only if the capture file format is PCAPNG). This can happen if the user
does not have a PCAPNG file but has added a capture-file comment via the
add/edit capture file comment UI.
Replace some tabs with spaces and wrap a few long lines.
svn path=/trunk/; revision=42827
source isn't compressed and the target is (or vice versa), enable the
"compressed" checkbox in the Save As and Export Specified Packets
dialog. Fix it to clear the checkbox if the selected file format
doesn't support gzipping.
svn path=/trunk/; revision=42822
an API to fetch that.
When doing "Save" on a compressed file, write it out compressed.
In the Statistics -> Summary dialog and in capinfos, report whether the
file is gzip-compressed.
svn path=/trunk/; revision=42818
save" if the destination file exists.
Don't forbid overwriting an existing file in either of those cases (we
still forbid overwriting the current capture file) - the GUI asks the
user whether they want to do the overwrite, and allows them to cancel
out of it - and don't remove the file before writing to it (doing so
makes the save *un*safe).
Attempt to do a save of an unedited temporary file by just moving the
file on Windows as well as on UN*X - ws_rename() will remove the target
if necessary on Windows (and won't do it as a separate operation before
attempting the rename), so it behaves like ws_rename() on UN*X (which is
just a wrapper around rename()).
svn path=/trunk/; revision=42816
new file the current file, as is the case in most if not all other GUI
applications.
A new "Export Specified Packets" menu option allows you to specify which
packets to write out, with the default being the displayed packets (and
those on which the displayed packets depend for, e.g. reassembly), and
never makes the resulting file the current file.
The two operations are conceptually distinct. Lumping them into one
menu item, with the default for "Save As" being "displayed packets only"
and thus making it behave like the latter operation, was causing some
confusion; see, for example, bug 6640.
Make the dialog popped up if you try to "Save As" or "Export Specified
Packets" on top of an existing file ask the "do you want to do this?"
question in the main part of the message, and note in the secondary text
that doing that will overwrite what's in the file; that matches what
TextEdit on OS X and the GNOME text editor say.
svn path=/trunk/; revision=42792
File -> Export Packet Dissections
(for the "print to file", "export as CSV", "export as C array",
"export as PSML", and "export as PDML" items)
File-> Export Selected Packet Bytes
File -> Export SSL Session Keys
File -> Export Objects
(for exporting objects transferred over HTTP, DICOM, or SMB)
menu items.
The operations under Export really weren't that related - about all they
had in common was that they wrote to a file stuff other than packets
in a capture file format; the operations in the groups *under* Export
were related, so the groups are now menu items of their own.
This way, the File menu more immediately indicates what options of that
sort are available.
It also means that the Export Packet Dissections item might make it
clearer that what you get from that is *NOT* something that can just be
read back into Wireshark, as at least one user who asked "how do I get
my capture back from this?" on ask.wireshark.com thought. If that
doesn't suffice, perhaps renaming it to "Export Dissected Packets" would
help; if *that* doesn't suffice, perhaps Kevin Cullimore's suggestion
that it say "Report" rather than "Export" will do the trick:
From: Kevin Cullimore <kcullimo@runbox.com>
Subject: [Wireshark-users] Re: Should the "export as text" item be in an "Export Human-readable..." item in the File menu?
Date: May 19, 2012 8:31:23 PM PDT
To: wireshark-users <wireshark-users@wireshark.org>
Would classifying the asymmetric export (ones that lack a
corresponding "import" action) formats as "reports" help clear
up the original ambiguity/misunderstanding? It seems that most
of the gui-based network tools I'm forced to periodically
interact with rely upon that term with at least some success.
(Or perhaps some other verb would be right in some cases, e.g. "Save SSL
Session Keys".)
This also sets a pattern for another upcoming change - splitting "Save
As" into "Save As", which always saves every packet and makes the new
file the current file, and "{Verb} Specified Packets", which lets you
specify which packets to save and does *not* make the new file the
current file. That'd simplify the code a bit, and might clear up the
new only-in-the-trunk issue in bug 6640 - having "Save As" default to
saving displayed packets currently means that it acts more like the
latter of those functions.
svn path=/trunk/; revision=42778
so "Save" should, for non-temporary files, mean "save the current state
of the capture file on top of the existing file" without prompting for a
file name.
That means we have to do a "safe save" - i.e, write the capture out to a
new file and, if that succeeds, rename the new file on top of the old
file - as the actual packet data to write out is in the file we're
overwriting, not in memory. (We'd want to do that anyway, of
course....)
Update some comments.
Clean up indentation slightly, and get rid of an unnecessary variable
(in all the cases where we use it, we assign it the same value, and that
value isn't modified out from under us before we use it).
Note that after a "Save", or a "Save As" that writes out all captured
packets, we shouldn't have to close the current file and open the new
file and reread it - we should be able to open the new file and update
the frame offsets in the frame_data structures.
Note that we need to do some a better job of reporting rename failures.
svn path=/trunk/; revision=42777
save, we post capture file callback events similar to the ones posted
when reading a capture - otherwise, the reload will leave the welcome
screen up.
Rename cf_cb_file_save_reload_finished to cf_cb_file_reload_finished,
add a cf_cb_file_reload_started callback, have them work similarly to
read_finished and read_started except that the reload uses "Reloading"
in the progress bar and status bar.
Clean up some indentation while we're at it.
svn path=/trunk/; revision=42764
"unsaved_changes", and have it be TRUE iff changes have been made to the
file since it was read - *not* if it's a temporary file from a live
capture.
Check the "is_tempfile" member, and the "unsaved_changes" member, when
appropriate.
Just have a set_toolbar_for_capture_file() routine that updates the
"save", "close", and "reload" toolbar as appropriate, given a
capture_file structure - absorb the function of
set_toolbar_for_unsaved_capture_file() into it.
svn path=/trunk/; revision=42721
We're already checking in gtk if end highlight offsets don't exceed len.
Do the same for start offset.
I wonder if it this checks should be also done when adding items to tree...
svn path=/trunk/; revision=42596
Sort the recent filters list by "most recently used" (that is, put the most
recently used filter at the head of the list).
svn path=/trunk/; revision=42439
Get rid of gtk_widget_set_size_request() calls - at least on my machine
and GTK+ version, they make some of the items too small to show the full
text. Let GTK+ figure out how big things have to be - and if that makes
the toolbar too wide, redesign the toolbar.
svn path=/trunk/; revision=42277
Separate "Toolbar" from the toolbar name in the View menu items.
Use "l", rather than "W", as the whatchamacallit for the wireless
toolbar - "W" is already used for "show packet in new window".
svn path=/trunk/; revision=42275
uses it once it's filled in.
From Evan Huus: in scan_local_interfaces(), pass NULL to
capture_interface_list(), as we don't use the error string (and don't
free it, either).
In fill_capture_box(), for CANT_GET_INTERFACE_LIST, include the error
string in the report, and free it, in all cases, when we're done with
it.
svn path=/trunk/; revision=42089
From me: don't bother initializing if_string in its definition, as if
it's used at all it's set to a different value before all uses.
svn path=/trunk/; revision=42073
or colorize; quit before we even *try* to get the link-layer header
type.
If we don't have an active link-layer header type, that probably means
we don't know what link-layer header types the interface provides, which
would be the case if it were a named pipe or an interface we can't open.
Don't crash in that case, just leave the filter combo box uncolored, to
indicate that we have no clue whether the filter is valid or not.
Fixes bug 7049.
svn path=/trunk/; revision=42059
It was not being highlighted in the bits view.
So add % 8 to avoid shifting the single mask bit right out of the byte
we're supposed to be showing...
svn path=/trunk/; revision=42030
OpenLayers.Layer.Text, insert them into a JSON array and load them using
OpenLayers.Layer.Vector + OpenLayers.Format.GeoJSON. This should fix the
endpoint map feature on modern browsers.
Switch OpenStreetMap to a simpler map from OSGeo.
svn path=/trunk/; revision=41967
from makefiles (and thus from the buildbot).
The intention is to be able to tell when a human is running the tool so we
can provide more code-review guidance.
As a starter, enable the "too many proto_tree_add_text() calls" check when
a human is running the tool.
svn path=/trunk/; revision=41943
popup should also be available through a regular menu. So, make the
"Manually resolve address" function availble in under View->Name Resolution .
(Yes, technically this is an "Edit"-like action, but it just fits so well
under Name Resolution.)
While there, move "Resolve Name" from main_menu_bar_toggle_action_entries[]
into main_menu_bar_entries[] so it doesn't get a (useless) toggle indicator.
(At least as I understand this function, it's supposed to allow you to tell
Wireshark to go off and try to resolve the names in the current frame;
unfortunately it doesn't seem to actually work.)
svn path=/trunk/; revision=41747
are present. However, still only create the graph for the first/only
one.
LTE MAC or RLC frames often contain multiple SDUs that are segments of
the same TCP conversation - this avoids the need to find a frame with
only one SDU.
svn path=/trunk/; revision=41721
capture_opts.h. (It arguably belongs somewhere other than in a file in
ui/gtk, but, if so, move it there, e.g. to something in ui.)
svn path=/trunk/; revision=41712
I'm contributing a new dissector for the HART/IP protocol. This
protocol is specified by the HART Conformance Foundation (HCF). It is
a standard protocol used in the process control industry. It
essential wraps the multip-drop serial HART packets in TCP or UDP
packets. The standard has been approved by the HCF and has been
assigned UDP/TCP port 5094 by IANA.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6961
--This line, and those below,
will be ignored--
M AUTHORS
M epan/CMakeLists.txt
M epan/dissectors/Makefile.common
AM epan/dissectors/packet-hartip.c
M ui/gtk/main_menubar.c
svn path=/trunk/; revision=41644
description of existing menus must be accurate: if a name and action are
both specified then the to-be-added-XML must include both the name and the
action.
It appears that the formats given in stat_group_name()'s value_string were
designed to take this into account, but there was no code to separate the menu
name from its action. Adding that separation is complicated by the fact that
menus are separated by /'s and actions may also contain that character. To
deal with that, "escape" the /'s in actions by replacing them with #'s.
make_menu_xml() then un-escapes them back into /'s.
There has to be an easier way to do all of this...
svn path=/trunk/; revision=41591
work/wireshark/svn/trunk/ui/gtk/voip_calls.c:599:9: error: variable ‘voip_calls_graph_list’ set but not used [-Werror=unused-but-set-variable]
svn path=/trunk/; revision=41548
we weren't even able to start a capture, rather than delivering a fake
"capture start" indication and relying on a later "capture file closed"
indication - for a capture that was never opened in the first place - to
handle GUI cleanups.
Don't deliver any GUI indications in cf_close() if we didn't have a
capture file open in the first place.
Clear the status bar and welcome header if that indication is delivered.
If we start a capture from the command line with the -k flag, don't show
the captured packet information unless the capture actually starts.
svn path=/trunk/; revision=41521
which to do a live capture; don't clear the latter list when closing the
capture file.
collect_ifaces() should clear out the existing list of interfaces before
filling that list up with the interfaces selected by the user. In
addition, when it frees up interfaces in that list, it should free up
the strings attached to those interfaces.
svn path=/trunk/; revision=41517
in its callers; when starting a capture with "wireshark -k", there's no
capture file to close, and closing it might be provoking some UI actions
that cause crashes on Windows.
Don't copy the list of selected interfaces to the list of capture
interfaces in capture_start(), either, do that in the callers; we were
already doing that in one place and, in one of the remaining cases,
namely "wireshark -k", we should do so only if no capture interfaces
were supplied on the command line. (I.e., the set of interfaces on
which we want to capture depends on where in the UI the capture is being
started.)
svn path=/trunk/; revision=41491
string of ../ items to get to another directory in the source tree, as,
when doing an out-of-tree build, the source tree is a separate tree from
the build tree.
svn path=/trunk/; revision=41425
the file (as is the case during a live capture).
Replace tabs with spaces (for consistency with the rest of the file).
svn path=/trunk/; revision=41415
clickable to open an edit window.
- Add checks for NULL pointers.
Help with a different color LED possibly with Jeff's (c) in it apreceated.
Should the LED be placed elsewhere or the whole thing done differently?
svn path=/trunk/; revision=41242
make Save-As/Displayed/All-Packets save not only the displayed packets but
also any other packets needed (e.g., for reassembly) to fully dissect the
displayed packets.
This works only for the "All packets" case; choosing only the Selected packet,
the Marked packets, or a range of packets would require actually storing which
packets depend on which (too much memory) or going through the packet list many
times (too slow). Also, this behavior is always the case: you can't save the
displayed packets without their dependencies (I don't see why this would be
desirable).
So far this is done for SCTP and things using the reassembly routines (TCP has
been tested).
The Win32 dialog was modified but hasn't been tested yet.
One confusing aspect of the UI is that the Displayed count in the Save-As
dialog does not match the number of displayed packets. (I tried renaming the
button "Displayed + Dependencies" but it looked too big.) The tooltip tries
to explain this and the fact that this works only in the All-Packets case;
suggestions for improvement are welcome.
Implementation details:
Dissectors (or the reassembly code) can list frames which were needed to
build the current frame's tree. If the current frame passes the display
filter then each listed frame is marked as "depended upon" (this takes up the
last free frame_data flag).
When performing a Save-As/Displayed/All-Packets then choose packets which
passed the dfilter _or_ are depended upon.
svn path=/trunk/; revision=41216
time stamps on all packets in a set, you can't determine the start and
end time of the packets in the set (even one timestampless packet throws
the determination off - was that packet before the first time-stamped or
after the last time-stamped packet, or between them?).
svn path=/trunk/; revision=41187
and r39501:
Setting _XOPEN_SOURCE to 600 is only allowed on Solaris 10 if the compiler is
set to C99 mode. Conversely (and as reported in the bug), simply defining it
(but with no value) is not allowed if the compiler *is* compiling to C99.
So, don't define _XOPEN_SOURCE at all on Solaris. Keep defining it as 600 on
other OS's as (also) requested in that bug.
Maybe there's a cleaner way to do this but all of this is a "trickery" mess
anyway...
svn path=/trunk/; revision=41182
new_packet_list: crash in add_byte_views from decrypted zigbee data
The cause of the crash I saw was that the add_byte_views() function in
main_proto_draw.c relies on output from previous dissector run while the
function may eventually trigger dissector to run again which wipes out the
previous output.
The patch copies the output of the dissector before calling add_byte_tab() so
that even when add_byte_tab() updates the dissector output, the loop continues
with previous dissector output.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5130
svn path=/trunk/; revision=41158
* Add support in the GUI for pipes.
* Allow the local interfaces to be rescanned via the GUI.
* Allow remote interfaces to be added and deleted.
The GUI can be extended to support other ways of capturing.
svn path=/trunk/; revision=41105
GENERATED_H_FILES.
If we have DIRTY_GENERATED_C_FILES, use it the same way we use
GENERATED_C_FILES.
GENERATED_FILES is "everything to nuke on a "make maintainer-clean"",
not "everything to put into the distribution".
svn path=/trunk/; revision=41075
"..." after it, as it pops up a dialog box to let you actually type in a
comment.
Add "Add or Edit Packet Comment" to the menubar's Edit menu.
svn path=/trunk/; revision=41005
In r37159, the following change was made to ui/gtk/rtp_player.c:
@@ -1654,9 +1636,7 @@
GtkWidget *dialog;
/* we should never be here if we are in PLAY and !PAUSE */
- if(!rtp_channels->stop&& !rtp_channels->pause){
- exit(10);
- }
+ g_assert(!rtp_channels->stop&& !rtp_channels->pause);
The logic, however, was not negated properly. The correct assertion should be:
g_assert(rtp_channels->stop || rtp_channels->pause);
With the current code, the RTP player causes a crash for me when pressing the
'Play' button.
svn path=/trunk/; revision=40951