Try to improve address API and also fix some constness warnings
by not overloading the 'data' pointer to store malloc'ed buffers
(use private pointer for that instead).
Second try, now passing test suite.
Change-Id: Idc101cd866b6d4f13500c9d59da5c7a38847fb7f
Reviewed-on: https://code.wireshark.org/review/13946
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Remove mostly obsolete aclocal macros. Make GTK build flags a strict superset
of GLib flags. Use GTK build variables for GTK GUI and GLib elsewhere. Add
dependency flags explicitly instead of using WS_CPPFLAGS.
Some minor improvements and fixes for missing/unnecessary variables (no impact
on our test builds).
Change-Id: I3e1f067a875f79d6516c1fa7af986f17a7a6b671
Reviewed-on: https://code.wireshark.org/review/14005
Reviewed-by: João Valverde <j@v6e.pt>
Some only allow buffer overruns (read), others also buffer overflows
(write).
Found by looking for '\[ *N *\]' where N is 255, 0xff, 15 and 0xf (case
insensitive).
Change-Id: I250687e2fdeb8fbd5eaf0bbb8251c3dab9640760
Reviewed-on: https://code.wireshark.org/review/14034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If you include something from the wiretap directory, always precede it
with wiretap/.
Fix some includes of files in the top-level directory to use a path
relative to the current directory, not relative to the wiretap
directory.
This makes it a bit clearer what's being included.
Change-Id: Ib99655a13c6006cf6c3112e9d4db6f47df9aff54
Reviewed-on: https://code.wireshark.org/review/13990
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 13ec77a9fc.
This commit introduces a segmentation fault for Lua code (uncovered by the test suite).
Change-Id: Ibc273d1915cda9632697b9f138f0ae104d3fb65e
Reviewed-on: https://code.wireshark.org/review/13813
Reviewed-by: João Valverde <j@v6e.pt>
Try to improve 'address' API (to be easier/safer) and also avoid
some constness warnings by not overloading the 'data' pointer to
store malloc'ed buffers (use private pointer for that instead).
Change-Id: I7456516b12c67620ceadac447907c12f5905bd49
Reviewed-on: https://code.wireshark.org/review/13463
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
GNU coding standards recommend against it and automake is designed
around it.
This allows overriding the global build flags using AM_CFLAGS, etc.,
or per object flags, something that is difficult or impossible currently
because of automake precedence rules.
Change-Id: I3f1ea12e560af5a46b2f04b342b1882bbf123f12
Reviewed-on: https://code.wireshark.org/review/13455
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
This removes duplicates (including one incorrect duplicate), and also
means we have only one chunk_type_values[] value_string.
Change-Id: I4c3035b1cfb5c86cc7a5bf79feb9a5b0204b6dcc
Reviewed-on: https://code.wireshark.org/review/13212
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes it possible to trigger reloading Lua plugins from
within a Lua plugin. This can be used when having a plugin to
update local plugins from a external source.
Renamed reload() to reload_packets() to clarify what's reloaded,
and added a alias (marked as obsoleted) from reload().
Change-Id: I4e529992af5f651613950329e73718dbda317d2e
Reviewed-on: https://code.wireshark.org/review/13024
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
No need for the GTK dependency on dissectors/packet-ipv6.h.
Add the stream_addr typedef in follow.h to make some code simpler.
Change-Id: I1cf906f58734a90263141362f2da33a140f93533
Reviewed-on: https://code.wireshark.org/review/13063
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
[KISS - Keep It Simple, Stupid]
Convert the Follow TCP functionality to use a tap from the TCP dissector that passes the tvb of the payload. This makes things A LOT simpler, but relies on the TCP dissector to make all decisions.
The "tap" logic passes tvb data
1. Before calls to process_tcp_payload
2. Before hf_tcp_segment_data fields (that aren't retransmissions or otherwise handled)
Follow up patches will be necessary to clean up all of the supporting "follow" functionality that is now useless.
Bug: 6925
Bug: 9780
Change-Id: I4e7f5d453519be839de39a109bafa899b9987139
Reviewed-on: https://code.wireshark.org/review/13038
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3817d12e473b67e26159e1562a08169e91f51d46
Reviewed-on: https://code.wireshark.org/review/13019
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A "new" statistics tap UI is a statistics tap UI where the statistics
are maintained as tables and common code handles the tables; what
matters is the tables, not that it's "new".
Change-Id: I7a0e63cfac98c24cd5e7dce973b9a0cc5b6a03ba
Reviewed-on: https://code.wireshark.org/review/12897
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't return allocated memory as a const pointer.
Fixes multiple [-Wcast-qual] warnings.
Change-Id: Ie9ceac27fa2a5eba41a5392ac983ff28c3939239
Reviewed-on: https://code.wireshark.org/review/12267
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes "cast from 'const char *' to 'char *' drops const qualifier
[-Wcast-qual]", but changes the internal representation of
sid_name_table.
Change-Id: Ia853c3cf3010ea0cd1e2c975a23dd97e15be0fd6
Reviewed-on: https://code.wireshark.org/review/12157
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Be more consistent about using the ws_ routines, as we suggest in
README.developer.
In C++ on UN*X, define ws_close as ::close rather than close, so that it
works even in classes with methods or members named "close".
Change-Id: Ide2652229e6b6b4624cbddae0e909a4ea1efa591
Reviewed-on: https://code.wireshark.org/review/11637
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the ui directory.
Change-Id: I10e95e66c8da5b880133452ebc484c53046e87ba
Reviewed-on: https://code.wireshark.org/review/11199
Reviewed-by: Michael Mann <mmann78@netscape.net>
The data that describes RTP streams become invalid when packets are
re-dissected. This results in a crash in GTK when the "RTP Analyse"
option is used and and a crash in Qt when the display filter is changed
while the RTP Streams dialog is open.
Fix this by adding a tap_reset callback (modelled after mcaststream) to
the RTP tap listener that allows the GTK+ and Qt dialogs to clear the
displayed list of RTP streams.
Bug: 10016
Change-Id: I7478678db63d7ac8110c44c163844e9f66fad9e9
Reviewed-on: https://code.wireshark.org/review/10728
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix some (mostly spurious) checkapi warnings by renaming the
offending variables.
Change-Id: I7a43ac89f5ed35053a6526fa838fbad67669a49a
Reviewed-on: https://code.wireshark.org/review/10655
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
As pointed out by checkAPI.pl.
Change-Id: Ibab9b2720f3ef666b06b2b61ffc54aa23cbb01fc
Reviewed-on: https://code.wireshark.org/review/10469
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Optional filter argument wasn't correctly parsed.
Change-Id: Ic0418fa866e1a00880b4e41bb28267a155a71aa5
Reviewed-on: https://code.wireshark.org/review/10088
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add the UDP multicast stream dialog. Abuse TapParameterDialog a bit more
so that we can edit parameters.
Remove some unused struct members and an unused function.
Change-Id: I962c70344e792f0959527e4bcba8a20bd7e8acf9
Reviewed-on: https://code.wireshark.org/review/10084
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This is initial support for reloading Lua plugins without
restarting the application.
Still todo:
- Deregister FileHandlers
- Support deregister ProtoField with existing abbrev (same_name_hfinfo)
- Add a progress dialog when reloading many plugins
- Search for memory leakages in wslua functions
Change-Id: I48870d8741251705ca15ffe1068613fcb0cb18c1
Reviewed-on: https://code.wireshark.org/review/5028
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Migrate the Camel stats similar to the recent BOOTP and H.225
migrations.
Change-Id: If82617068ff4b8fa186899f66dc34a08585f66cb
Reviewed-on: https://code.wireshark.org/review/9865
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Stats were moved to the dissector in g03802cc.
Change-Id: I1aaf43789695ba3aae54cfaf201263cd0aed74ea
Reviewed-on: https://code.wireshark.org/review/9867
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The tap API changed the return type of per-packet listener callbacks
from int to gboolean back in 2009. Update a bunch of functions and some
documentation accordingly.
Change-Id: I79affe65db975caed3cc296a7e2985b7b9cdf4cc
Reviewed-on: https://code.wireshark.org/review/9853
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a FunnelStatistics class, which is the main interface between the Qt
UI and the Funnel API.
Add FunnelTextDialog, which implements the text_window, ProgDlg, menu,
and other routines. Add FunnelStringDialog, which implements dlg_new.
We currently only support "Tools" menu items (MENU_TOOLS_UNSORTED, aka
REGISTER_TOOLS_GROUP_UNSORTED). Add a disabled placeholder to the
"Tools" menu in case we don't load any scripts.
Use "struct progdlg" instead of needlessly casting to
funnel_progress_window_t.
To do:
- Add support for MENU_STAT_UNSORTED, MENU_STAT_GENERIC, etc.
- Make the firewall config generator a Lua script?
- Add FunnelGraphDialog? It seems like it would be useful to
make QCustomPlot accessible to Lua scripts.
Ping-Bug: 9845
Change-Id: Iefff02e9032ed1853666f7902509ed08b431e7a7
Reviewed-on: https://code.wireshark.org/review/9523
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I0edc3909516452e6497a050b4617f9aafcea2688
Reviewed-on: https://code.wireshark.org/review/9112
Reviewed-by: Michael Mann <mmann78@netscape.net>
A few sample tap/dissectors (ANSI/A, ANSI MAP) are also included to test the API. The "GUI output" is a bit raw and could use some "prettying up", but all the basic hooks are there.
Telephony "stat grouping" needs to be better alphabetized to properly populate menu (on GTK, probably Qt)
Change-Id: I98514171f69c4ab3a304dccb26c71d629703c9ab
Reviewed-on: https://code.wireshark.org/review/9110
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I320386b02bea09658636a9281ee3cbba34a5e4cd
Reviewed-on: https://code.wireshark.org/review/9188
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This got missed in the initial refactoring.
Change-Id: I98dcc0816e065efab9b497f753c8d2d388349ff3
Reviewed-on: https://code.wireshark.org/review/9044
Reviewed-by: Michael Mann <mmann78@netscape.net>
Very similar to the refactoring of SRT stats, it provides more commonality of the stats for all GUI interfaces. Currently implemented for TShark and GTK. Affected dissectors: MEGACO, MGCP, Radius
Change-Id: Icb73a7e603dc3502b39bf696227fcaae37d4ed21
Reviewed-on: https://code.wireshark.org/review/8998
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ic625f5a0f8e3c4d70dd04f5e3eb7100fb54027e5
Reviewed-on: https://code.wireshark.org/review/8997
Reviewed-by: Michael Mann <mmann78@netscape.net>
Create "common" SRT tap data collection intended for all GUIs. Refactor/merge functionality of existing dissectors that have SRT support (AFP, DCERPC, Diameter, FC, GTP, LDAP, NCP, RPC, SCIS, SMB, and SMB2) for both TShark and GTK.
SMB and DCERPC "tap packet filtering" were different between TShark and GTK, so I went with GTK filter logic.
CAMEL "tap packet filtering" was different between TShark and GTK, so GTK filtering logic was pushed to the dissector and the TShark tap was left alone.
Change-Id: I7d6eaad0673fe628ef337f9165d7ed94f4a5e1cc
Reviewed-on: https://code.wireshark.org/review/8894
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The 'then' statement is equivalent to the 'else' statement.
Change-Id: I9e39afed3520cd4dffee52d5e57830817a8c4399
Reviewed-on: https://code.wireshark.org/review/8846
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Change-Id: Iab2559c2bac5550987c108c6e917506fcec525e9
Reviewed-on: https://code.wireshark.org/review/8221
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The following parameters of draw_srt_table_data(srt_stat_table *rst, gboolean draw_header, gboolean draw_footer) are not documented: parameter 'draw_header', 'draw_footer'
Change-Id: Idda62f1195f08eb2272c731db663c1eca886906d
Reviewed-on: https://code.wireshark.org/review/8231
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Iddaad1ae5b80d5d10b482790c5c7a017fc94328b
Reviewed-on: https://code.wireshark.org/review/8220
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is a "refactoring part 1" of the srt stats. This first step is using the service_response_time_table for all (possible) TShark srt stats. Next step will be combining the GTK and TShark service_response_time_table, so there is more code reuse and the "shared structure names" between GTK and TShark service_response_time_table won't seem as bad.
Maybe it can even go one step farther and handle a dynamic number of columns so this refactoring can apply to all srt stats.
Change-Id: Ief28e7e55f7dbbf4f2d9bb6f1a1592b87b866137
Reviewed-on: https://code.wireshark.org/review/8210
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I66247132f00c83f35cf78cb63ea00a5ce923fddb
Reviewed-on: https://code.wireshark.org/review/8211
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 9363
Change-Id: Ic64716ef0156607ca40773cef8e76fc4a0825b3c
Reviewed-on: https://code.wireshark.org/review/8196
Reviewed-by: Michael Mann <mmann78@netscape.net>
That eliminates a redundant and confusing data type, and avoids issues
with one piece of code using e_uuid_t but wanting to use routines
expecting an e_guid_t.
Change-Id: I95e172d46d342ab40f6254300ecbd2a0530cde60
Reviewed-on: https://code.wireshark.org/review/7506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I57354c309ecf3a0c8f0c7cff485638027f30bb19
Reviewed-on: https://code.wireshark.org/review/5813
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We don't want to encourage people to add to those lists, we want to
encourage people to subtract *from* those lists (either by fixing
warnings or, if an infelicitous API, or an infelicitous declaration of
an API on some platforms, or a program generator that doesn't take
sufficient care to avoid warnings - I'm looking at *you*, Flex - makes
it impossible to fix without introducing other problems, using the
DIAG_OFF()/DIAG_ON() macros if possible). Eliminate the empty lists, to
make it harder to fill them up again.
Change-Id: I298d07952c0cb1842a4ea71ba7e07c68e94a04e9
Reviewed-on: https://code.wireshark.org/review/7229
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove extra trailing blank from output while we're at it.
Change-Id: Ie415afa76a3eaba630ee3d59b177b44de75413a4
Reviewed-on: https://code.wireshark.org/review/7046
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by MSVC2013 Code Analysis
Change-Id: I58063946dd558e98308c87b36eeac0ddbe1a6e79
Reviewed-on: https://code.wireshark.org/review/7045
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This is mostly for GUI usage, but a few dissectors needed some "non-packet scope" conversions.
val_to_str officially now uses wmem_packet_scope()
Change-Id: Ic9413eeb3406d7a7683222b86709f3675d628d81
Reviewed-on: https://code.wireshark.org/review/6933
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
val_to_str_ext now officially uses wmem_packet_scope().
Removed const from val_to_str[_ext]_wmem return value since it's not really constant.
Created utility functions in qt_ui_utils.h to help with the new memory management for its GUI.
Change-Id: Idf2ce4a4ce78d628b2269ad23a3a48fbfc9c077c
Reviewed-on: https://code.wireshark.org/review/6926
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add keyboard shortcuts. Note that not all of the buttons made it from
GTK+. Add a "Go to setup frame" option.
Move rtp_streams.c from ui/gtk to ui.
Add a help URL for RTP analysis (which needs to be split into streams +
analysis).
Fix RTP stream packet marking.
Change-Id: Ifb8192ff701a933422509233d76461a46e459f4f
Reviewed-on: https://code.wireshark.org/review/6852
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I7a40c0996517aa71b4ddb764ce3a6e92a55260ad
Reviewed-on: https://code.wireshark.org/review/6589
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also replaced comments mentioning se_alloc memory with wmem_file_scope, since it's more accurate.
It seems that many of the TShark stat taps may be leaking memory, because the hash tables created by the taps don't get a chance to be freed. Somewhat academic since TShark exits shortly after displaying any stats, but a leak none the less.
Change-Id: I8ceecbd00d65b3442dc02d720b39c2e15aa0c8a6
Reviewed-on: https://code.wireshark.org/review/6557
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most of the remaining ep_ uses are grouped with specific functionality.
Change-Id: I8fa64a17acc6bcdcf6891b2d28715ac0c58f1a4a
Reviewed-on: https://code.wireshark.org/review/6484
Reviewed-by: Michael Mann <mmann78@netscape.net>
These cases were pretty easy to identify. Also replaced some comments that referenced ep_alloced memory, when it's now in fact wmem_alloced.
Change-Id: I07d2f390a9c0b34aa2956880476755d1acf5db0a
Reviewed-on: https://code.wireshark.org/review/6392
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adjust any other ep_ related APIs related to the transition.
Change-Id: I961b371c2c4bda557e0f1817705c27eef0dae66c
Reviewed-on: https://code.wireshark.org/review/6388
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I4f1078b20f41800f72a751612703ad0d4c2ae87b
Reviewed-on: https://code.wireshark.org/review/6323
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Almost all instances require using "manual" memory management, but it gets some ep_ calls out of the GUI.
Change-Id: Ifa7303766b08d09442ccf3d7063cbe061578ecd9
Reviewed-on: https://code.wireshark.org/review/6318
Reviewed-by: Michael Mann <mmann78@netscape.net>
These "bases" will put a ".", "-", or ":" respectively between hexidecimal bytes in the field in packet view and display filter. FT_BYTES with BASE_NONE will have no separator in the packet view, but continue to have the ':' as a separator in the display filter.
Converted the "string" hf_ entries that used tvb_fc_to_str as a string to use proto_tree_add_item with FT_BYTES/BASE_DOT type.
Converted applicable tvb_bytes_to_ep_str_punct() calls to use the new BASE values.
Change-Id: I2442185bb314d04a3ff2ba57883652ecd738b5f9
Reviewed-on: https://code.wireshark.org/review/6098
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie3cda43a4cfca06482f2cee09f33230d1535b77d
Reviewed-on: https://code.wireshark.org/review/6265
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I72b557f0d12ba7a8c13288399a97ef1634121f79
Reviewed-on: https://code.wireshark.org/review/6266
Reviewed-by: Michael Mann <mmann78@netscape.net>
"stat name" has been official changed to "endpoints" for all dissectors, rather than a mixture of "host"/"endpoints" based on dissector.
Change-Id: If34bcb5165b493948e784ba038ab202803a59843
Reviewed-on: https://code.wireshark.org/review/6154
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-z "follow,udp" tshark cli command now supports a stream index
It is now possible to select the UDP stream displayed in Qt GUI (like for TCP)
Change-Id: Ia367f36ea4f60db0fddb997a7e0903c09e172f2d
Reviewed-on: https://code.wireshark.org/review/6083
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Consolidate the three different RTP stream structs in ui/rtp_stream.h,
ui/gtk/rtp_player.c, and ui/voip_calls.c into one. Make the member names
a bit more consistent. Document what each GList contains. Use nstime_t
for timestamps since that's what we get from the frame data. Use g_new0
to initialize our structs.
Change-Id: I2b3f8f2051394a6a98a5c7bc49c117f07161d031
Reviewed-on: https://code.wireshark.org/review/5843
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
I.e., presumably the intent is to dump *resolved* hosts, rather than
*unresolved* hosts where there's no known host name and the name field
is a string form of the address (the premise being that looking the
address up in the hash table repeatedly, and using the already-generated
string, will be faster than generating the string repeatedly).
Change-Id: Iad1beb1d5f9cd9ed92bad5386111cb659614ee4d
Reviewed-on: https://code.wireshark.org/review/5455
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If it ends with a comma, then, if you don't provide any parameters, you
get a "no such -z statistic" message followed by a list of available
statistics.
If it doesn't end with a comma, then, if you don't provide any
parameters *and* a parameter is required, you get a usage message, which
is more useful - and, in many of those cases, a parameter *isn't*
required.
Change-Id: I81275ea41ad4611d8210ca3cb07c09f0abde58f2
Reviewed-on: https://code.wireshark.org/review/5308
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The intent is to handle more than just command-line arguments; reflect that.
Change-Id: Ia10efda85a9d11c6579d1bec6f789cee30d9e825
Reviewed-on: https://code.wireshark.org/review/5304
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The old routine had stat_ in the name, as the expectation was that they
were for statistics taps; that's still the expectation, so have stat_ in
the data structure and routine names.
Change-Id: Ic98d011012b8641173d41fa0ec4f4e625614370a
Reviewed-on: https://code.wireshark.org/review/5303
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The intent here is to centralize more UI information so that we can move
more tap UI stuff to common code. This is a beginning.
Change-Id: Ic35ac0c01bc7b942aab88177db4065847a5e6c30
Reviewed-on: https://code.wireshark.org/review/5301
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The only place where the packet list column precision should be set is
in the code for the column precision menu item, the code for the recent
file item for that precision, and, if we were to provide it, code for a
command-line optpion to set it. It's not up to some tap to change it.
Change-Id: I547e606fb346b4c21674a66e883cbbe382055a37
Reviewed-on: https://code.wireshark.org/review/4336
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Create a TrafficTableDialog (for lack of a better name) parent class
from the general parts of ConversationDialog. Use it to create
EndpointsDialog.
Move the contents of conversation_tree_widget.{cpp,h} to
conversation_dialog.{cpp,h} to match endpoint_dialog and
traffic_table_dialog.
Fill in GeoIP columns dynamically instead of using a hard-coded limit.
Use "endp_" and "ENDP_" prefixes for a lot of endpoint variables and
defines.
Try to make geoip_db_lookup_ipv4 and geoip_db_lookup_ipv6 more robust.
Clean up some includes. Fix a shadowed variable.
Change-Id: I23054816ac7f8c6edb3b1f01c8536db37ba4122d
Reviewed-on: https://code.wireshark.org/review/3462
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also use %u instead of %d for these unsigned numbers.
Change-Id: I3d1df3bdcc3c68193b49ba8daf1dc56171356290
Reviewed-on: https://code.wireshark.org/review/3266
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
I intentionally left the fields displayed alone (so they don't exactly match Wireshark GUI), because as Guy points out in bug 6310, not sure its A Bug or A Feature. But at least all types of conversations allowed are in sync with Wireshark GUI.
Bug:6310
Change-Id: I722837df510a39dadc1f9a07a99275509516698c
Reviewed-on: https://code.wireshark.org/review/3212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
setlocale returns a statically-allocated memory which can be modified by
subsequent calls of setlocale. This triggers a heap-use-after free in
ASAN when the setlocale function is called again with the previous
pointer.
This was found when trying to use the "Show All Streams" option via
the Telephony -> RTP menu.
While at it, add some modelines
Change-Id: Ide47e877ce828734fd8c5c1b064d9c505ba2b37a
Reviewed-on: https://code.wireshark.org/review/3234
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
With tshark stats are being configured before the file gets loaded and the number of TCP streams are computed
Bug: 9541
Change-Id: I42c2891124f1781b05967d5f071ad40df2d6d9f5
Reviewed-on: https://code.wireshark.org/review/1598
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Always call $(top_srcdir)/tools/checkAPIs.pl with -sourcedir=$(srcdir)
from Makefile.am to allow out-of-source 'make checkapi'.
Change-Id: I60d7e0079984a8ededdacf4517a0738486fa7973
Reviewed-on: https://code.wireshark.org/review/1294
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ei_array is supposed to be an array of expert_entry items. However, it
was initialized of an array of expert_info_t items which is much larger.
This caused an ASAN error when running `tshark -z expert` because
expert_stat_packet wants to read past the stack.
Fix this by correcting the type. While at it, reduce the size of
expert_entry for 64-bit systems (reduces initial memory usage by 8
kilobytes) and avoid a redundant g_array_index call.
Change-Id: I2e08676a5e242743ed502dd2836806604ea75cc0
Reviewed-on: https://code.wireshark.org/review/1275
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add ep_ to routines that may return ephemeral strings.
Change "get_XXX" to "XXX_to_display" if the routine returns a formatted
string if it can't get a name.
Change-Id: Ia0e82784349752cf4285bf82788316c9588fdd88
Reviewed-on: https://code.wireshark.org/review/1217
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"get_addr_name()" -> "ep_address_to_display()", to 1) indicate that it
returns a string with ephemeral scope and 2) indicate that it maps an
address to a "displayable" form - a name if possible, an address string
if not.
"se_get_addr_name()" -> "get_addr_name()", to indicate that its strings
have the same scope as "get_ether_name()", "get_hostname()", and
"get_hostname6()".
Change-Id: If2ab776395c7a4a163fef031d92b7757b5d23838
Reviewed-on: https://code.wireshark.org/review/1216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tap-comparestat.c:321:55: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
tap-comparestat.c:321:55: note: remove the call to 'abs' since unsigned values cannot be negative
tap-comparestat.c:347:56: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
tap-comparestat.c:347:56: note: remove the call to 'abs' since unsigned values cannot be negative
Change-Id: Ice950228d844373abcbd0cdc8ea05079b8b933d0
Reviewed-on: https://code.wireshark.org/review/676
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Copyright or info about file...)
Change-Id: I90ba8b1c3ec8406b0c3365a69a8555837fc4bbb1
Reviewed-on: https://code.wireshark.org/review/515
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I1cedc611c9b7888eb671cf858c6f7819d37afba9
Reviewed-on: https://code.wireshark.org/review/219
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove or comment out dups from several value-string arrays;
Sort a number of value-string arrays;
Reformat many hf[] entries;
Remove some unneeded initializers;
Add editor-modelines;
Use consistent indentation;
Reformat whitespace.
svn path=/trunk/; revision=53968
From Deon van der Westhuysen
- Bug fix: object leak in stats_tree after a tap reset (for example apply statistics preferences with a stats_tree window open)
- Bug fix: correct sample code in README.stats_tree
- Add: slash in plug-in name now creates submenu as docs describe (was a bug?)
- Add: menu separator before the stat_tree registered plug-ins
- Add: stats_tree can now calculate averages for nodes; automatically calculated for range nodes. Add section in README.stats_tree describing averages.
- Add: stats_tree can now calculate burst rate of each node (like rate but with a shorter, sliding time window)
- Add: sorting for stats_tree plug-ins. Can sort on node name, count, average, min, max values and burst rate.
- Add: preferences for stats_tree system (default sort column, burst calc params)
- Add: stats_tree window copy to clipboard and export and plain text, csv and XML.
- Added sample of new functionality in $srcdir/plugins/stats_tree/pinfo_stats_tree.c
- Moved all stats_tree sample plug-ins to "IP Statistics" submenu.
svn path=/trunk/; revision=53657
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
the ftenum_t for the fvalue's ftype, rather than a pointer to the ftype
(which isn't all that useful except as a handle, unless you import the
internal header).
Have fvalue_to_string_repr() return NULL, rather than failing, if the
fvalue's ftype has no val_to_string_repr method.
This lets us not include the ftypes internal header in
ui/cli/tap-diameter-avp.c.
svn path=/trunk/; revision=53290
In the process, fix various man page descriptions of the -t flag,
and add support for UTC absolute times in the iousers and iostat TShark
taps.
svn path=/trunk/; revision=53114
time_t. (That also lets us not care how big a time_t is, except that we
have a not-fixable Y2.038K problem with 32-bit time_t, about which we
merely warn in a comment.)
svn path=/trunk/; revision=50502
Don't nest g_strconcat() calls: g_strconcat(a, g_strconcat(b, c, NULL), NULL)
is equivalent to g_strconcat(a, b, c, NULL). (And g_strconcat(b, c) is
incorrect - you need a NULL at the end of the list.)
Checking whether a pointer is "> 0" is useful only in platform-dependent
situations or if you're doing a really greasy hack such as stuffing a
flag into the uppermost bit of the pointer; the test should just check
whether the pointer is null or not.
svn path=/trunk/; revision=50500
- tshark -q -z io,stat,1 causes core dump for files larger than ~2MB
(with this fix it will still overflow on 32-bits for frame time > 4294s)
- In tshark's "io,stat" eliminate the unrequested "Frames and bytes" col, fix formatting, and add "Duration"
From me:
Added casts to squelch compiler warnings on win7 64bit
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8839
svn path=/trunk/; revision=50488