There is no need for nesting event loops when showing menus. Show menus
asynchronously to limit possibilities of hard to debug problems related
to re-entering event loop.
Make it so that "Edit->Preferences->Columns" can also set the
resolved/unresolved status of custom columns. Hide the checkbox
when the fields don't support it (including any non custom
columns.) Also make the checkbox entries in the column list model
not editable.
Fix#15394
Add a textbox to allow for filtering the traffic types
in the conversation and endpoint dialog. The current implementation
allows for an easier growth of the list entries. To ensure that
the user can find the entry he/she/they is looking for fast, add
a textbox for filtering
Not all display filters are valid for custom columns (see #15990).
Use the validation function for custom columns instead of the
display filter validation when adding or editing a custom column
through Edit->Preferences, as the Edit Column in the packet list
header already does.
Revisit this if we ever do expand the list of possible custom
columns.
Propagating the capture_file was required for a single
function as was the cast for the model. Both are not
needed, as the functionality can be either moved to
PacketListModel or was already included in PacketList
To implement loading a packet list, a lot of helper
methods are required. Those prototypes where split up
over two places and have been moved to packet_list_utils.h
to ensure a single place for lookup
conversation_dialog.h:24:15: warning: parameter 'cli_proto_id' not found in the function declaration [-Wdocumentation]
conversation_dialog.h:25:15: warning: parameter 'filter' not found in the function declaration [-Wdocumentation]
Remove unneeded row number in capture file. The packet list is
the only object that should know the correct number, propagating
it further only complicates things. At the same time, rework
cf_select_packet to select the packet based on frame_data not on
the row (which can be unreliable).
Remove duplicate functionality for jumping to packet and
remove unused function to move to the end. Furthermore
move the code for redraws of visible packets directly
into the calling code
Setting sorting enabled/disabled resorts the list. If this happens
too often, sometimes it can lead to the physical view models
not present anymore and therefore crashing.
Ping #18159
The progress frame animation is so slow, that it might not show
up on certain setups. Reduce the initial speed and duration for
the animation, which also speeds up calculations as well as dissection
as less animation has to be rendered/calculated
Instead of letting the model do the filtering and having
a bunch of exceptions in cases where columns are hidden
in between other columns, the model will present all columns
all the time, and it is the job of a top-level proxy to
filter out columns not required for current display
Set our idle dissection single-shot timer to 0, i.e. whenever the Qt
event loop can fit us in. This fixes a performance issue here with
libsinsp and doesn't appear to cause any issues otherwise.
Add a numeric address type analog to StringZ for
protocols who only use numeric values as addresses
with no further handling.
e.g. IAT protocols which only enumerate the devices
Don't require there to be at least two values in a packet for
a dissector table in order to have a combobox instead of a single
text box.
While perhaps having an editable combobox with only one drop down
option looks a bit funny, that is outweighed by the UI advantages
of being able to easily select the values that occur in the packet.
This makes it possible to change the dissector for the currently
selected packet's IP protocol or Ethertype when those are not the
last protocol layer without having to type it in manually, for
example.
Some lines in Acknowledgements are mistakenly matching the regular
expression to capture authors and email addresses, resulting in
bogus authors entries.
Stop matching authors after we reach the Acknowledgements section.
This matches the structure of the AUTHORS-SHORT file and fixes the
bogus entries.
Allow the traffic columns to automatically sort on secondary columns if
applicable. e.g. the address and port column for TCP and UDP, or the
secondary address for conversations
If a display filter had been applied during the opening
of the conversation or endpoint dialog, automatically check
the entry for "Limit to display filter" to ensure that
the filtered result is being shown, as expected by the user.
It's only necessary to check that cap_file_.capFile()->edt is
not NULL if use_stream_index is FALSE.
This prevents failure and an inaccurate error message about the
capture file being invalid when using the spinbox to cycle through
a stream when all packets are filtered out.(E.g., Follow a stream,
append to the filter looking for something, no packets match, try to
go to the next stream.)
Convert the address+port conversation code to element lists. Make our
conversation keys element lists. Document more of the conversation API.
Update the Conversation Hash Table dialog to use the new API.
Describe an alternative key type and data structure at the top of
conversation.c.
Allow the endpoint and conversation dialogs to have detachable
tabs. At the same time move the tree functionality to a subclass
to better be able to handle the context menu when detached.
Right now, still a lot of tree stuff is in the tabwidget, but
could be moved to the tree for the future
Retapping can have some side-effects and was done in
an overflowing way. Reducing the number of times retapping
is required and done, and also giving control for taps
reload to TrafficTab
Instead of instantiating CaptureFileDialog with a reference to
the filter (which means allocating a new empty QString when using
it for Save As and Export Packets, which don't use a filter), pass
the filter reference into the open and merge functions.
This plugs a memory leak that happened each time the Save As or
Export Packets dialog was created.
Allow the option to save the data from the traffic dialogs
as raw data and enable it as the default option for 4.0. The
option to display the data with pretty formatting is still
available.
The current model makes it very hard to extend the traffic tables
with new functionality. For instance, having a total view column
additionally to the normal columns when filtered.
This change removes the QTreeWidget and moves to a more generic
approach using QAbstractListModel elements.
It is implemented in thtree parts:
- ATapDataModel implements the basic collection and handling of
the tap data information, as well as updating if new data is
becoming available
- EndpointDataModel / ConversationDataModel handles the display
and representation of the data
- Implementing TrafficTab as a TabWidget which will handle the
adding/removing of new protocol tabs
Almost all the ints in tap-iostat are loop counters, numbers of columns
or rows, durations, lengths, widths, or magnitudes, all things that are
inherently unsigned. Make them unsigned.
This has the incidental effect of fixing an odd alloc-size-larger-than
error with gcc 12.1, which is afraid that if borderlen is signed that
g_malloc will somehow be called with value -1 (18446744071562067969):
Fix#18089
The Qt implicit casts from QByteArray to QString all use
size = -1, meaning to the end of the string.
This causes gcc 12.1 with -O2 to produce a very dubious stringop-overread
warning, by computing both sides of a branch even when it shouldn't:
/usr/include/qt5/QtCore/qstring.h:706:69: error: ‘size_t strlen(const char*)’ reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
706 | return fromUtf8_helper(str, (str && size == -1) ? int(strlen(str)) : size);
| ~~~~~~^~~~~
There's also a similar error with QByteArray.constData(), even though
isEmpty() should return True when the QByteArray is NULL.
(Adding isNull() prevents the warning but is redundant.)
Use DIAG_OFF and DIAG_ON to ignore the warning on GCC 12.1 and higher.
Fix#18090.
Set the row colors in the traffic dialogs to alternating for better
readibility and add a context menu option to resize the columns back
to content
Fixes#16189
Remote traffic_table_ui.? and move the JSON stuff into endpoint.
This is in preparation for larger work on both the conversation
table as well as the endpoint table, and to start using Qt code
in the UI where it should be used.
After selecting field values to be shown or not shown
residues of the former diagram may reside until the next
scroll event. This updates the viewport to trigger the
paintEvent earlier.
Fixes#17997
This is a small speedup for the ResolvedAddressesDialog. QString::arg
is a copy-by-call method as QString::append just extends the space
occupied by the string, leading to a major speed improvement.
Same goes for configuring the proxymodels first and then assigning the
data model as this will lead not to reorganization everytime
invalideFilter is being called
Windows implements so called CRT handlers, which will catch any
assertions happening inside so called crt routines and either
displays a debug dialog (Cancel, Retry, Ignore) or outright crashes
the application.
See
https://docs.microsoft.com/en-us/cpp/c-runtime-library/parameter-validation?view=msvc-170
for an explanation of the behaviour.
Now, in the current situation here, close will detect (correctly)
that the pipe it is supposed to be closing is already closed. This
happens (again correctly) because it had been closed by the extcap
application.
The change added, checks for a closed pipe first, and if so just
returns -1 (as it should) silently without calling the CRT routine,
therefore not crashing
The current situation in UatDelegate as well as PathChooserDelegate leads to issues, where Wireshark crashes if the button is clicked. This is due to the UI not correctly positioning the button inside the cell.
This change implements a widget, which will serve as cell content, handling all relations with choosing the file, but also properly handling the size and geometry of said cell content, therefore no longer leading to crashes and cleaning up code at the same time, as duplicate methods are being removed.
Fixes#17789, #17819, #18088
Display filters on Windows where broken in such a way that the file was generated with empty lines and the wrong file delimiters.
Likewise, loading the file lead to issues when the formatting was not 100% match by the plattform being used
Fixes#18082
If name resolution is enabled in the conversations and endpoints
dialogs, sort address columns by the resolved names, not by the
addresses; sorting them by address will give *very* unexpected results,
and not make it easier to look for addresses by name.
Add get_configuration_namespace() and use it in code that writes
"generated by" comments at the top of various configuration files.
Update our Logwolf colorfilters.
setTab(0) should not be required, as this belongs in the constructor as being
part of the general setup of the dialog itself. Outside code should not setup
the correct startview of the dialog.
(the problem exists in the first place, as the wrong tab may be selected via
the .ui file after editing that)
getPoints never worked in the new system therefore it is removed. SparkLineDelegate uses the underlying model to ensure the correct data being transmitted
Sparklines should display to the user, which interfaces are active
and ready for capture. Additionally it should be easy to find active
interfaces, without filtering first.
This change reorders the interface list, in order to sort active
interfaces on top, as well as hide information if no packet has been
received on that interface, to ensure that the user can find active
interfaces faster, making it easier to capture on systems where
the interfaces have very generic names.
The interface context menu has been amended to allow interfaces to be
hidden/unhidden from the main interface list as well
Skip non protocols in process_tree before calling process_node(), and
in process_node() before calling itself recursively, instead of at
the beginning of process_node(), decreaing the number of recursive
calls.
This reduces possible stack overflows in cases arising from dissectors
that call proto_item_get_parent(), which can result in many top level
non protocol items due to items not properly being faked. (#8069)
Use proto_register_is_protocol for the test instead of testing for
a name, which has not been a useful test for some time.
Add some comments about possibly wanting to skip PINOs that have
field_type FT_BYTES if they end up being toplevel items, and about
possibly wanting to descend into the tree to pick up protocols not
at the top level.
Increase the minimum required version of Qt from 5.6 to the next
LTS version, 5.9. The various Linux distributions that have not
released an update to 5.9 or later (SLES 12, Debian stretch) are
nearing end of support, and can be supported by the Wireshark 3.6 LTS
release.
Qt 5.9 requires macOS 10.0, so make that the minimum macOS version
as well.
Remove unneeded version checks (except from QCustomPlot).
Convert our conversation protocols to a dynamic list and add
add_conversation_filter_protocol(). Use it in the Falco Bridge plugin to
add protocols with conversation filters.
Use proto_registrar_is_protocol instead of directly comparing
hfinfo->parent to -1 when determining if the field info is related
to a protocol or not.
This avoids adding the special case text only field, which does not
have a parent protocol id, to the protocol hierarchy. These fields are
merely strings on the GUI tree, not actual protocols.
The same hierarchy of protocols can appear multiple times in a frame,
for example if there are multiple PDUs for a protocol that begin in
that frame. Keep track of the last frame where we incremented our
stat node and use that to only increment it once per frame.
Add a "total number of PDUs with this hierarchy" statistic and
display it as a new final column in the GUI. Update the User Guide.
In the purpose of doing this, get rid of temporary variables and
increment the ph_stats_t members directly, since we pass that
into our functions already, and thus have access to the current
packet count.
Fix#17553. Fix#18034. Fix#12565.
In conversation_filter.h, add a separate log_conv_filter_list. Use it in
register_log_conversation_filter and add conversation_filter_from_log.
It looks like we no longer use find_conversation_filter externally, so
remove it from the API.
RTP dialogs can stay opened, therefore calls of its functions are
protected by locks. There was issue that same mutex was used during
construction of the dialog and calling functions. It created possible
deadlock.
Change separates lock used for dialog creation and lock for function calls.
When function call lock is locked, new calls are ignored and warning is
printed to STDERR. Showing a dialog with warning looks too intrusive to me.
Fixes#18025
Rename LogsharkApplication to LogwolfApplication. Rename other Logshark
references in ui/qt_logshark to Logwolf. Update our CMake target and
variable names.
Rename init_progfile_dir to configuration_init. Add an argument which
specifies our configuration namespace, which can be "Wireshark"
(default) or "Logwolf".
Rename the main_window class and UIC files to wireshark_main_window and
the MainWindow class to WiresharkMainWindow. Copy wireshark_main_window
/ WiresharkMainWindow to logwolf_main_window / LogwolfMainWindow.
Remove the Wireless menu from Logwolf.
Move WiresharkApplication.{cpp,h} to MainApplication.{cpp,h}. Add back
WiresharkApplication as a thin superclass of MainApplication, similar to
LogsharkApplication. Change all of our wsApp references to mainApp. We
will likely have to change many or most of them back, but that's a
commit for another time.
Add a separate UI application named "Logshark". It's currently a very
thin superclass of Wireshark, but that will change over time. Based on
work by Loris Degioanni.
Fix
ui/qt/models/filter_list_model.cpp:299:33: warning: implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' [-Wshorten-64-to-32]
storage.move(strow, storeTo);
~~~~ ^~~~~~~
when building with Qt 5.
Fix
** (wireshark:77415) 10:53:35.149736 [GUI WARNING] -- QObject::connect: No such signal QComboBox::currentIndexChanged(QString) in ui/qt/about_dialog.cpp:352
** (wireshark:77415) 10:53:35.149760 [GUI WARNING] -- QObject::connect: (sender name: 'cmbType')
Use new-style connections everywhere in about_dialog.cpp.
Qt 5.10 added qsizetype, aka an ssize_t and Qt 6 makes extensive use of
it. Add a compatibility typedef and use it where we can. Cast it away
where we can't.
Fix
ui/qt/rtp_stream_dialog.cpp:708:26: error: 'type' is deprecated: Use typeId() or metaType(). [-Werror,-Wdeprecated-declarations]
} else if (v.type() == QVariant::String) {
^
and similar errors. Although the warnings recommend typeId() or
metaType(), userType() exists in both Qt 5 and 6 so use it instead.
Fix
ui/qt/tcp_stream_dialog.cpp:1669:31: error: 'globalPos' is deprecated: Use globalPosition() [-Werror,-Wdeprecated-declarations]
ctx_menu_.exec(event->globalPos());
^
and similar warnings.
This allows the "needs to be reloaded" indication to be set in the close
process, as is the case for ERF; having a routine that returns the value
of that indication is not useful if it gets seet in the close process,
as the handle for the wtap_dumper is no longer valid after
wtap_dump_close() finishes.
We also get rid of wtap_dump_get_needs_reload(), as callers should get
that information via the added argument to wtap_dump_close().
Fixes#17989.
Only set the Packet List scrollbar page step to be equal to the
height of the scrollbar when running on macOS. Qt on Linux and
Windows behaves different.
Add a separate menu for Strip Headers (similar to Export PDU, but exporting
to an encapsulation other than WIRESHARK_UPPER_PDU everything for
that encapsulation). Add to the usage output of tshark for the "-U"
option which encapsulation a export tap will produce.
Allow export PDU taps to be registered with a wiretap encapsulation
instead of always using WTAP_ENCAP_WIRESHARK_UPPER_PDU. This allows
creating normal capture files that aren't tied to wireshark without
having to do a "editcap -C -L -T", as well as creating files in
formats other than pcapng and pcap with tshark.
Provide a couple sample implementations in Ethernet (WTAP_ENCAP_ETHERNET)
and IP (v4 and v6, WTAP_ENCAP_RAW_IP) that are the most common use cases.
(I can imagine a few others; WTAP_ENCAP_MPEG_2_TS could probably be
useful, for example.) Fixes#15141
Calling setCurrentIndex with QItemSelectionModel::ClearAndSelect clears
the currentIndex, but not the selection, so it doesn't trigger
selectionChanged. However, highlighting depends on the selectionChanged
signal, not currentChanged(), and it's not emitted if we're still on the
same packet/row as the current selection (which can occur if searching
for something that occurs in exactly one packet in a capture.)
Since packet_list_select_row_from_data() cares about where the data
is within the packet, it needs to clear the selection. Fix#8269
Add a checkbox to the packet format group box to allow the
hexdump to only have the main frame instead of secondary data
sources as well, so that Print and Export Packet Dissections can
be used for input to text2pcap.
Apparently on Windows, if a dialog contains spaces it is not properly
opened via /select. But opening the file via QDesktopServices leads to
the file not being selected in the open explorer windows (expectation by
the user). Therefore the original change is restored, but with a
differenc call which should handle the space issue in most cases better
than before. See
https://stackoverflow.com/questions/3490336/how-to-reveal-in-finder-or-show-in-explorer-with-qt
for a short explanation (bottom of post)
Fixes#17927
inputMask populates the field with a space for each character
in the mask. Mouse people that click in the field may position
the cursor at the far right of the mask and not be able to enter
a value.
https://www.qtcentre.org/threads/7106-QLineEdit-and-input-mask
Remove the inputMask from the field definition and add a validator.
Don't use ZLib routines or data types if we're built without ZLib.
Don't support --compress-type=gzip, or a gzip check box in the Output
pane of the Capture Options dialog, if we're built without ZLib.
Fixes#17899.
g_file_open_tmp() does not set name_used unless the temp file
is successfully created (cf. to our old hand written library
pre commit 2925fb0850). Initialize it so that g_free doesn't
free a random memory location in that case, and don't use it
otherwise after failure. Fix#17828.
Since Import from Hex Dump creates a pcapng temporary file, use
the list of encapsulations we can write to pcapng instead of pcap.
In particular, this makes WTAP_ENCAP_SYSTEMD_JOURNAL possible, so make
text_import capable of writing that encapsulation by using the proper
rec_type and block. It's not clear why someone would have a binary
hex dump of this text based format, but it works.
This must match the base name of the .desktop file (without the .desktop suffix).
The implicit default is 'wireshark', which worked until the file got renamed in 42a09ad02e
Setting this is important for several desktop enviromnent features to work, for example the window icon on Plasma Wayland
In text2pcap and Import from Hex Dump, allow fake IP headers with
the appropriate versions when the Raw IP, Raw IPv4, and Raw IPv6
encapsulations are specified. In such cases, do not add a dummy
Ethernet header.
Continue to reject other encapsulations besides these, Ethernet,
and Wireshark Upper PDU when appropriate. Add some checks for the
encapsulation type in text_import as well, instead of just assuming
that the callers handle it correctly.
Move the list of encapsulation buttons to a QButtonGroup, which makes
it easy to tell which one of them is activated.
Use that to fix an issue where dummy headers impermissible for an
encapsulation type could be added if the radio button was selected
before switching the encapsulation type. (Only for encapsulations
that allow at least one type, i.e. Ethernet or Wireshark Upper PDU.)
qcustomplot.cpp:34001:37: warning: The left operand of '-' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:34001:37: warning: The right operand of '-' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:26643:9: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:27752:11: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:27779:11: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:34087:7: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:22400:17: warning: The left operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:22400:17: warning: The right operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35170:17: warning: The left operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35170:17: warning: The right operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:21229:13: warning: The left operand of '==' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:21274:13: warning: The left operand of '==' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35323:13: warning: The left operand of '==' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35349:13: warning: The left operand of '==' is a garbage value [core.UndefinedBinaryOperatorResult]
Add some default IPv6 addresses, used in place of the unspecified
address. These are unique local addresses as in RFC 4193 with
a global ID generated using the pseudo-random algorithm mentioned
therein.
Use nanosecond resolution pcapng files for "Import from Hex Dump"
by default (since we support that level of precision and that's
what text2pcap does).
Disable QAbstractItemView's alternatingRowColors in places where we have
that set. One of Wireshark's most heavily used features is packet
colorization; we use color in packet list and detail rows to convey
information. Simple alternating color rows doesn't do that, and as my
blatant appeal to authority^W^W^W^W^WEdward Tufte points out, "Strips
are merely bureaucratic or designer chartjunk; good typography can
always organize a table, no stripes needed."
https://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=0001IV
Move the parameter setup to text_import, so that later it can
be called from the GUI, including the interface name. (This has
to be a separate function because these parameters need to be
set before the call to wtap_dump_open, which is different for
regular files vs temp files vs stdout.)
Remove the '-d' option from text2pcap, and move the two levels
of debug messages in text2pcap and text_import to either
LOG_LEVEL_DEBUG or LOG_LEVEL_NOISY as appropriate.
In "Import from Hex Dump", change the control that determines
IPv4 versus IPv6 to a QComboBox, and move it into the grid of
options, in the IP option section.
Only warn about the parser getting an unexpected offset when
using OFFSET_NONE the first time. Use log warnings for subsequent
messages.
Strip off the whitespace/newline/colon from the offset when adding
it to the message, only output the offset number.
text2pcap used 10.1.1.1 and 10.2.2.2 for default IPv4 addresses,
and "Import From Hex Dump" used 1.1.1.1 and 2.2.2.2. The former
are a little bit better for defaults since they're RFC 1918
private IP addresses, so let's use them for the common code.
Add the option to use IPv6 instead of IPv4 for dummy headers,
including custom source and destination address, to the
"Import from Hex Dump" GUI box. Related to #16724
Encapsulate the feature requirements for strptime() in a
portability wrapper.
Use _GNU_SOURCE to expose strptime. It should be enough on glibc
without the side-effect of selecting a particular SUS version,
which we don't need and might hide other definitions.
Add a checkbox for the extra detection for ASCII in a hex+ASCII
hexdump even when the text looks like hexbytes to Import from Hex
Dump. Save and restore it from the settings. Work towards #16724.