Deprecated filters are still valid. Update display filter checks to make
sure we can apply them.
Bug: 11438
Change-Id: Ib5e009c070b40912434e0ffd771203ed1e1ba093
Reviewed-on: https://code.wireshark.org/review/10154
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The tap_sequence_analysis was adapted to store the protocol of each
frame. Therefore a new variable was introduced. In case of an ICMP or
ICMPv6 packet, the ICMP message type and code is retrieved. The adapted
ICMP and ICMPv6 dissector stores both values in packet info (see [1]).
In case of ICMP and ICMPv6 packets, the source and destination port is
not set or 0, respectively. Compared to that, the NetFlow service export
protocol [2] codes the ICMP message type and code into the port numbers.
The source port is zero while the destination is defined as: destination
port = ICMP type * 256 + ICMP code. This definition was implemented for
the ICMP and ICMPv6 packets.
References
[1] https://code.wireshark.org/review/10097
[2] http://www.ietf.org/rfc/rfc3954.txt
Change-Id: I07518e360975682a3f45e80cb24f82f58cfb15f0
Reviewed-on: https://code.wireshark.org/review/10098
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When fields have changed the compiled display filter may be invalid
or need a recompile to be valid.
Filters which are not valid after a recompile is set to a filter
matching no packets (frame.number == 0) to indicate that this does
no longer match anything. We should probably have a better filter
matching no packet for this purpose.
Change-Id: Id27efa9f46e77e20df50d7366f26d5cada186f93
Reviewed-on: https://code.wireshark.org/review/10123
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add the UDP multicast stream dialog. Abuse TapParameterDialog a bit more
so that we can edit parameters.
Remove some unused struct members and an unused function.
Change-Id: I962c70344e792f0959527e4bcba8a20bd7e8acf9
Reviewed-on: https://code.wireshark.org/review/10084
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move an include guard to match our conventions (and make it easier
to spot).
Change-Id: I4bad61a0194219f69217713d051e0ff53ff5a76a
Reviewed-on: https://code.wireshark.org/review/10110
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Widgets using prefs must be closed because the prefs may have
been free'd when reloading Lua plugins.
Change-Id: I4b79b7aff18d7923c77a9eb05acadc29b156edbf
Reviewed-on: https://code.wireshark.org/review/10108
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Refactor the file merging code by removing the duplicate logic from mergecap.c
and file.c's cf_merge_files(), into a new merge_files() function in merge.c.
Also the following user-visible changes:
* Removed the '-T' encap type option from mergecap, as it's illogical for
mergecap and would complicate common merge code.
* Input files with IDBs of different name, speed, tsprecision, etc., will produce
an output PCAPNG file with separate IDBs, even if their encap types are the same.
* Added a '-I' IDB merge mode option for mergecap, to control how IDBs are merged.
* Changed Wireshark's drag-and-drop merging to use PCAPNG instead of PCAP.
Bug: 8795
Bug: 7381
Change-Id: Icc30d217e093d6f40114422204afd2e332834f71
Reviewed-on: https://code.wireshark.org/review/10058
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
QString.toUtf8() returns a QByteArray object and .constData() returns
a pointer inside that object. It is not safe to store this pointer as
it will become invalid after the statement.
Change-Id: I8f54ede75577719008835038934e935cd5feba3f
Reviewed-on: https://code.wireshark.org/review/10067
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix build error:
ui/qt/packet_list_model.cpp:270:5: error: 'sort' is not a member of 'std'
std::sort(visible_rows_.begin(), visible_rows_.end(), recordLessThan);
Change-Id: I3a577a268f6c12e8fd97b7b6fd2429989c28e2f5
Reviewed-on: https://code.wireshark.org/review/10092
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
I hope it is quite right solution.
Change-Id: Ia9c883a832ddd03985eda37a9b344c4d7c8135e2
Reviewed-on: https://code.wireshark.org/review/10091
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make sure we run make-tap-reg.py on files that register tap
listeners. Make sure Qt-specific registration routines start with
register_tap_listener_qt_.
Change-Id: Idca382180f475db71e4d1965a70ae4cc2fa4f9d5
Reviewed-on: https://code.wireshark.org/review/10074
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The columns must be recreated even if no capture file is loaded
because custom columns may have reference to deregistered fields.
Change-Id: I4ed7345b3200e5af211695f1a6511ee229d5f13c
Reviewed-on: https://code.wireshark.org/review/10076
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Check for IPv4 and IPv6 multicast addresses. We might have captured on
an "any" interface, or on a PPP link, or used some other method that
doesn't result in dl_dst.type == AT_ETHER.
Change-Id: I18b0597fd432e4cec8c388a3c7d2d18ac4da0fad
Reviewed-on: https://code.wireshark.org/review/10009
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
When created, they have a reference count of 1; when added to an action
group, the reference count is increased as a pointer is held by the
action group. Release the reference we got, as we're not holding onto
it.
Also, rename "menu_item" to "menu_action", to indicate that it's an action.
Change-Id: I54543dcc2e6c3b341a9f584fe1b6099a134771b3
Reviewed-on: https://code.wireshark.org/review/10049
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also, use g_strconcat() in other places where we prepend / to action
names.
Hopefully, this will make it easier to find common code between all the
N different places where we add menus and menu items.
Change-Id: Iee876866730cada64428df17f1f3c4552cc3ac93
Reviewed-on: https://code.wireshark.org/review/10048
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Action names are expected to begin with /, so prepend a /.
Fixes the "plugin" menu mechanism (which could be used by built-in code
as well, so it's not really a "plugin" menu mechanism).
Change-Id: Ic45412399078796359649cc876d2c8bfc9a790c6
Reviewed-on: https://code.wireshark.org/review/10046
Reviewed-by: Guy Harris <guy@alum.mit.edu>
At least with kqueues, NOTE_REVOKE is delivered if the file system
containing the vnode in question is unmounted, and that gets mapped to a
change notification by QFileSystemWatcher, so the right thing should
happen.
I'm not sure whether the right thing happens on Windows.
Change-Id: I1e4c0d510f31f68d574c4d4cf20524666382930f
Reviewed-on: https://code.wireshark.org/review/10039
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Somebody asked about repeated SMB traffic when running the Qt Wireshark:
https://ask.wireshark.org/questions/45036/permanent-smb2-traffic-with-1997
and that's due to said polling. On the main desktop platforms (Windows,
OS X, Linux) we can use QFileSystemWatcher plus, on Windows and OS X,
some additional stuff to check for unmounts (and get FreeBSD as a
freebie, as it works the same as OS X), and avoid timeout-based polling.
Change-Id: I3a1d0110fedcdb442ed09c16dab4bf0cb06ca331
Reviewed-on: https://code.wireshark.org/review/10038
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Append to end and prepend to start, not the opposite.
Change-Id: Ic0e2a7f04a0d9ff18a6fd7063d0550ad35eece1a
Reviewed-on: https://code.wireshark.org/review/10027
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Changing fields in http, imf or ldap used to trigger redissect twice
because of UAT_AFFECTS_FIELDS and UAT_AFFECTS_DISSECTION.
Also changed from redrawVisiblePackets() to columnsChanged() because
fields in a custom column may have changed.
This also fixes reloading Lua plugins with Lua fields in custom columns.
Change-Id: I805a765690decbe7434dbf1c33ebd1113e23d16d
Reviewed-on: https://code.wireshark.org/review/10025
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add RpcServiceResponseTimeDialog, which handles DCE-RPC and ONC-RPC
service response time statistics. Try to make it as lightweight as
possible, since we might want to pull this into the RPC dissectors
similar to the other SRT statistics.
Allow program names on the command line in place of numbers or UUIDs. Make
matches case-insensitive. E.g. the following are equivalent:
-z rpc,srt,100003,3
-z rpc,srt,nfs,3
-z rpc,srt,NFS,3
as are the following:
-z dcerpc,srt,f5cc5a18-4264-101a-8c59-08002b2f8426,56
-z dcerpc,srt,nspi,56
-z dcerpc,srt,NSPI,56
Change-Id: Ie451c64bf6fbc776f27d81e3bc248435c5cbc9e4
Reviewed-on: https://code.wireshark.org/review/9981
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Inserting QTreeWidgetItems individually is slow. This isn't a problem if
you only have a few items but the Expert Information dialog can have
thousands. Add "packet" tree items in groups, which should be much
faster. Note that we still add "group" tree items individually since
that gives us a nice progress indicator.
While we're here, make sure we show the dialog before tapping packets.
Bug: 11439
Change-Id: I8a182f4158d078cae5f42b8d1355414197f423e1
Reviewed-on: https://code.wireshark.org/review/10000
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This is functions used when redissecting after a Lua plugins reload.
Change-Id: Ida14526faec1992006938a6732ee894ac83c2d12
Reviewed-on: https://code.wireshark.org/review/9995
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
if we don't do this, there'll be a dangling tap listener and we'll see a
crash when its reset method is called
this can be triggered by opening another expert info dialogue, this will
invoke cf_retap_packets() and reset_tap_listeners() which in turn calls
the reset method of each registered tap listener
Bug: 11432
Change-Id: I8fc13351666c875e1a3641f31bada8e80d167ab2
Reviewed-on: https://code.wireshark.org/review/9979
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This is initial support for reloading Lua plugins without
restarting the application.
Still todo:
- Deregister FileHandlers
- Support deregister ProtoField with existing abbrev (same_name_hfinfo)
- Add a progress dialog when reloading many plugins
- Search for memory leakages in wslua functions
Change-Id: I48870d8741251705ca15ffe1068613fcb0cb18c1
Reviewed-on: https://code.wireshark.org/review/5028
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Fix a couple of issues in the way we calculate the splash overlay
progress.
Avoid unnecessary repaints.
Change-Id: I1f4800b2c2836b67ca9ff3d6d24af150f4379ba9
Reviewed-on: https://code.wireshark.org/review/9916
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This will avoid slow startup when having many Lua plugins.
Change-Id: I67b5f38108a5c500682bc727734375da5fa762c8
Reviewed-on: https://code.wireshark.org/review/9910
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Convert ONC RPC program stats to the stat_tap API.
Add a "user_data" member to the stat_tap_table_item_type struct.
Change-Id: I5cbf000a447ff93d30fa7f098124bdcbc34f2935
Reviewed-on: https://code.wireshark.org/review/9904
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
As it turns out we *do* need to free table elements. We also need to
free the tables themselves and clear the table array. Do so.
Change-Id: Ic1c81388eac8f47f74caea0169c79685a83aaff9
Reviewed-on: https://code.wireshark.org/review/9901
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>