The packet_num was left uninitialized after refactoring "Follow Stream".
Ping-Bug: 11988
Change-Id: Iaea2560c8417503de59ddb0337cd023bcbcbbfee
Reviewed-on: https://code.wireshark.org/review/13872
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
No need for the GTK dependency on dissectors/packet-ipv6.h.
Add the stream_addr typedef in follow.h to make some code simpler.
Change-Id: I1cf906f58734a90263141362f2da33a140f93533
Reviewed-on: https://code.wireshark.org/review/13063
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
[KISS - Keep It Simple, Stupid]
Convert the Follow TCP functionality to use a tap from the TCP dissector that passes the tvb of the payload. This makes things A LOT simpler, but relies on the TCP dissector to make all decisions.
The "tap" logic passes tvb data
1. Before calls to process_tcp_payload
2. Before hf_tcp_segment_data fields (that aren't retransmissions or otherwise handled)
Follow up patches will be necessary to clean up all of the supporting "follow" functionality that is now useless.
Bug: 6925
Bug: 9780
Change-Id: I4e7f5d453519be839de39a109bafa899b9987139
Reviewed-on: https://code.wireshark.org/review/13038
Reviewed-by: Michael Mann <mmann78@netscape.net>
This automatically detects and decompresses HTTP along a TCP stream through the use of taps.
Bug: 3528
Change-Id: I8ab832d509700d0da8eabf3c3e514d8511c598d3
Reviewed-on: https://code.wireshark.org/review/13009
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Yes, there is a mistake !
Change-Id: I6c6c67300c0e05d3ede00be27f675cc8b15bb439
Reviewed-on: https://code.wireshark.org/review/8794
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
-z "follow,udp" tshark cli command now supports a stream index
It is now possible to select the UDP stream displayed in Qt GUI (like for TCP)
Change-Id: Ia367f36ea4f60db0fddb997a7e0903c09e172f2d
Reviewed-on: https://code.wireshark.org/review/6083
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I1d258923a7a63539ec8456d3e306bca5016a1e4b
Reviewed-on: https://code.wireshark.org/review/6060
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I40d0c8253743183aecef252040b7dd6742ae5c71
Reviewed-on: https://code.wireshark.org/review/5934
Reviewed-by: Michael Mann <mmann78@netscape.net>
With tshark stats are being configured before the file gets loaded and the number of TCP streams are computed
Bug: 9541
Change-Id: I42c2891124f1781b05967d5f071ad40df2d6d9f5
Reviewed-on: https://code.wireshark.org/review/1598
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Collect packet numbers when following streams so that we can correlate
text positions with packets. Add a FollowStreamText class so that we can
track mouse events. Add a hint label that shows the packet under the
cursor along with packet counts and the number of "turns".
Add the packet number to the C array dump. Note that dumping to YAML
might be useful for Scapy users.
svn path=/trunk/; revision=53314
Create a new dialog each time the user follows a stream. A lot of the
follow code seems to assume one and only one dialog so there are likely
outstanding bugs.
Don't use the global cfile (should we deprecate its usage?). We want to
move closer to multiple documents, not further away.
Clean up after ourselves. Free our payload list and unlink our temp
file. Make a bunch of gchar*s QStrings. Make sure our destructor gets
called and use it.
Make member variable and method names more consistent.
svn path=/trunk/; revision=53306
just define WS_DLL_PUBLIC_NOEXTERN inside the ifdefs, and define
WS_DLL_PUBLIC as WS_DLL_PUBLIC_NOEXTERN followed by "extern".
Then rename WS_DLL_PUBLIC_NOEXTERN to WS_DLL_PUBLIC_DEF, to clarify that
it's what should be used for definitions; at least on Windows, you
*have* to use it when declaring arrays without a size, and, whilst you
might be able to use WS_DLL_PUBLIC for definitions of functions and
perhaps data definitions other than no-size arrays, it might be clearer
to rename WS_DLL_PUBLIC to WS_DLL_PUBLIC_DECL and use it only for
declarations.
svn path=/trunk/; revision=50334
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
Add support to follow UDP and TCP streams like wireshark does. UDP streams are
selected with IP address/port pairs. TCP stream are selected with either the
stream index or IP address/port pairs.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6684
svn path=/trunk/; revision=40852
check whether a packet belonged to the correct tcp stream (when there
are multiple streams in the tracefile with the samen ip addresses and
tcp ports.
svn path=/trunk/; revision=31252
In follow.c there's stuff like: DISSECTOR_ASSERT(... fwrite( data, 1, sc->dlen, data_out_file )
If DISSECTOR_ASSERT is defined as a noop then fwrite is not called.
svn path=/trunk/; revision=27093
Use the new "tcp.stream eq XXX" as a display filter for follow tcp stream.
This makes sure only the tcp stream which the selected packet belangs to
will be shown (in case tcp ports are reused in the tracefile).
svn path=/trunk/; revision=26306
- Don't do '<gulongvar>-<gulongvar> > 0' as it will always be true :-)
- Handle the case where a segment is partially retransmitted
svn path=/trunk/; revision=25289
capture file that were actually on the wire. The reassembly code waited for
the gaps to be filled in by retransmissions, which would never come.
With this fix all acknowledged data will be output with "[xxx bytes missing in
capture file]" inserted in every gap.
svn path=/trunk/; revision=23878
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
Stig Bjørlykke