The deprecated-gtk and deprecated-gtk-todo API groups were removed last
year in g7853d0e354.
Change-Id: I9b299d54da043bbda91d639ec7c94a58f459149f
Reviewed-on: https://code.wireshark.org/review/32865
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Have cf_read_current_record() take a capture_file as an argument and
read, into its wtap_rec and Buffer for the currently-selected frame,
information for the currently-selected frame.
Rename cf_read_record_r() to cf_read_record().
That gives us 1) a routine that reads the currently-selected frame into
the wtap_rec and Buffer for the currently-selected frame and 2) a
routine that reads an arbitrary frame into the wtap_rec and Buffer
supplied to it. If you *want* the currently-selected record, use the
former, otherwise use the latter.
Change-Id: If6bd5915dd5bc18334d7b89859822a19234153a4
Reviewed-on: https://code.wireshark.org/review/32858
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For extcap boolean flags inserted into arguments hash table, the key should
be the "call" option and value should be NULL.
extcap_add_arg_and_remove_cb() takes care of NULL values by simply
omitting them from generated argument list.
ws_pipe_spawn_async() appends arguments until either:
* argument string is NULL
* argument string points directly to NULL terminator (empty string)
This bug resulted in extcap arguments being "cut off" after the first
"boolflag" present in the commandline arugments. Because arugments hash
table is unordered the actual commandline passed to extcap depended on
the order in which options were changed in extcap configuration dialog.
Bug: 15586
Change-Id: I00f136d3b627064cbfb539b3429aa5e4aef319e1
Reviewed-on: https://code.wireshark.org/review/32848
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We may or may not be working on the currently-selected packet, so
there's no reason to use read into the capture_file's wtap_rec and
Buffer for the currently-selected packet. We already have a wtap_rec of
our own, and we currently have a pointer to a raw packet data array that
we can replace with a Buffer of our own; just read into them.
Use wtap_rec_init() on the wtap_rec, rather than using its implicit
constructor - there's no guarantee that the initial values of the
structure members, as defined by C (and C++), are what we want.
Use wtap_rec_cleanup() in the destructor; it might do more than the
implied destructor (which does nothing). wtap_rec and Buffer are C
structures, so they don't get C++ constructors and destructors - we have
to use the C ones, which are explicit functions. I think there are
memory leaks that this fixes (packet comments and Buffer for the options
data, leaked when a PacketDialog window is closed).
Change-Id: Ica1d937fd00e4d2f5e4e2275bcd8edddb7a7921b
Reviewed-on: https://code.wireshark.org/review/32832
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Multicheck was introduced to make it easy to configure USBPcap to
capture only from selected devices instead of the whole Root Hub.
In GTK+ interface the multicheck enabled options featured a checkbox
next to the item entry. Displaying the checkboxes made it intuitive to
the user that the items can be checked/unchecked.
During the GTK+ to Qt transition, the checkbox idea got lost. The GTK+
interface up to its very last days did show the checkboxes.
While it is possible to select the individual devices in Qt UI and
actually have USBPcap to capture only on selected devices, it is really
unintuitive and the user simply has to know how the multicheck is
implemented to take advantage of it.
This change brings the multicheck checkboxes to Qt UI.
Ping-Bug: 13355
Change-Id: Ia677ff2222c46b9816b8dca4c47e93c72cee834f
Reviewed-on: https://code.wireshark.org/review/32813
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
path() incorrectly gives paths as /C:/Program Files/Wireshark/udpdump.html
under windows. The leading slash gives a wrong test on the file. Instead
toLocalFile() handles it correctly. isLocalFile() has been used to get if
we have a local file or a network URL. The reported bug occurred under Windows
only, but the change is compatible with Linux paths as well.
Accidentally when the test on the file was successful, nothing got called.
The routine has been reworked to open an existing local file.
Bug: 15592
Change-Id: Id6e3a91dfb4c9d20ae8cb0735eabab64caeff47f
Reviewed-on: https://code.wireshark.org/review/32772
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That way we aren't allocating memory, reading packets from a batch, and
freeing the memory for each batch of packets delivered by dumpcap; we do
the allocation when the capture starts and the freeing when it finishes.
Change-Id: If012ab865f3a99d869535ad10827ad8680c1b10c
Reviewed-on: https://code.wireshark.org/review/32766
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That way we don't do initialization, possible expansion of the buffer
from its initial size, and cleanup for every packet.
Change-Id: If967bd8f0cc65631b8b128b2c048d32ba54c8033
Reviewed-on: https://code.wireshark.org/review/32774
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move it to the capture_session structure from the info_data_t structure,
and pass it as an argument to capture_info_new_packets().
Change-Id: I822392bbf48eeb27ba9e17b73775d2fc4349bc17
Reviewed-on: https://code.wireshark.org/review/32765
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ethernet packets without the CRC are 1514 bytes long, not 1500 bytes
long; using 1514 bytes will avoid a reallocation for a full-sized
Ethernet packet.
Change-Id: Ie8da3f13bf3df07e23e4478b7dcf84f06dec6a9d
Reviewed-on: https://code.wireshark.org/review/32761
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 9445403f95.
cf_select_packet frees the buffer backing the dissection result
(cf->edt) which results in use-after-frees when callers try to access
the contents. See for example this call trace:
* PacketList::selectionChanged
* cf_select_packet(cap_file_, row)
* frameSelected(row) -> ByteViewTab::selectedFrameChanged
* addTab(source_name, get_data_source_tvb(source))
get_data_source_tvb returns the buffer that backs the dissection and
must remain valid even after dissection has completed. If this is not
done, then a possibly expensive redissection must be done in order to
populate the byte view. The temporary memory savings are not worth it.
Bug: 15683
Change-Id: Ia5ec2c7736cdebbac3c5bf46a4e2470c9236262d
Reviewed-on: https://code.wireshark.org/review/32758
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Most code that reads from a capture_file already has its own wtap_rec
and Buffer; change the remaining ones to do so as well.
Change-Id: I9b7c136642bbb375848c37ebe23c9cdeffe830c3
Reviewed-on: https://code.wireshark.org/review/32732
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it - and the routines that implement it - work more like the
seek-read routine.
Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d
Reviewed-on: https://code.wireshark.org/review/32727
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Highlight the row in packet list and proto tree when mouse hovers
above the row. This mimics the behaviour on Windows.
Change-Id: I28461f9d7740269bad39893597232fe775f77a86
Reviewed-on: https://code.wireshark.org/review/32619
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The border around inactive+selected packet list items from aaba30a3
was removed in 00776f83 and 53dfec9b. Add this back again.
Use solid color in flat_style_format, no need for a gradient between
the same color.
Remove the empty default_style_format, it does not add anything.
Ping-Bug: 12010
Change-Id: I97df7147b196c73e9f6ec4b9c370ddb6bd54488a
Reviewed-on: https://code.wireshark.org/review/32676
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Giving the pathname of a temporary file that will be deleted once TShark
exits isn't useful; just refer to "the temporary capture file".
Change-Id: I7333ac3cef4e4ae1076a5b0e3c46a04e0328d505
Reviewed-on: https://code.wireshark.org/review/32645
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes it match the "Plugins" tab of the "About" dialog.
While we're at it, use the same code to enumerate extcap plugins in that
dialog.
Change-Id: I50f402a7ab5d83d46baab070d145558ed8f688f4
Reviewed-on: https://code.wireshark.org/review/32589
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set the foreground color of an expert info item only when we set its
background color, otherwise we show black text on a dark background.
Remove an unneeded include while we're here.
Change-Id: Ibb835d26d7aa18bfb406b7820b321dc372aed599
Ping-Bug: 15511
Reviewed-on: https://code.wireshark.org/review/32534
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Inspired by looking into
https://ask.wireshark.org/question/8009/wireshark-ring-buffer-settings-from-command-line/
... in which the user was confused because a duration set on the command
line was not reflected in the GUI. That's because
I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae added the `interval` ring-buffer
option and made the GUI use this rather than `duration`. This was not at all
clear in the GUI, though.
Since `duration` and `interval` have quite different use cases, expose both in
the GUI.
Try to clean up and unify the tooltips at the same time. I'm not entirely
convinced the tooltips need to be on the checkbox, the spinbox, and the
combobox but leave it that way for now.
Add some to the man page description of the interval option to hopefully make
it clearer what the option does.
Change-Id: I3b45fe71c33af64d980dffb5e5ba93e2a15a6b96
Reviewed-on: https://code.wireshark.org/review/32526
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is a collection of routines, not a program.
Change-Id: I76296576443602b7ea016c5311e66a52a73ee941
Reviewed-on: https://code.wireshark.org/review/32491
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead, add a new T_EOF token type, call parse_token() with it when we
get an EOF, and, in parse_token(), write the current packet if we get a
T_EOF token.
That's a bit simpler, and would let us treat EOFs in different places
differently, if, for example, we want to report warnings for
half-finished packets.
Change-Id: Ie41a8a1dedf91c34300468e073f18bf806e01892
Reviewed-on: https://code.wireshark.org/review/32489
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Write out the last packet after text_import_scan() returns, if it
returned successfully, the same way that it's done in text2pcap. This
means we can get rid of the EOF rule in the lexer - the lexer just
finishes and returns 0 to text_import_scan(), which then returns a
success indication to text_import() - and make write_current_packet()
static.
Change-Id: Ibafdbe01da6bb33a213a32847f1981bc943290a1
Reviewed-on: https://code.wireshark.org/review/32486
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
capture_input_drops() doesn't, and shouldn't, modify or free or... the
interface name, so make the pointer to it a const pointer.
Change-Id: Iafc5c5dd9939225b3aeb8a8e36c5bdeecc394e12
Reviewed-on: https://code.wireshark.org/review/32465
Reviewed-by: Guy Harris <guy@alum.mit.edu>
capture_input_cfilter_error_message() doesn't, and shouldn't, modify or
free or... the error message, so make the pointer to it a const pointer.
Change-Id: Ic14ac306add328df369af4b6e149c856f4283912
Reviewed-on: https://code.wireshark.org/review/32464
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The result of sctp_stat_get_info() is only used in fillTable, so there's
no need to save it.
Make it a const pointer, to squelch warnings.
Change-Id: Icb6fd7e2f5c3c5c53f7d33509d100a0947e69369
Reviewed-on: https://code.wireshark.org/review/32460
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't modify expert_info_t's used when constructing an
ExpertPacketItem or when they're passed to the tap routine.
Change-Id: I9e6a1545ce2340091eb7c5f6a8ef5a1da675b3ab
Reviewed-on: https://code.wireshark.org/review/32456
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make sure that we always print log messages on Windows. External programs
or scripts (including our test suite) might need to see log messages
independent of our console settings.
Make sure that we always use our log handler and that its stdout /
stderr routing matches GLib's. Flush our log output, which is something
that GLib's default handler sometimes doesn't do:
https://bugzilla.gnome.org/show_bug.cgi?id=792432
Bug: 15605
Change-Id: I4b17f2cb9269b2c87c21835d82770dae93bbfa20
Reviewed-on: https://code.wireshark.org/review/32412
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If we have direction indications, flip the source and destination for
outgoing packets.
Also, generate sequence numbers for TCP.
Code lifted from text2pcap.
Bug: 15561
Change-Id: I869c45e88bf635f3277dbeeb08aff88dbfc8edef
Reviewed-on: https://code.wireshark.org/review/32383
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1) They're both required, for both strftime() and strptime(), by the
Single UNIX Specification.
2) They're both supported by MSVC's strftime(), at least as of VS 2015.
3) With MSVC, we use our own strptime(), which is based on the GNU libc
one and which supports both of them.
So we don't have to worry about them not working and either giving a
bogus value or throwing an exception or anything such as that.
Bug: 15565
Change-Id: I72b7798f35c4461855298cfcfa84732c1297d5fe
Reviewed-on: https://code.wireshark.org/review/32370
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The wireless toolbar retrieves the full list of network interfaces
every 1.5 seconds to keep its list of interfaces updated. This
not only adds unnecessary load on the system it also generates
plenty of netlink traffic. When capturing packets on nlmon
interfaces they are flooded with packets generated by Wireshark
itself making it hard to understand the traffic that's really present
on the system.
Remove the periodic interface update and instead listen to network
interface change events and update only when something has changed.
The wireless toolbar need to know all when wireless interfaces are
added/removed, not only whether an interface is 'up' or not so
iface_monitor changes were also necessary.
Bug: 15576
Change-Id: I8fb19fd919dfef1b6b35bf48790b105ecd2b60a8
Reviewed-on: https://code.wireshark.org/review/32350
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tcp.stream and udp.stream are already unsigned identifiers. An upcoming
http2.hashed_stream identifier can exercise the full unsigned 32-bit
number space, so be sure not to treat the stream identifier as signed
integer.
Change-Id: Ic5d398b2bda7eba7555e385ef3fcd44b490f78c9
Reviewed-on: https://code.wireshark.org/review/32287
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When copying from another profile which has been renamed:
show the new profile name in the info label "Created from".
When copying from another profile which is later deleted:
append "(deleted)" to the info label to indicate that the origin
profile is not in the list.
Do not show "Renamed from" when a profile name if renamed back to
it's original name.
Change-Id: I0bf0c868c5dfd150a23b2ef887e7c70030b48d05
Reviewed-on: https://code.wireshark.org/review/32201
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Throw away the old temporary filename when restart capture to create
a new temporary file. This was omitted from the previous restart
capture fix.
Change-Id: I39396d26563ec3d424161f81667864440a13e6d2
Reviewed-on: https://code.wireshark.org/review/32184
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Gerald Combs