get rid of wtap_dump_get_needs_reload(), as callers should get
that information via the added argument to wtap_dump_close().
Fixes#17989.
Only set the Packet List scrollbar page step to be equal to the
height of the scrollbar when running on macOS. Qt on Linux and
Windows behaves different.
Add a separate menu for Strip Headers (similar to Export PDU, but exporting
to an encapsulation other than WIRESHARK_UPPER_PDU everything for
that encapsulation). Add to the usage output of tshark for the "-U"
option which encapsulation a export tap will produce.
Allow export PDU taps to be registered with a wiretap encapsulation
instead of always using WTAP_ENCAP_WIRESHARK_UPPER_PDU. This allows
creating normal capture files that aren't tied to wireshark without
having to do a "editcap -C -L -T", as well as creating files in
formats other than pcapng and pcap with tshark.
Provide a couple sample implementations in Ethernet (WTAP_ENCAP_ETHERNET)
and IP (v4 and v6, WTAP_ENCAP_RAW_IP) that are the most common use cases.
(I can imagine a few others; WTAP_ENCAP_MPEG_2_TS could probably be
useful, for example.) Fixes#15141
Calling setCurrentIndex with QItemSelectionModel::ClearAndSelect clears
the currentIndex, but not the selection, so it doesn't trigger
selectionChanged. However, highlighting depends on the selectionChanged
signal, not currentChanged(), and it's not emitted if we're still on the
same packet/row as the current selection (which can occur if searching
for something that occurs in exactly one packet in a capture.)
Since packet_list_select_row_from_data() cares about where the data
is within the packet, it needs to clear the selection. Fix#8269
Add a checkbox to the packet format group box to allow the
hexdump to only have the main frame instead of secondary data
sources as well, so that Print and Export Packet Dissections can
be used for input to text2pcap.
Apparently on Windows, if a dialog contains spaces it is not properly
opened via /select. But opening the file via QDesktopServices leads to
the file not being selected in the open explorer windows (expectation by
the user). Therefore the original change is restored, but with a
differenc call which should handle the space issue in most cases better
than before. See
https://stackoverflow.com/questions/3490336/how-to-reveal-in-finder-or-show-in-explorer-with-qt
for a short explanation (bottom of post)
Fixes#17927
inputMask populates the field with a space for each character
in the mask. Mouse people that click in the field may position
the cursor at the far right of the mask and not be able to enter
a value.
https://www.qtcentre.org/threads/7106-QLineEdit-and-input-mask
Remove the inputMask from the field definition and add a validator.
Don't use ZLib routines or data types if we're built without ZLib.
Don't support --compress-type=gzip, or a gzip check box in the Output
pane of the Capture Options dialog, if we're built without ZLib.
Fixes#17899.
g_file_open_tmp() does not set name_used unless the temp file
is successfully created (cf. to our old hand written library
pre commit 2925fb0850). Initialize it so that g_free doesn't
free a random memory location in that case, and don't use it
otherwise after failure. Fix#17828.
Since Import from Hex Dump creates a pcapng temporary file, use
the list of encapsulations we can write to pcapng instead of pcap.
In particular, this makes WTAP_ENCAP_SYSTEMD_JOURNAL possible, so make
text_import capable of writing that encapsulation by using the proper
rec_type and block. It's not clear why someone would have a binary
hex dump of this text based format, but it works.
This must match the base name of the .desktop file (without the .desktop suffix).
The implicit default is 'wireshark', which worked until the file got renamed in 42a09ad02e
Setting this is important for several desktop enviromnent features to work, for example the window icon on Plasma Wayland
In text2pcap and Import from Hex Dump, allow fake IP headers with
the appropriate versions when the Raw IP, Raw IPv4, and Raw IPv6
encapsulations are specified. In such cases, do not add a dummy
Ethernet header.
Continue to reject other encapsulations besides these, Ethernet,
and Wireshark Upper PDU when appropriate. Add some checks for the
encapsulation type in text_import as well, instead of just assuming
that the callers handle it correctly.
Move the list of encapsulation buttons to a QButtonGroup, which makes
it easy to tell which one of them is activated.
Use that to fix an issue where dummy headers impermissible for an
encapsulation type could be added if the radio button was selected
before switching the encapsulation type. (Only for encapsulations
that allow at least one type, i.e. Ethernet or Wireshark Upper PDU.)
qcustomplot.cpp:34001:37: warning: The left operand of '-' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:34001:37: warning: The right operand of '-' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:26643:9: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:27752:11: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:27779:11: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:34087:7: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:22400:17: warning: The left operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:22400:17: warning: The right operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35170:17: warning: The left operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35170:17: warning: The right operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:21229:13: warning: The left operand of '==' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:21274:13: warning: The left operand of '==' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35323:13: warning: The left operand of '==' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35349:13: warning: The left operand of '==' is a garbage value [core.UndefinedBinaryOperatorResult]
Add some default IPv6 addresses, used in place of the unspecified
address. These are unique local addresses as in RFC 4193 with
a global ID generated using the pseudo-random algorithm mentioned
therein.
Use nanosecond resolution pcapng files for "Import from Hex Dump"
by default (since we support that level of precision and that's
what text2pcap does).
Disable QAbstractItemView's alternatingRowColors in places where we have
that set. One of Wireshark's most heavily used features is packet
colorization; we use color in packet list and detail rows to convey
information. Simple alternating color rows doesn't do that, and as my
blatant appeal to authority^W^W^W^W^WEdward Tufte points out, "Strips
are merely bureaucratic or designer chartjunk; good typography can
always organize a table, no stripes needed."
https://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=0001IV
Move the parameter setup to text_import, so that later it can
be called from the GUI, including the interface name. (This has
to be a separate function because these parameters need to be
set before the call to wtap_dump_open, which is different for
regular files vs temp files vs stdout.)
Remove the '-d' option from text2pcap, and move the two levels
of debug messages in text2pcap and text_import to either
LOG_LEVEL_DEBUG or LOG_LEVEL_NOISY as appropriate.
In "Import from Hex Dump", change the control that determines
IPv4 versus IPv6 to a QComboBox, and move it into the grid of
options, in the IP option section.
Only warn about the parser getting an unexpected offset when
using OFFSET_NONE the first time. Use log warnings for subsequent
messages.
Strip off the whitespace/newline/colon from the offset when adding
it to the message, only output the offset number.
text2pcap used 10.1.1.1 and 10.2.2.2 for default IPv4 addresses,
and "Import From Hex Dump" used 1.1.1.1 and 2.2.2.2. The former
are a little bit better for defaults since they're RFC 1918
private IP addresses, so let's use them for the common code.
Add the option to use IPv6 instead of IPv4 for dummy headers,
including custom source and destination address, to the
"Import from Hex Dump" GUI box. Related to #16724
Encapsulate the feature requirements for strptime() in a
portability wrapper.
Use _GNU_SOURCE to expose strptime. It should be enough on glibc
without the side-effect of selecting a particular SUS version,
which we don't need and might hide other definitions.
Add a checkbox for the extra detection for ASCII in a hex+ASCII
hexdump even when the text looks like hexbytes to Import from Hex
Dump. Save and restore it from the settings. Work towards #16724.
If we're in the no offset mode and we parse an offset,
warn the user and ignore. At the very beginning of the file try
adding it to the preamble, maybe there's something unfortunate
like an all numeric time stamp format (ISO-8601 Basic).
A bunch of the globals are simply copied from the input parameter
text_import_info_t, just use them directly.
Move the count for packets read and written into the info type,
so that callers like text2pcap can access them as results.
Don't exit in the middle with unexpected values. Report a failure
and return a failed exit status when something goes really wrong.
Use warnings when appropriate, like when a time code value couldn't
be parsed.
Includes allowing the string "ISO" in the format string text box
in the GUI, so this works in "Import from Hex Dump" as well as
being for the text2pcap transition. Part of #16724.
Use report_message and report wtap_dump failures. Pass in
the output filename and keep track of the frame numbers for
the message parameters.
Report failure to initialize the lex scanner in text_import
instead of in the GUI, so that it would be reported from text2pcap,
and because text_import might have other failure cases that are
not the scanner.
The regex parser returns a positive number of packets processed
on success; save that number in text_import, and return zero on
success to our callers.
This is the special check for canonical hex+ASCII textdump
files that looks for the edge case where the beginning of the
ASCII column has strings that can be mistaken by the parser for
additional hex bytes. Not implemented in the GUI yet. Preparing
for text2pcap switchover. Related to #16724.
Adjust the grammar to recognize two trailing hexadecimal characters
without a LF as a byte as well. Ported from text2pcap and commit
22cf80d30d which explains why this
is safe. More work for #16724.
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
Add IPv6 handling to text_import, including the ability to
handle dummy IPv6 addresses instead of IPv4. GUI support is
still TBD. This further reduces the number of text2pcap features
that ui/text_import does not yet support. Related to #16724.
Add dummy IPv4 addresses to the text_import_info_t struct, and
use them if set in the same way text2pcap does. GUI support in
"Import from Hex Dump" is not added yet. This is also part of the
work for text2pcap to eventually call text_import. Related to #16724.
The encapsulation type that text_import expects and puts
directly into rec.rec_header.packet_header.pkt_encap is a
wiretap encap type, not a pcap link type. Fix the name and
comment appropriately.
Correctly handle when a minimum packet length forces fragmentation of
SCTP and we are generating dummy SCTP DATA chunk headers: mark fragmentation
in the chunk flags and set the transmission sequence number and
stream sequence number appropriately.
Port from text2pcap commit f8d48662c8
Part of #16724.
The "Import from Hex Dump" time delta for packets without a timestamp
was changed to be a nanosecond, but the time resolution for the file
created by import_text_dialog is the default, microseconds. Until
that is configurable, the time tick used needs to be microseconds like
it was before.
Clean up the code so that it's a little more consistent about when
and how the extra time tick is added, namely:
1. If there is no time format passed in.
2. If time format conversion for the packet fails for any reason.
We don't add an extra delta in other situations, e.g. if packets just
happen to have the same valid time value.
Fix#15562.
_parse_time, which uses g_strlcpy, expects that end_field points
to the position after the end of the field (such as the \0.)
text_import_regex handles this correctly, but when importing from
hex dumps the last character of the timestamp was being cut off,
which makes a big difference when fractional seconds are not used.
For historical reasons our logging inherited from GLib the logging of
some levels to stdout. Namely levels "info" and "debug" (to which we
added "noisy").
However this practice is discouraged because it mixes debug output
with application output for CLI tools and breaks many common usage
scenarios, like using tshark in pipes.
This change flips the logic on wslog to make logging to stderr the
default behavior.
Extcap subprocess have a hidden dependency on stdout so add that.
Some GUI users may also have a dependency on stdout. Because
GUI tools are unlikely to depend on stdout for programatic output
add another exception for wireshark GUI, to preserve backward
compatibility.
This lowers the level of this message from "message" to
"info". This has two side-effects:
- It is not displayed by default
- It is printed to stdout instead of stderr.
Some users were depending on this message. Restore this to
the level it had before 05ed76d4. Even though this output is
not considered a stable interface restoring the old behavior
helps them and has no meaningful usability downsides. The
changes in 05ed76d4 were experimental anyway.
Related to #17763.
Actually output the packet count for RTSP response status codes,
and align the columns between requests and response. (This CLI-only
stat is largely redundant with rtsp,tree but it might as well work.)
Actually output the packet count for HTTP response status codes,
and align the columns between requests and response. (This CLI-only
stat is largely redundant with http,tree but it might as well work.)
Without this, the simple stat tables default to sorting by the first
column in descending order. (An artifact of the QTreeWidget that they
inherit from.) The first column is generally a message type (integer or
string) and ascending order makes more sense.
Some of the stat tables intentionally insert rows in a preferred order
that is different than sorting by the first column (e.g, ANSI A I/F tables
are sorted by the second column), but we can't tell what that is.
QTreeWidget only allows the data to be shown in its original unsorted
order if the widget is marked unsortable, but then the user isn't allowed
to sort at all, and being able to sort by other columns (such as count)
is useful.
Extcaps require a log file when invoked in child mode. It also has
a specific flag to enable debugging, other that the wslog options.
Fix the logging to:
1. Enable debug log level if --debug is used.
2. Do not emit messages to the stderr if debug is enabled.
This brings extcap logging to the same feature level it had before
wslog replaced GLib logging.
There is some lose of detail in the group label but eliminates
the misleading information that comes from grabbing the
potentially modified summary of the first entry in the group.
Closes#14892#14425
Wireshark successfully compiles on Windows with Qt6.2 with following
cmake options:
-DUSE_qt6=ON -DDISABLE_ERROR=ON
QCustomPlot QT 6.2 patch is taken from QCustomPlot forum post by miccs.
Qt5 recommended to use QRegularExpression instead of QRegExp.
Qt6 deprecated QRegExp and provides it in Qt5 compatibility module.
QRegularExpression is generally faster and safer to use as the results
are returned in separate QRegularExpressionMatch instead of modifying
interal QRegExp object state.
This is basically applying c knowledge and Google to the compiler
error messages. There is basically no understanding involved into
what I was doing:
- No idea why lots of #includes needed to be added for Qt6
- No idea how to actually fix the remaining problems, but it's a start
Things that need to be done:
- The AudioDeviceInfo thingy needs to be replaced by something new (as
an interim solution another patch disables the audio player in Qt6).
- GRegExp eventually needs to be replaced by QRegularExpression
(available since Qt5.0, so development can be done in Qt5).
- Solutions for the other problems like some methods no longer
being available in Qt6 that have to sort of co-exist with Qt5.
In order to be able to defer solving all Qt6 API differences at once
I tried to reactivate the QT_MULTIMEDIA_LIB feature. I managed to fix
most problems but one problem remains in both Qt5 and Qt6 builds.
Without Qt[56]Multimedia, the following error exceeds my non-existing
C++ knowledge:
jmayer/work/wireshark/git/ui/qt/rtp_player_dialog.cpp:154:18: error: out-of-line definition of 'RtpPlayerDialog' does not match any declaration in 'RtpPlayerDialog'
RtpPlayerDialog::RtpPlayerDialog(QWidget &parent, CaptureFile &cf, bool capture_running) :
^~~~~~~~~~~~~~~
Of course it still fails in the compile phase, but only for some
of the ui/qt/ files.
Wireshark with Qt5 still compiles and runs.
To do the build invoke cmake with the following settings added:
export CMAKE_PREFIX_PATH=:${MY_QT6_PREFIX}/lib/cmake
cmake -DUSE_qt6=ON ...
Independently of this patch there is lots of Qt-stuff in
CMakeLists.txt that needs review/cleanup:
- Some of the stuff can probably be solved in a less hacky way:
+ There seemed to be a way for QT6 to provide the required c++-standard,
but in the end I could not find it.
+ Once we have a working Qt6 codebase, we may get rid of the USE_qt6
flag and just test for Qt6Core first and if not present check for
Qt5Core.
- All comments that match /qt ?[4-6]/i need reviewing/cleaning up.
- The changes in this patch have been tested to work on all machines
that are my mac (macos 12.0.1, XCode 13.1, Intel, GPL-Qt6.2.1 with only
the macos package selected, cmake 3.21.4)
Add ui/qt/qt6-migration-links.txt for some possibly helpful links
The column parameter in PacketListRecord::columnString() must be
below cap_file->cinfo.num_cols to be valid. An issue with this check
may be triggered when switching profile.
Pass the funnel operations ID to new_text_window and new_dialog so that
we can assign parent widgets when we create new FunnelTextDialogs and
FunnelStringDialog. This should ensure that they're destroyed properly.
Ping #17590.
This reverts commit c2edb44a9a.
While we should definitely avoid leaking memory, this runs up against
the Qt code's assumption that it will always have valid epan data.
Fixes#17590.
Fixes#17719.
Do not keep epan_dissect_t instance hanging until FrameInformation
destructor is called. Simply copy the tvb data into local buffer and
cleanup epan_dissect_t instance as soon as possible.
Fixes#17590
Add uat_set_default_values, which lets us provide default values for
fields that might be missing from the end of a UAT line. Set a default
value for the I/O Graph dialog's Y Axis Factor. Fixes the backward
compatibility issue described in #17623
If an ftype can participate in equala assume it can also participate in
not equals. Use fvalue_can_eq() instead of fvalue_can_ne().
If it can participate in one order comparison it can participate in all.
Replace any comparison with fvalue_can_cmp().
As searching the list of protocols takes a noticeable amount
of time and so would introduce significant lag while typing a string
into the Search box, we instead debounce the call to
updateSearchLineEdit(), so that it doesn't run until a set amount of
time has elapsed with no updates to the Search field.
If the user types something before the timer elapses, the timer restarts
the countdown.
The first call to Follow Stream forgot to disable the arrow
button. Reverse the precedence between the display filter edition
and the display filter success now gives the expected GUI behavior.
Closes#10774
Wireshark defines the relation of equality A == B as
A any_eq B <=> An == Bn for at least one An, Bn.
More accurately I think this is (formally) an equivalence
relation, not true equality.
Whichever definition for "==" we choose we must keep the
definition of "!=" as !(A == B), otherwise it will
lead to logical contradictions like (A == B) AND (A != B)
being true.
Fix the '!=' relation to match the definition of equality:
A != B <=> !(A == B) <=> A all_ne B <=> An != Bn, for
every n.
This has been the recomended way to write "not equal" for a
long time in the documentation, even to the point where != was
deprecated, but it just wasn't implemented consistently in the
language, which has understandably been a persistent source
of confusion. Even a field that is normally well-behaved
with "!=" like "ip.src" or "ip.dst" will produce unexpected
results with encapsulations like IP-over-IP.
The opcode ALL_NE could have been implemented in the compiler
instead using NOT and ANY_EQ but I chose to implement it in
bytecode. It just seemed more elegant and efficient
but the difference was not very significant.
Keep around "~=" for any_ne relation, in case someone depends
on that, and because we don't have an operator for true equality:
A strict_equal B <=> A all_eq B <=> !(A any_ne B).
If there is only one value then any_ne and all_ne are the same
comparison operation.
Implementing this change did not require fixing any tests so it
is unlikely the relation "~=" (any_ne) will be very useful.
Note that the behaviour of the '<' (less than) comparison relation
is a separate, more subtle issue. In the general case the definition
of '<' that is used is only a partial order.
To enhance the Merge 4644, the isReadRunning variable scope is
changed to reduce the header footprint and make the code compliant
to the usual coding rules.
When changing one of the selection parameters in the Follow Stream
dialog while a filtering task is already running, the result is
inaccurate.
While a filtering task is already running in the Follow Stream
dialog, any filter change which triggers a new filtering gives a
wrong result. Both the displayed data and the Save As functions
are impacted. Closes#15637
The statistics that use the stats_tree API parse the -z option
without expecting a comma separator between the statistics name
and the filter. This is contrary to both the man pages and how
all the other options work. Fix that so it's consistent.
Fix#17656
For #16186. Proposed changes to the tooltips which appear when a filter
expression is potentially problematic.
Rename references to "User's Guide" to "Help" since the link to the
User's Guide in the Help menu is just called *Contents*.
Name specific sections within the help which pertain to the warning
tooltip being shown. Gives first-time users some help in finding the
right part of the sizeable User's Guide.
Q_OBJECT is only needed for signals+slots, translations, and other
meta-object services. Remove it in some classes, since having it means
we're generating and compiling code unnecessarily.
Improve reload Lua plugins to handle fieldsChanged before calling
the preferences apply callback, because a proto.prefs_changed()
function may call reload_packets() or redissect_packets(), and this
requires the fields to be updated.
Changing profile during capture may change the capture_opts->show_info
setting. Always init cap_session->wtap and check if valid before doing
capture_info_new_packets(). Always close dialog and cap_session->wtap
in capture_input_closed().
This will not bring up the Capture Information dialog when switching
to a profile having this enabled.
Fixes#17622
Support reloading a Lua FileHandler when this is in use for a
loaded capture file. Prompt to save the file if having unsaved
changes because the file must be reloaded.
Fixes#17615
Profile files which is only used in Qt is not automatically registered
during startup and must be explicit registered.
Add profile_register_persconffile() to handle this registration.
Adds a checkbox 'Automatic Update' to the IO Graph to enable or disable
rescans and recalculation of graph data temporarily. This is useful when
you want to modify settings of multiple graphs without triggering a rescan
with every change of a single setting. This becomes useful for large trace
files in particular.
Rescan or recalculation events are queued while 'Automatic Update' is not
active. Checking 'Automatic Update' triggers the queued updates.
The setting for 'Automatic Update' is stored in a preference.
A german translation for 'Automatic Update' is included.
Mingw-w64 has this function. We may have to define some extra symbols
for API visibility but on my system the config check is working out
of the box.
POSIX systems come in many flavours, remove the "save time" if()
condition in this case.
Fix code to check if we have clock_gettime() on Windows as well.
The locale information can be excessively verbose. Cut down the
number of categories displayed to one, arguably the most relevant
for troubleshooting purposes.
Store all user specified values from the "Import from Hex Dump"
dialog in a profile import_hexdump.json file.
Set default ExportPDU dissector to "data".
Fixed a minor typo in a help text.
Besides the obvious limitation of being unavailable on Windows,
the standard is vague about getopt() and getopt_long() has many
non-portable pitfalls and buggy implementations, that increase
the maintainance cost a lot. Also the GNU libc code currently
in the tree is not suited for embedding and is unmaintainable.
Own maintainership for getopt_long() and use the musl implementation
everywhere. This way we don't need to worry if optreset is available,
or if the $OPERATING_SYSTEM version behaves in subtly different ways.
The API is under the Wireshark namespace to avoid conflicts with
system headers.
Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy
with opterr and known to crash. In my experience it's a headache to
use the embedded getopt implementation if the system provides one.
Allow the hover selection to be either configured via context menu
or by pressing the Ctrl key while moving the mouse. The configuration
is stored via profile
"Follow Stream" functionality assumes that all data in a single packet
belongs to the same stream. That is not true for HTTP2 and QUIC, where
we end up having data from unrelated streams.
Filter out the unwanted data directly in the protocol dissector code with
a custom `tap_handler` (as TCP already does).
Close#16093
The related-packet drawing code currently intermingles the selection and the
drawing of the conversation "trace" lines and the indicators. Separating them
out -- so we make the decisions upfront and then do the drawing -- will help
with any future work in this area.
The Ubuntu build commented on some spelling errors in executable code
files. Fix the errors that don't come from external files containing
the spelling errors (USB product and vendor IDs, PCI IDs, ASN.1
specifications), and fix some errors that don't show up in the
executable code files (e.g., in comments and variable names).
Allow the user to select multiple packets, and
* add the same comment to all selected packets
* remove all comments from selected packets
A new comment is added to each packet, now that we support multiple
comments per packet.
This is one potential way to address #8713.
Save a list of all user options that were specified on the Wireshark
command line using the `-o` option. Reapply those preferences after
reloading Lua plugins. Fixes the behaviour given in #12331 wherein such
prefs were reset to the defaults, not the command-line values, when
reloading Lua plugins.
When the user changes a preference in the Wireshark UI, remove that
preference from the stored command line options, so it doesn't get reset
when Lua plugins are reloaded again.
If a graph is added it should be a single operation, not multiple setData operations
leading to a myriad of dataChanged signals to be fired, which in turn can hinder redissection.
Wireshark/tshark may be built without Lua support. This patch adds an
error message if the user specifies the `-X lua_script` command-line
argument to a program built without Lua support, so the user is not left
wondering why their script isn't working.
Without that, you could add a comment to a record in a file format the
reading code for which doesn't allocate blocks, but the comment doesn't
get saved, as there's no block in which to save the comment option.
This simplifies some code paths, as we're either using the record's
modified block or we're using the block as read from the file, there's
no third possibility.
If we attempt to read a record, and we get an error, and a block was
allocated for the record, unreference it, so the individual file readers
don't have to worry about it.
Set PacketDiagram as parent of QGraphicsScene so the scene is destroyed
together with PacketDiagram.
Dynamically allocate WiresharkApplication and explicitly call its
destructor when no longer needed. This results in deletion of
FunnelAction objects created in register_menu_cb() and QAction objects
created in TapParameterDialog::registerDialog(). For some reason, when
breakpoint was set inside WiresharkApplication destructor it would not
get triggered on exit, and so the child objects would get reported as
memory leaks.
Delete main window and application only after epan_cleanup(). This makes
lua plugins actually call ops during cleanup (e.g. destroy_text_window)
and makes it possible to free the memory allocated in FunnelStatistics
constructor.
Instead of creating endless loop and synchronizing using QWaitCondition,
execute the syntax worker check in its thread by emitting signal. The
syntax worker thread affinity is set to worker thread so the slots
handling takes place within the worker thread context.
This patch allows the profile importer to recover from a file too large
to import as well as adjusts the maximum allowed config file size.
Closes: #17504
When capture was longer (e.g. 800s), audio was decoded correctly, but
visual waveform was shown incorrectly. Reason was exceeding range of
guint32 during calculation. Calculation is now made in guint64 and then
put back to guint32.
Bug 17478 was caused by `wtap_rec.block` being allocated for each
packet, but not freed when it was done being used -- typically at the
end of a loop.
Rather than requiring each caller of `wtap_read()` to know to free a
member of `rec`, I added a new function `wtap_rec_reset()` for a
slightly cleaner API. Added calls to it everywhere that seemed to make
sense.
Fixes#17478
This header was installed incorrectly to epan/wmem_scopes.h.
Instead of creating additional installation rules for a single
header in a subfolder (kept for backward compatibility) just
rename the standard "epan/wmem/wmem.h" include to
"epan/wmem_scopes.h" and fix the documentation.
Now the header is installed *correctly* to epan/wmem_scopes.h.
Those routines can't add an option if there's no block to add it to;
this meant that neither the direction nor the sequence number would be
set when importing a packet.
Automated find/replace of wmem_packet_scope() with pinfo->pool in all
files where it didn't cause a build failure.
I also tweaked a few of the docs which got caught up.
fcntl.h appears to be available on all of our supported platforms,
including Windows. We've also been including it without HAVE_FCNTL_H
guards in a few places (e.g. sshdump.c) without any issues for some
time.
floorl is part of C99.
Don't store the comments in a capture_options structure, because that's
available only if we're being built with capture support, and
--capture-comment can be used in TShark when reading a capture file and
writing another capture file, with no live capture taking place.
This means we don't handle that option in capture_opts_add_opt(); handle
it in the programs that support it.
Support writing multiple comments in dumpcap when capturing.
These changes also fix builds without pcap, and makes --capture-comment
work in Wireshark when a capture is started from the command line with
-k.
Update the help messages to indicate that --capture-comment adds a
capture comment, it doesn't change any comment (much less "the" comment,
as there isn't necessarily a single comment).
Update the man pages:
- not to presume that only pcapng files support file comments (even if
that's true now, it might not be true in the future);
- to note that multiple instances of --capture-comment are supported,
and that multiple comments will be written, whether capturing or reading
one file and writing another;
- clarify that Wireshark doesn't *discard* SHB comments other than the
first one, even though it only displays the first one;
Spell out "DESCRIPTION" for the IDB description option, as it's spelled
out in the pcapng spec.
Put the #defines for various options in the same order as the block
types for them are in the pcapng spec.
Mark wsutil's includes SYSTEM PRIVATE. This exposed a lot of targets
that were indirectly picking up include paths via the wsutil target, so
add direct includes where needed. The G.722 and G.726 codecs were
implicilty including tiffio.h; find it explicitly instead.
Mark some of wsutil's libraries PRIVATE, but leave commonly-used ones
PUBLIC.
Ping #17477.
Add "SYSTEM" to "target_include_directories(version_info ...", which
keeps
```
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_stdio.h:93:16: warning: pointer is missing a nullability type specifier (_Nonnull, _Nullable, or _Null_unspecified) [-Wnullability-completeness]
unsigned char *_base;
^
```
from being printed here.
Revert change to format_size() added in
f509a83381. This commit broke formatting
with spaces and introduced some dead code.
Also replace unnecessary call to format_size_wmem() and remove
unnecessary casts (since our warning settings were fixed in the
mean time).
"User" sounds as if the blocks belong to the user; at most, the current
user might have modified them directly, but they might also have, for
example, run a Lua script that, unknown to them, modified comments.
Also, a file might have "user comments" added by a previous user, who
them wrote the file and and provided it to the current user.
"Modified" seems a bit clearer than "changed".
Mostly functioning proof of concept for #14329. This work is intended to
allow Wireshark to support multiple packet comments per packet.
Uses and expands upon the `wtap_block` API in `wiretap/wtap_opttypes.h`.
It attaches a `wtap_block` structure to `wtap_rec` in place of its
current `opt_comment` and `packet_verdict` members to hold OPT_COMMENT
and OPT_PKT_VERDICT option values.
This functionality has been added in d2a660d8, where its limitations
are described.
Improvements:
* the Substream index menu now properly filters for available stream numbers;
* Follow Stream selects the first stream in the current packet
Known issue (which is still there): if a packet contains multiple QUIC
streams, then we will show data also from streams other than the selected
one (see #16093)
Note that there is no way to follow a QUIC connection.
Close#17453
Version info is an aspect of UI implementation so move it to
a more appropriate place, such as ui/. This also helps declutter
the top-level.
A static library is appropriate to encapsulate the dependencies
as private and it is better supported by CMake than object libraries.
Also version_info.h should not be installed as a public header.
We always build the .c files in ui/win32 with Visual C++, so rename
them to .cpp and update CMakeLists.txt to match. Leave the C code mostly
intact for now, but this lets us take advantage of C++ features in the
future if desired.
Functions clock_gettime() and timespec_get() cover all the platforms
we support with sub-second resolution in a a portable manner. Fallback
to using time().
Pass a struct timespec to the log writer callback for maximum
flexibility.
At least on my Mac, if I start up Wireshark, start a capture
(non-monitor-mode) on the Wi-Fi adapter, add a comment to the SHB and
the first packet while it's capturing, stop the capture, and try to save
it, it warns that the wireless timeline hash table pointer is null.
Allocate it in the constructor.
Instead of receiving the program name from GLib, pass it explicitly
to ws_log_init() instead and use that to initialize the GLib program
name.
ws_log_parse_args() will now exit the program when it encounters an
argument error if exit_failure >= 0.
The name of the block, in the pcapng specification is the systemd
Journal Export Block; add "export" after "journal" in various
variable/enum/define names.
ws_log_domains.h needs to be included before wslog.h to be used
to define WS_LOG_DOMAIN. Also the definition for enum ws_log_level
needs to be exported for other APIs so move that to ws_log_domains.h
and rename the file to ws_log_defs.h to reflect the new scope.
A domain filter can be given in the environment variable
'WS_LOG_DOMAINS' or in a command-line options "--log-domains".
The filter is specified as a comma separated case insensitive list,
for example:
./tshark --log-domains=main,capture
Domain data type switches from an enum to a string. There is no
constaint on adding new domains, neither in code or at runtime.
The string format is arbitrary, only positive matches will produce
output.
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
Use wsApp->setLastOpenDirFromFilename() to convert a filename
to a directory name before calling wsApp->setLastOpenDir().
This will ensure to always store a directory instead of a filename
in the recent gui.fileopen_remembered_dir.
Add a generic function to write content to file. Use this on write
TLS session keys from UI and tshark, and for export objects.
Remove the now unused export_object_ui.[ch].
Analyze -> SCTP -> Filter this Association was missing in the menu, but available in the context menu for packets. This MR fixes the issue by adding Analyze -> SCTP -> Filter this Association again.
Analyze -> Follow -> DCCP Stream was missing in the menu, but available
in the context menu for packets. This MR fixes the issue by adding
Analyze -> Follow -> DCCP Stream again.
The secs member of nstime_t is a time_t, which is difficult to print in
a way that's compatible across platforms. Convert our time to floating
point and print that value instead. Fixes
../ui/cli/tap-follow.c:304:63: error: format specifies type 'unsigned long long' but the argument has type 'time_t' (aka 'long') [-Werror,-Wformat]
printf(" timestamp: %" G_GINT64_MODIFIER "u.%09d\n", follow_record->abs_ts.secs, follow_record->abs_ts.nsecs);
~~~~~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~~
%ld
on macOS.
Modify YAML output format so it includes information about peers and
absolute timestamps for each packet.
This also adds yaml output to tshark: -z follow,tcp,yaml,X
Don't allocate the rtpstream_id_t's until we know we have enough
information to fill them in and use them.
Keep trace of whether we have used them and, if not, free them.
Singletons moved from main_window to each class's static open<NameOfClass>
method:
- RtpPlayerDialog
- RtpStreamDialog
- VoipCallsDialog
- RtpAnalysisDialog
Fixed issue with selecting RTP stream in sequence dialog. When user
selected a stream and moved mouse to Rtp Player button and pressed it,
incorrect RTP stream was sent to it.
When enumerating port-to-name entries, the callback to
wmem_map_foreach() gets passed:
- a key, which is the port number for the entry;
- a value, which is a pointer to a structure containing pointers to port
names for various transport protocols;
- a user data pointer.
That's sufficient (if you work around some C++ annoyances) to append a
row to a PortsModel, if the user data pointer is a pointer to the
PortsModel.
The existing code, instead, appended to a QStringList of lines (in
effect, undoing the effort of the code that read the services file and
filled in the wmem_map, re-generating a set of lines) in the callback,
and then iterated over all the lines, splitting them with blanks and
appending rows.
Looking at that made my eyeballs bleed so badly that I decided not to
spend any time figuring out why it wasn't working.
So I just make the callback just append rows, avoiding all the
string-pushing.
Fixes#17395.
It looks like multi-configuration generators (notably MSBuild) need
Qt autogen properties set on the wireshark target as well as qtui. Do
so unconditionally in both cases. (We were doing so conditionally for
qtui before.)
Set CMAKE_AUTO{MOC,UIC,RCC} if we're running CMake 3.20.0 or 3.20.1 in
order to work around CMake issue 22085, otherwise set the AUTOMOC,
AUTOUIC, and AUTORCC properties for the qtui target. The latter is
preferred since it keeps us from running Qt's meta-object, user
interface, or resource compilers on code outside of ui/qt. Ping #17314.
When button is pressed or triggered by shortcut, it opens same
window as before.
User can click small arrow next to button and it open menu with all
new actions e.g. Set/Add/Remove for RTP Player.
Documentation updated.
Code is NOT able to do VAD (Voice Activity Detection) so audio silence
(sequence of equal samples) nor noise are not recognized as silence. Just
missing RTP (Confort Noise, interupted RTP, ...) and muted streams are
recognized as silence for this feature.
User can control duration of shortest silence to skip.
Updated documentation.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
The secs field is a time_t, which is not necessarily 32 bits. If it's
not, casting away the upper bits, by casting to guint32, introduces a
Y2.038K bug.
Either cast to time_t or, if you're assigning a time_t to it, don't
bother with the cast.
New advanced settings are created:
- rtp_player_use_disk1 - controls if decoded samples are stored in
memory or on disk.
- rtp_player_use_disk2 - controls if dictionary for decoded samples
is stored in memory or on disk.
- documentation updated
Audio for play is now decoded and stored without silence parts.
Changes:
- ui/qt/utils/rtp_audio_file.cpp created to handle silence skipping
- ui/qt/rtp_audio_stream.cpp refactored to support it
- Fixed issue with exporting streams: File synchronized export was missing
leading silence.
- No line is shown in waveform graph if there is silence
At times the presence of the packet-list hover_style colorization can make
it difficult to determine the state of the packet directly under the mouse
cursor. This forces the user to move the mouse cursor away from the
packet-list row to reveal the next colorization state. The packet-list row
colorization style precedence, from highest to lowest, is: hover_style,
Selected, Ignored, Marked and then coloring rules.
This patch adds a new 'Packet List settings:' checkbox option 'Enable
mouse-over colorization'. By default the supporting preference
`gui.packet_list_hover_style.enabled` will be enabled (TRUE). When this
checkbox is disabled, the packet-list hover_style (mouse-over)
colorization will not be used.
Remove the editor modeline blocks from the source files in ui that use 4
space indentation by running
perl -i -p0e 's{ \n+ /[ *\n]+ editor \s+ modelines .* shiftwidth= .* \*/ \s+ } {\n}gsix' $( ag -l shiftwidth=4 $( ag -g '\.(c|cpp|h|m|mm)') )
This gives us one source of indentation truth for these files, and it
*shouldn't* affect anyone since
- These files match the default in our top-level .editorconfig.
- The one notable editor that's likely to be used on these files and
*doesn't* support EditorConfig (Qt Creator) defaults to 4 space
indentation.
When user press S(elect)/D(eselect) key, all RTP streams related to
selected call/calls are selected/deselected in RTP Streams window. If
window is not shown, it is opened.
Documentation updated.
1. In order to keep error bars and scatterplot in-sync for segment and
SACK graphs, tell QCustomPlot that the data is already sorted when
adding it to scatter plots. [ Otherwise it will re-sort the data and
potentially get out-of-sync with the error bars graphs ]
2. Clear and hide error bars plottables in fillGraph() similar to what
is done for other graphs. [ otherwise QCustomPlot may attempt to draw
error bars on graphs where they are not relevant ]
3. Do not mark window update packets as duplicate acks.
Changes:
- RTP Player added to Telephony/RTP menu.
- When openning RTP Analysis or RTP Player from RTP menu, just selected
stream is added. When Ctrl is hold during opening, reverse stream is
searched and added too.
- RTP Player: Added tool to select/deselect all inaudible streams
- RTP Player: Added Prepare Filter button
- RTP Player: Added Analyze button
- RTP Analysis: Added Prepare Filter button
- documentation updated
Code changes:
- RTP Player::rescanPacket() is not fired multiple times during rate change and during dialog creation
- Error shown in RTP player is cleared after every new decode of streams
- RTP Player handles case when Qt do not emit stop stream event
- "Select" menu code unified between dialogs>
- RTP Player: Audio routing menu unified
- buttons are connected to actions by signals()
- Analyze dialog is called by list of rtpstream_id, not rtpstream_info
QCustomPlot's adaptive sampling decimates the data to be plotted based
on the screen resolution. Specifically, if many data points fit within
the same pixel on the X (key) axis, then QCustomPlot attempts to plot
only the min value, the max value, and a few values in-between to
maintain a good "density" on the Y (value) axis.
The density QCustomPlot wants is about one datapoint for every 4 pixels
covered by the value range of a single X (key) pixel. Unfortunately,
this calculation is flawed if all values also fit within a single pixel
on the Y (value) axis - so this change fixes that bug.
Initialize the exit status before the loop, and just break out of the
loop if something fails, so that the code following the loop can destroy
the console in Wireshark on Windows and then go to the clean exit code.
On Windows, rather than creating and destroying the console twice for
each interface, just create it when we start printing and destroy it
when we finish printing.
Ensure that if using tshark -q -t e -z conv,tcp the reported
start time is relative to the epoch time and not relative to
the time of the first packet in the capture file.
Thanks to Theresa Enghardt for reporting the issue and to
Peter Lei for initialy looking into it.
Retap and UI response are much faster when many RTP streams are
processed. RTP Streams/Analyse 1000+, RTP Player 500+.
Changes:
- RTP streams are searched with hash, not by iterating over list.
- UI operations do not redraw screen after every change, just after all
changes. UI is locked when rereading packets.
- Sample list during RTP decoding is stored in memory so wireshark uses
just half of opened files for audio decoding than before.
- Analysis window checkbox area is limited in height
- Dialogs shows shows count of streams, count of selected streams and
count of unmuted streams
- Documentation extended with chapter about RTP decoding parameters
- Documentation extended with performance estimates
In dumpcap, if we're being run by TShark or Wireshark, if there are no
link-layer types, just provide an empty list to our caller; let them
construct an empty list of link-layer types when they read our output.
In the code that reads that list, don't report an error if the list is
empty, rely on the caller to do so.
Have capture_opts_print_if_capabilities() do more work, moving some
functions from its callers to it.
Replace the Wireshark code for that with code that matches what TShark
does.
Update a comment in TShark while we're at it.
Fixes#14215.
(Still leaves it popping up the full window, but that's a bigger
change.)
`-k` is a capture option, so add a HAVE_LIBPCAP check similar to other
flags. Fixes
../ui/commandline.c:459:41: error: no member named 'start_capture' in 'struct commandline_param_info'
global_commandline_info.start_capture = TRUE;
~~~~~~~~~~~~~~~~~~~~~~~ ^
It's not a generic capture option also supported by TShark and dumpcap,
it's Wireshark-specific (dumpcap *always* starts a capture, and TShark
starts one iff it's passed one or more interfaces on which to capture;
only Wireshark needs it to start the capture immediately - that's a
relic of the days when Wireshark *itself* did what dumpcap now does for
Wireshark).
Handle it in commandline_other_options(), rather than in
capture_opts_add_opt().
That lets us get rid of an argument to capture_opts_add_opt(), and dummy
variables in TShark and dumpcap used to work with that extra argument.
"Commonly-used" meaning "used by more than one source file".
Clean up the exit codes, combining some duplicates with different names,
and using some instead of raw numbers in some places.
Changes:
- Added description of playlist idea and related operations
- Added description of RTP Player dialog
- Added description of VoIP Calls dialog
- Added description of Flow Graph dialog
- Added help link to Flow Graph dialog
- Added description of RTP Streams window
- Added description of RTP Stream Analysis window
- Updated related past images
Calling cmake with -DENABLE_VLD=ON when building with Visual Studio,
results in debug configuration being linked to Visual Leak Detector.
By default, Visual Leak Detector outputs the leak summary to Visual
Studio debug window. When ENABLE_VLD is active, VLD is linked to all
wireshark libraries and executables.
Changes:
- Fixed issue with hanging the player. The issue is in Qt - internal
Mutex is locked when Qt calls outputStateChanged() and you can't call
any other action on the audio object
- Fixed issue when play marker stream was running forever
- Removed !1855 because it introduces delay on play on Windows platform
QPainter::HighQualityAntialiasing is obsolete and ignored
(https://doc.qt.io/qt-5/qpainter.html#RenderHint-enum) since
at least 5.6, so use Antialiasing instead, as indicated by the docs.
(https://doc.qt.io/archives/qt-5.6/qpainter.html#RenderHint-enum)
Explicitly cast a long to an int, like already done on line 21080.
Put in a break to suppress an overly aggressive fallthrough warning
on g++ (all values of an enum are tested, so it cannot actually fall
through.)
Add redrawVisiblePackets() to respond to user triggered event to
promptly trigger updates to the frame.marked field text when displayed
in the packet list.
Without this patch, if frame.marked is added as a custom column, updates
to the packet lists's frame.marked field text of packets will not be
immediately reflected in the packet list until some other event such as
adding a packet comment or ignoring a frame ultimately triggers
redrawVisiblePackets().
QCustomPlot 2.1.0 was just released (Mar 29, 2021) and officially supports
Qt 5.12-6.0, which in order to support we've been patching it
internally. Update to this latest external version (after removing
the whitespace at the end of a bunch of lines internal to comments.)
(https://www.qcustomplot.com/index.php/download) Edited to include
the permission from the author Emanuel Eichhammer to use the GPLv2.
(Does someone need to ask if that permission applies to 2.1.0?)
Ping #17144 and #17163 but those bugs appear to still be here.