If a packet has a comment, the Protocol Hierarchy Statistics dialog will
add its stats to a top-level "Packet comments" node instead of the
"Frame" node. Add a check for the pkt_comment protocol ID and skip over
it if we find it. Affects Wireshark 2.0, 1.12, 1.10, and probably
earlier versions.
As an alternative we could always force "Frame" to be the first item in
the tree.
Change-Id: If7cd817071caf6219515f5d8121b3a1a2c0d79a6
Reviewed-on: https://code.wireshark.org/review/13297
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This is an enhancement to allow a plugin to obtain capture file
and other status information via a simple plugin_if call
Added GTK port to this revision
Bug: 11968
Change-Id: Ibcf4e8b43c6f3b48e971fa4020a07cc273234fb8
Reviewed-on: https://code.wireshark.org/review/13103
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Adds the list of available extcaps to the plugin list in the
About dialog of Wireshark (Qt only). To do this, and additional
sentence is provided in the extcap arguments list, which allows
for additional information to be passed (as of right now, just
version and display is used)
Additionally, cleans up the code when using g_free.
Bug: 11683
Change-Id: I04a958e2b73c9a707ab1cb4f2fc8345833a854a9
Reviewed-on: https://code.wireshark.org/review/13224
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
The window titles on OS X are usually separated by Em dash,
so use this when appending prefs.gui_window_title.
Change-Id: Ice46179fc872eefc7662b42052b428eabf1b6d61
Reviewed-on: https://code.wireshark.org/review/13256
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
With support for prepend and append to the window title.
Change-Id: I2215a080b85d36ceb47495bbb94617743fc3f83e
Reviewed-on: https://code.wireshark.org/review/13031
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Remove the "permanent file" checkbox. We weren't properly checking its
value and it was extraneous. Add placeholder text about temporary files.
Move the filename above the other options. That's where it is in the
GTK+ UI and it's arguably the most important.
When capturing to multiple files the size and duration settings aren't
mutually exclusive.
Change-Id: I1da1d3524e3c2de2361050913281472a172faa3a
Reviewed-on: https://code.wireshark.org/review/13269
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change actionViewColorizeNewConversationRule to
actionViewColorizeNewColoringRule and change its text accordingly.
We're building a rule based on a general filter, not a conversation.
Change-Id: Ic408050eed6f24690e3e759e6963f9930fe4b5e9
Reviewed-on: https://code.wireshark.org/review/13266
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Call resizeColumnToContents when we fill, clear, expand, or contract
items. This make sure the horizontal scrollbar shows up instead of
eliding items.
A commonly suggested solution is to call
header()->setSectionResizeMode(QHeaderView::ResizeToContents) followed
by header()->setStretchLastSection(false). This makes the scroll bar
show up when the tree is wider than the window, but when the column is
narrower than the window we end up with unused white space on the right.
Change-Id: I5896f6048385bed27858f0ac676b29a1bf1255cd
Reviewed-on: https://code.wireshark.org/review/13265
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Introduce a frame_data flag "need_colorize" to indicate that coloring
rules need to be evaluated and set it for the GUI (not tshark). This
restores the original performance characteristics.
It additionally fixes a regression where the color filter name and
filter is not shown anymore in the tree (I guess it is related to the
edt->tree being NULL when re-selected, resulting in empty color_filter).
Remaining problems:
- Display filter cannot contain frame.coloring_rule.* fields. Code is
present to enable this, but then a method is needed to avoid an
expensive second calculation (which is why it is disabled).
- The columns are still not updated after coloring rule change.
- The two frame.coloring_rule fields in the tree are not updated when
the coloring rule is changed (e.g. Ctrl-1).
The last two issues were supposed to be fixed by the previous patch, but
there is probably some missing code... Tested with GTK and Qt.
Bug: 11980
Change-Id: I3ef7713b28db242e178d20f6a5f333374718b52e
Reviewed-on: https://code.wireshark.org/review/13170
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As the QKeySequence documentation says,
"On Mac OS X, references to "Ctrl", Qt::CTRL, Qt::Control and
Qt::ControlModifier correspond to the Command keys on the Macintosh
keyboard, and references to "Meta", Qt::META, Qt::Meta and
Qt::MetaModifier correspond to the Control keys. Developers on Mac OS
X can use the same shortcut descriptions across all platforms, and
their applications will automatically work as expected on Mac OS X."
This also applies to Qt Creator on OS X. If you assign a shortcut to an
action that contains the Control key, it will draw the ^ symbol in the
UI but will save "Meta" in the .ui file instead of "Ctrl", in the manner
of a well-meaning-but-not-helpful comedy sidekick.
This happened for the actions listed below. Replace "Meta" in their
shortcuts with "Ctrl".
- Unmark all (Ctrl+Alt+M)
- Next marked packet (Ctrl+Shift+N)
- Previous marked packet (Ctrl+Shift+B)
- Show packet times... (Ctrl+Alt+1 - Ctrl+Alt+8)
This matches the GTK+ UI on Windows and Linux, and uses the Command key
on OS X. If we really want to use the Control key everywhere we can
override the action sequences in main_window.cpp. We might want to do
this for the "mark" actions since Command+M is the standard key for
"Minimize this window".
Change-Id: I1537cee5bc27a32b505bace01c1de3703a18dd6a
Reviewed-on: https://code.wireshark.org/review/13238
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
This removes duplicates (including one incorrect duplicate), and also
means we have only one chunk_type_values[] value_string.
Change-Id: I4c3035b1cfb5c86cc7a5bf79feb9a5b0204b6dcc
Reviewed-on: https://code.wireshark.org/review/13212
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes it possible to trigger reloading Lua plugins from
within a Lua plugin. This can be used when having a plugin to
update local plugins from a external source.
Renamed reload() to reload_packets() to clarify what's reloaded,
and added a alias (marked as obsoleted) from reload().
Change-Id: I4e529992af5f651613950329e73718dbda317d2e
Reviewed-on: https://code.wireshark.org/review/13024
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change isNull checks to isEmpty. This keeps us from pushing an empty
field status and clobbering the file name in the status bar. Make sure
we do the same for other statuses.
Change-Id: I68ea669bdafc6e1177c1b8aaa07781464371de96
Reviewed-on: https://code.wireshark.org/review/13175
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In MainWindow::testCaptureFileClose() we must always stop a running
capture if closing, even if not having any packets, because
cf_close() will fail (assert) if still in progress.
This fixes an issue (crash) when closing the application with
a running capture without packets.
This also fixes restarting current capture without packets, both
with and without "Confirm unsaved capture files".
Bug: 11981
Change-Id: Id0655fcc799682a4f45c855bc2e76386dffc35a5
Reviewed-on: https://code.wireshark.org/review/13121
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Update images and describe related packets and the intelligent
scrollbar. Suggest a way to make it easier to get a screenshot of
related packets.
Change-Id: I5bf27b0c53fb62f3e567765400141a374a465e4e
Reviewed-on: https://code.wireshark.org/review/13159
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add the tap timer after validating all preferences, otherwise a zero
timeout will result in an infinite loop, visible by a splash screen that
never goes away.
Change-Id: I180a123ac2cc7774356e17f1f1d4dcaf38f252b4
Reviewed-on: https://code.wireshark.org/review/13156
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure we save the device name in capture.device. This should fix
the default device selection in the welcome screen on Windows.
Change-Id: I19337cf2813f3b5aba75228e855dad0a0f5e0f78
Reviewed-on: https://code.wireshark.org/review/13138
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make the WiresharkApplication::packetDissectionChanged →
MainWindow::redissectPackets connection queued rather than direct.
redissectPackets eventually calls update_progress_dlg, which processes
UI events.
This should keep the profile dialog from destroying itself prematurely
in a nested event loop when the user hits "OK".
Bug: 11979
Change-Id: I7276e08c1911708c3aca5ff05ab6a40bfc336add
Reviewed-on: https://code.wireshark.org/review/13134
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For CaptureFilterEdit it's possible to have an indeterminate state while
we're waiting on name resolution. Add a Busy status to SyntaxLineEdit
and set the text color to a mix of the normal foreground and background
colors (gray on most platforms).
Make the Busy state valid so that we don't have to wait on an
annoyingly-long name resolution to start capturing.
Update the global capture option filters using the main welcome capture
filter when we start a capture instead of when we've finished checking
the filter syntax.
Connect the CaptureFilterEdit returnPressed signal no matter what so
that we can start a capture by pressing return in the welcome screen
CaptureFilterEdit.
Add a fake resolution timeout to the CaptureFilterSyntaxWorker debug
code to make testing the different states easier.
Bug: 11950
Change-Id: I0cf01c0fbc0dd8065cdf5a91f1d6b224291b1ce6
Reviewed-on: https://code.wireshark.org/review/13110
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
When changing conversation types in Conversations and endpoint types
in Endpoints the tabs will be arranged alphabetically, so ensure that
the default protos also are alphabetically.
Change-Id: Ib0e8ffb744f63867e93282b7a81b1c11b0ee3dc4
Reviewed-on: https://code.wireshark.org/review/13107
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
We don't need it.
Change-Id: Idca29cbd7208c388a1f5d4e2b0131f5cfddc7896
Reviewed-on: https://code.wireshark.org/review/13096
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Copy over and adapt missing logic from the GTK+ UI which adds recent
capture filter entries when we start a capture.
Change-Id: Ifcf8b719e53727b7c269d9890731d542d1759efc
Ping-Bug: 11950
Reviewed-on: https://code.wireshark.org/review/13086
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
No need for the GTK dependency on dissectors/packet-ipv6.h.
Add the stream_addr typedef in follow.h to make some code simpler.
Change-Id: I1cf906f58734a90263141362f2da33a140f93533
Reviewed-on: https://code.wireshark.org/review/13063
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
[KISS - Keep It Simple, Stupid]
Convert the Follow TCP functionality to use a tap from the TCP dissector that passes the tvb of the payload. This makes things A LOT simpler, but relies on the TCP dissector to make all decisions.
The "tap" logic passes tvb data
1. Before calls to process_tcp_payload
2. Before hf_tcp_segment_data fields (that aren't retransmissions or otherwise handled)
Follow up patches will be necessary to clean up all of the supporting "follow" functionality that is now useless.
Bug: 6925
Bug: 9780
Change-Id: I4e7f5d453519be839de39a109bafa899b9987139
Reviewed-on: https://code.wireshark.org/review/13038
Reviewed-by: Michael Mann <mmann78@netscape.net>
Regular expressions follow the Qt Regex syntax, which is
formulated after the Perl Regex syntax. A more detailed
overview of the possible rules can be found at:
http://doc.qt.io/qt-4.8/qregexp.html
If a required option is present, even the double-click on
the interface will first start the options dialog (Qt only)
Required fields are marked bold and put first in the dialog.
Additionally if validation failes (which it will if a required
field is kept empty, but also if a non-required textfield is
violating the defined regex), the label of the field is marked
with red.
Change-Id: If04a1146d0dfa778332ab2a39122c7a6ee1e93d2
Reviewed-on: https://code.wireshark.org/review/12914
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This makes it possible to use a capture filter on an interface
with user DLTs (147-162).
Bug: 11656
Ping-Bug: 11668
Change-Id: Ie9931b27e8dc8ea239e7e04e26d0ae1cacba50c9
Reviewed-on: https://code.wireshark.org/review/12996
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If we ever need to look at the value of any field in the packet, we
should do it the way we do in the RTP analysis code, rather than walking
the entire protocol tree.
Get rid of an unnecessary extra level of indirection for the filter
string.
Change-Id: Ie95c0171da79e7f24019a3f67396f6a533959881
Reviewed-on: https://code.wireshark.org/review/13046
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead, prime the epan_dissect_t's tree to look for rtp.ssrc, and
extract that value with proto_get_finfo_ptr_array().
Also, have the filter used to check whether the packet is a candidate
for RTP analysis to check for RTPv2 (and add a check for IPv4 or IPv6
back to the Qt version), and get rid of an unnecessary extra level of
indirection for that string.
In the Qt version, if findStreams() set the error string, don't
overwrite it with a "No streams found." indication, and fix error
handling for the "filter didn't compile" case.
Change-Id: I09d0ea37ccd4806d99e3b6394f2a8a376e974705
Reviewed-on: https://code.wireshark.org/review/13045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also protect against any badly registered protocol
Bug: 11958
Change-Id: I0c03f50c2c5478a9524ad06e669510ffb5739b21
Reviewed-on: https://code.wireshark.org/review/13041
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>