The "wireshark -i lo" option somehow did not mark interfaces as
selected. It turns out that the "-i" option populates the "ifaces"
array during option parsing, but we must also set the "selected"
property in the "all_ifaces" array in function "scan_local_interfaces".
Bug: 13865
Fixes: v2.3.0rc0-2812-g40a5fb567a ("Restore interface selection after interface refresh")
Change-Id: Iacfeaf14efe2696f37f0e021259c59fb677de435
Reviewed-on: https://code.wireshark.org/review/22478
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Allow the ordering of the filter buttons via drag/drop in
the toolbar
Change-Id: Id8793d6514bae36066a7a23d6890985665e753bd
Reviewed-on: https://code.wireshark.org/review/22422
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Change the wording to make it more like the other option
menus
Change-Id: I0d071aecd80131e5304737a1746f3a41f546c8e4
Reviewed-on: https://code.wireshark.org/review/22441
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
ManageInterfacesDialog::on_addPipe_clicked uses g_new0 to create an
"interface_t" instance, but InterfaceTreeCacheModel uses qDeleteAll
which results in ASAN reporting "alloc-dealloc-mismatch (malloc vs
operator delete)".
To fix this, remove the dynamic allocation and make
InterfaceTreeCacheModel store the instance internally.
Change-Id: I9426dfc88d0a54a889bbbc9cf336c0a6af76920e
Reviewed-on: https://code.wireshark.org/review/22410
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Adds a context menu for the toolbar filter buttons, which allows for
opening the preference for the filter buttons, as well as direct edit,
removal and disable functionality
Change-Id: I5f2d132737c77804cf22834574dfe3c02f85fbdf
Reviewed-on: https://code.wireshark.org/review/22327
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Make the frame into a two-row frame to better accomodate
the comments field, and reinstate the correct action for the
buttons
Change-Id: I171e4bc3c7f195b7179cd6b1c2ab4ab42ede9c04
Reviewed-on: https://code.wireshark.org/review/22405
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Go from <expression>,<comment> to <comment>\n<expression>
Bug: 13814
Change-Id: I842e38798eba7ff87751733ce0b2befdc9c8c27f
Reviewed-on: https://code.wireshark.org/review/22395
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a field to the display filter button UAT to allow comments
to be displayed as part of the tooltip to the diplay filter
button
Bug: 13814
Change-Id: I74459e4102856258d31d6429e2fd924a9f798cd5
Reviewed-on: https://code.wireshark.org/review/22390
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The filter expressions data was shoved into the preference file in a
very loose, non-arrayed form. It's much easier to manage in code
(and for users in a separate file) as a UAT.
The GTK GUI was hacked to use the existing UAT dialog rather than
rewrite the pref_filter_expressions.c to support a UAT. Should
be okay since it's deprecated.
Change-Id: I688cebb4b7b6594878c1398365e79a205f1902d9
Ping-Bug: 13814
Reviewed-on: https://code.wireshark.org/review/22354
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"Warning" is a more appropriate name because filter may not
be as deterministic as user desires
Bug: 13834
Change-Id: Ie34e37db8866dc409f25df227a4d34e7c11d0058
Reviewed-on: https://code.wireshark.org/review/22392
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That way it can be properly filtered out.
This was broken when pkt_comments was switched to a pino and
wasn't available in the protocol filters list.
Change-Id: Ie3f2b4f25eeb11be57111c98be87e33e0849174b
Reviewed-on: https://code.wireshark.org/review/22363
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Put custom column field settings in quotes in the recent file to
support multi custom columns which contains space. Otherwise the
space will be removed in prefs_get_string_list() and the field will
not match when reading the recent file.
Change-Id: Ic6e2b1e02d68970a4e11fbecbe55a7b10f8b10dd
Reviewed-on: https://code.wireshark.org/review/22349
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Filter expressions needs support for a checkbox (bool) and
string field that verifies display filters.
Change-Id: Idfbffd6cdb5abaee8914126a05d890e834c17306
Reviewed-on: https://code.wireshark.org/review/22340
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fields like "dns.time || http.time || smb.time" were sorted by column
number before. Recognize when all fields are numeric values and then try
to sort by number and otherwise fallback to a value comparison.
In theory sorting should now also be a bit faster for custom columns
because the columnn type is looked up once.
Change-Id: Id40d7cce8080d05823d74459fc493ec6ebf80956
Reported-by: Laura Chappell
Reviewed-on: https://code.wireshark.org/review/22317
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Due to the use of HTML, whitespace (including newline) are shown as
single horizontal space. Add a special case for newlines.
Bug: 13819
Change-Id: Iefa2af7d2948ed18a3b7f8f4ee8cb90100bf3460
Reviewed-on: https://code.wireshark.org/review/22306
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "Previous/Next Packet in Conversation" actions accidentally
overwrites more specific filters (like TCP port matching) by less
specific ones (like IP addresses). This resulted in strange behavior
where packets from different TCP streams were selected.
Change-Id: Ifa93064e1db3777fa3c12e2220bbb0b36b9478fe
Reported-by: Christian Landström
Reviewed-on: https://code.wireshark.org/review/22274
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Removing the toggle indicator. Search behaves now the same as it
does for e.g. in SublimeText
Change-Id: I4523001b536caa116bcb989f0850aa769c6220f8
Reviewed-on: https://code.wireshark.org/review/22280
Reviewed-by: Roland Knall <rknall@gmail.com>
Do not put the wireless timeline in the main view with splitters, it has
a fixed size anyway and is not taken into account for layout and size
calculations for the panes.
Bug: 13776
Change-Id: I71da962950c3f1b215908674f4852afa76744343
Reviewed-on: https://code.wireshark.org/review/22242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Simon Barber <simon.barber@meraki.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When going to a packet (first, last, next, prev and specific) during
capture we must turn off auto scroll to let the packet be shown
in the packet list.
Change-Id: If1c615eb4d422c3b4c0418114064f7a4a0b75b35
Reviewed-on: https://code.wireshark.org/review/22244
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With live or large capture files and asynchronous name resolution this can
cause serious scrolling issues as the name resolutions come in.
Bug: 12074
Change-Id: I1a5cca410c0608927b32e9e7107885370caf14d7
Reviewed-on: https://code.wireshark.org/review/22245
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When opening the enabled protocols dialog from a protocol preferences
menu we must flush app signals to ensure a redissect is done.
Change-Id: I512b8f6959aabcc15ccffc67615583ee9c60ceec
Reviewed-on: https://code.wireshark.org/review/22224
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If the searchbar is already open focus on the bar and highlight
existing test, instead of closing an already open bar
Change-Id: I4f8ae2e903cb65c0ebca238f3bcc1c62b63b5c3b
Reviewed-on: https://code.wireshark.org/review/22223
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace with easier to understand and already present NAME_RESOLVED given dummy address is always filled.
Change-Id: If8464f89e88722aac70689749fe0d4a31c119db2
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22110
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For at least Qt, the main_window_update callback is not necessary to
make the stop button work. When restarting a live capture during a
flood (via Ctrl-R), this callback actually results in an infinite loop
in MainWindow::captureStop since the capture state never changes from
FILE_READ_IN_PROGRESS.
Remove this callback to ensure that the problematic
pipeActivated / sync_pipe_input_cb / capture_input_new_packets /
main_window_update / ... / on_actionCaptureRestart_triggered /
testCaptureFileClose / captureStop sequence is avoided.
Even though captureStop invokes capture_stop, I guess that this does not
change the state because the pipeActivated callback is already active.
Bug: 10917
Change-Id: I6ca4fa946963928b7bc8a53ca14f9a9a3a35eaa7
Reviewed-on: https://code.wireshark.org/review/22097
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
testCaptureFileClose can also be invoked while reading an existing
capture file (the original comment only applied to GTK+, not Qt). When
the user quits Wireshark while reading an offline pcap, this could
result in a confusing "Unsaved packets" dialog. Fix this by checking the
actual capture session state.
After fixing this, the next issue is that cf_close trips on an assertion
("cf->state != FILE_READ_IN_PROGRESS"). To address this problem, do not
close the capture file immediately, but signal to the reader (cf_read)
that this should be done (similar to the quit logic in GTK+).
Bug: 13563
Change-Id: I12d4b813557bf354199320df2ed8609070fdc58a
Reviewed-on: https://code.wireshark.org/review/22096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Was sign extending the key to 64-bit in Linux.
GPOINTER_TO_UINT should not be stored in 'int', use guint.
Change-Id: Ib4a994fdda5d69a589d3cffce644584103f2cd1d
Reviewed-on: https://code.wireshark.org/review/22107
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Places that only need color_t, such as certain preferences, don't need
the color filter stuff.
Change-Id: I88fc2858454d04e659b323a8bc28b21d362ca3fb
Reviewed-on: https://code.wireshark.org/review/22060
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Change keyboard shortcuts to Ctrl+Shift+[IOU]
- Use UTF8_MICRO_SIGN in tooltip text
- Change 0xffffffffffffffff with G_MAXUINT64
- Check for valid wlan_radio *ri before use
- Small whitespace cleanups
Change-Id: I9fa85c0d675ef3837510afaf5f1b723d89ac134c
Ping-Bug: 13769
Reviewed-on: https://code.wireshark.org/review/21993
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Simon Barber <simon.barber@meraki.net>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
taken from the timing analysis done in the wlan_radio dissector. QT only.
The timeline background is light gray, white for packets displayed in the packetlist,
and blue for the currently selected packet. Packets are coloured according to the
colouring rules foreground colour. The timeline can be zoomed with controls on the
toolbar.
At higher zoom levels the duration (NAV) field is plotted as a horizontal line to the
right of a packet.
The height of a packet in the timeline is proportional to the RSSI.
The bottom half of the packet is only shown if it matches the display filter.
Todo:
Auto detect TSF timing reference point (start/end of packet)
Add a scrollbar
Add a ruler showing time
Improve handling of focus.
Do not display NAV for packets with bad FCS.
Show related packets graphically
Different Y axis modes
- bandwidth/channel use display
- different transmitters per line
- background color from coloring rules
Live capture support
Change-Id: Ic31fffb0d6854966361ade7abb5c0be50db9a247
Reviewed-on: https://code.wireshark.org/review/20043
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Current layer number needs to be unconditionally saved after v2.3.0rc0-3740-ge1f84f985e,
which increased the number of dissectors that use current layer number to
determine Decode As value.
Change-Id: Ib82370af94ea00613a337890369e228cffa1ed81
Reviewed-on: https://code.wireshark.org/review/21928
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Either 1) it can be determined from the libwiretap encapsulation type,
in which case it's redundant information or 2) there *is* no pcap/pcapng
link-layer header type for that encapsulation type, in which case you
need to check for the attempt to determine it failing and handle that
failure appropriately.
Change-Id: Ie9557b513365c1fc8c6df74b9c8239e29aad46bc
Reviewed-on: https://code.wireshark.org/review/21924
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This property was introduced in Qt 5.1.
Change-Id: I3446886d65fbeaf011a69071b605b044e5205b60
Reviewed-on: https://code.wireshark.org/review/21895
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When having hidden interfaces it was not possible to unhide all
in the "Manage Interfaces" dialog because prefs.capture_devices_hide
was not updated when not having any hidden interfaces.
This bug was introduced in g6eee29bf.
Change-Id: If94c2e592eea60e6f1ef1ce2107ff9b2b27c3176
Reviewed-on: https://code.wireshark.org/review/21869
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Add prefs_set_gui_theme_is_dark and call it in the WiresharkApplication
constructor. Add a set of dark syntax color defaults.
We could alternatively add a preference for the syntax foreground color,
but that would imply adding a preference for the background color as
well.
Bug: 11131
Bug: 13738
Change-Id: Iefe135ed04e63372ed434c5b9759647c9f4046e3
Reviewed-on: https://code.wireshark.org/review/21827
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The generated Ui_MainWindow::setupUi() can grow larger than our configured
limit, so turn off -Wframe-larger-than= for ui_main_window.h.
Change-Id: I550ff30ebe566b711c63f7a9d0276e5b06244407
Reviewed-on: https://code.wireshark.org/review/21866
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Matches Id45052f21ebb290bf92c201370584156a65f2e19
Change-Id: I2b097d176ec3ce0637af95d66d2f58b834c79ea2
Reviewed-on: https://code.wireshark.org/review/21783
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>