When a stream index is explicitly given (as is done for items from the
Conversations statistics dialog), it does not have to query the stream
index from the packet list. Skip checking the packet list then.
Bug: 15672
Change-Id: I3f79e6a0997726535c38f9766b894b042ffbf916
Reviewed-on: https://code.wireshark.org/review/32972
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tcp.stream and udp.stream are already unsigned identifiers. An upcoming
http2.hashed_stream identifier can exercise the full unsigned 32-bit
number space, so be sure not to treat the stream identifier as signed
integer.
Change-Id: Ic5d398b2bda7eba7555e385ef3fcd44b490f78c9
Reviewed-on: https://code.wireshark.org/review/32287
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Rename the "ssl" protocol to "tls" and add an "ssl" alias. Prefer "TLS"
over "SSL" in user interface text and in the documentation.
Fix the test_tls_master_secret test while we're here.
Bug: 14922
Change-Id: Iab6ba2c7c4c0f8f6dd0f6d5d90fac5e9486612f8
Reviewed-on: https://code.wireshark.org/review/29649
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
For formats other than "Raw" and "UTF-8", the written file does not
match the actual stream data. It would be duplicated in strange ways.
Executing the "Save As" action twice while the dialog is open would also
write two different files (huh?).
As a quick fix, just replace the strange save logic by writing the text
field contents. A functional difference is that previously it would
write data while parsing the "follow data" list, now it uses the text
field contents. That data will now be truncated after 500 MB.
Bug: 14933
Change-Id: I498676389d0da3ac070346d6903bd2e6b0fc7674
Fixes: v1.11.0-rc1-2538-g80f9326b2f ("Add TCP/UDP/SSL Follow feature to QtShark")
Reviewed-on: https://code.wireshark.org/review/28663
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When switching from ASCII to other modes (such as Hex), the previous
text to packet number mapping was not cleared. This resulted in
using the wrong packet number when hovering over the packet data.
Change-Id: I29ba1786925490c33fc9181373a31d51f5091642
Reviewed-on: https://code.wireshark.org/review/28614
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reverse the payload chunks list to achieve a running time of O(n) rather
than O(n²) for insertion of all chunks. Executing a RelWithDebInfo+ASAN
build with `tshark -r chargen-session.pcapng.gz -qz follow,tcp,hex,0`
previously took 11m5s to complete, but now finishes in 16 seconds.
Tested using a capture file with 152k TCP packets (from bug 11777).
Backport note: must update ui/gtk/follow_stream.c too.
Change-Id: Icf70d45f33d4399e53209fb6199d3809608c8d99
Reviewed-on: https://code.wireshark.org/review/28595
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a WiresharkFileDialog class, which is a thin wrapper around a few
QFileDialog functions that sets per-monitor v2 DPI awareness before
showing native dialogs and resets the awareness context afterward.
Use it where we call QFileDialog::getXXX.
Change-Id: Ib711a70aa94b693a2515804a729f666ea7fbd673
Reviewed-on: https://code.wireshark.org/review/27568
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move */ to a separate line below the SPDX identifier.
Change-Id: Id1032215449cfccae0933147b45e04b65e0b727f
Reviewed-on: https://code.wireshark.org/review/27211
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the argument to the events a non-memory object
Change-Id: I46d8c24415aa2bc48b2a2d3b1fccffa6956d08b5
Reviewed-on: https://code.wireshark.org/review/26671
Reviewed-by: Roland Knall <rknall@gmail.com>
This stops the main source from being buildable by Qt 4.x
Change-Id: I61edbae04ac2b3bf0ae8ee8e09d335083945c176
Reviewed-on: https://code.wireshark.org/review/26756
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The signals related to capture events were refactored recently. Adjust
the follow stream dialogue to use the new CaptureEvent signal instead of
the now removed signal CaptureFileClosing.
Filter for context==file, event==closing in the signal handler.
Change-Id: I2d75b424fbf0a6734b0290aa205dd3d0c1ce053f
Reviewed-on: https://code.wireshark.org/review/24980
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
621498f88e fixed a crash that's caused by
closing the follow stream dialogue multiple times. Another way to get a
similar crash is to press the Back or "Filter out this stream" buttons
again while we're already about to close.
Ignore the two buttons in this case.
Change-Id: Ia8d7b3ca500db2519a784b42c0744e2527b9d5f6
Reviewed-on: https://code.wireshark.org/review/24839
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The Follow Stream dialogue's button "Filter out this stream" filters out
the stream's packets and then closes the Follow Stream dialogue. This may
take a moment. If the user presses the Close button while the filtering
is still running, the dialogue will be closed twice. This causes a crash
which can be seen in ASAN builds.
==9485==ERROR: AddressSanitizer: SEGV on unknown address 0x60205e80001b (pc 0x7f923e672b8c sp 0x7fff73104600 bp 0x7fff73104600 T0)
#0 0x7f923e672b8b in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d9b8b)
#1 0x7f924f46010b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x13f10b)
#2 0x7f924f4655ff in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1445ff)
#3 0x7f923e672dca in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d9dca)
#4 0x7f924f49ae54 in QWidgetPrivate::close_helper(QWidgetPrivate::CloseMode) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x179e54)
#5 0x55f3e249582f in FollowStreamDialog::close() /media/sf_wireshark.git/ui/qt/follow_stream_dialog.cpp:327
#6 0x55f3e236e534 in FollowStreamDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ui/qt/moc_follow_stream_dialog.cpp:155
...
SUMMARY: AddressSanitizer: SEGV ??:0 QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*)
==9485==ABORTING
Ignore the Close button if we know that we'll be closing the dialogue shortly.
Change-Id: Ibf1684fd75937e6b24fcb9ea62ae6acb038260e6
Reviewed-on: https://code.wireshark.org/review/24777
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The split isn't necessary now that epan no longer uses the capture_file
structure.
Change-Id: Ia232712a2fb5db511865805518e8d03509b2167f
Reviewed-on: https://code.wireshark.org/review/24693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have cfile-int.h declare the structure, and use it in files that
directly access the structure.
Have cfile.h just incompletely declare the structure and include it
rather than explicitly declaring it in source files or other header
files.
Never directly refer to struct _capture_file except when typedeffing
capture_file.
Add #includes as necessary, now that cfile.h doesn't drag in a ton of
Change-Id: I7931c8039d75ff7c980b0f2a6e221f20e602a556
Reviewed-on: https://code.wireshark.org/review/24686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Added new user preference 'restore_filter_after_following_stream',
defaults to false.
When true, the current display filter is restored after following a stream.
Change-Id: I153107761003658c6d7f1464711da7b3adeb60a8
Reviewed-on: https://code.wireshark.org/review/22455
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Following the move for widgets directory, moving utils
to the utils directory. Guidelines for this directory are:
- Generic use but not a widget
- Utility functionality used by many classes
Note: additionally all includes affected by this move have been changed
to absolute path includes, instead of relative ones.
Change-Id: I019ae4b6e6f6d06a5745a63ed195edbd36fb936b
Reviewed-on: https://code.wireshark.org/review/22602
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Use the model from the 2.0 branch and earlier that only "tapped" the
follow data in a single location. This fixes duplicate data for
reassembled data and handles out-of-order packets.
Bug: 12855
Change-Id: I5268f13e3c08e9271acf026b859de693ad794c94
Reviewed-on: https://code.wireshark.org/review/18368
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
... Otherwise the user will see an empty stream after the Save-As operation.
Change-Id: Ibafcb4e4b670807702a8d8a5756544471f2eccc3
Reviewed-on: https://code.wireshark.org/review/16521
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
... rather than a structure (SslDecryptedRecord) which looks (mostly) like a
follow_record_t. (The biggest different is the former carries its data in a
StringInfo while the latter uses a GByteArray.)
With this change following SSL no longer needs its own special code.
This also fixes a crash after saving a followed SSL stream (in the Qt UI).
Bug: 12616
Change-Id: Ibdb2b85f8a6a30712743a5da420be1e6b78f5b92
Reviewed-on: https://code.wireshark.org/review/16516
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Update main filter after follow stream dialog is closed - Use:
previous_filter if new 'Back' button (passed in follow() method)
filter_out_filter_ if 'Filter Out This Stream' button (built by appending !current_stream to previous_filter)
leave filter alone if window closed using Close button or window close. (current stream)
Change-Id: Ic02edeaffdc65ff0f33cac4cb9afb8cde28963c7
Reviewed-on: https://code.wireshark.org/review/16277
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
abort if it is -1
Change-Id: Ie14c18679ff74529731558d6742f63ebfb9fe97b
Reviewed-on: https://code.wireshark.org/review/15958
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an option to display the "follow" data as UTF-16.
Bug: 237
Change-Id: Id95ffc014b8ef718f3b6e9f3415806ada309c3a2
Reviewed-on: https://code.wireshark.org/review/15702
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If we don't, Save As will always fail.
(I broke this in 6a992182ce)
Change-Id: I4abfe495af3aee470331ae5464acbd7d08028bf0
Reviewed-on: https://code.wireshark.org/review/15547
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
When the user clicks Save As in the Follow Stream window, check that the
selected target file can be opened for writing. Bring up a warning box
if the file is not writable.
Change-Id: I76e67b064377dd432d3b14592f5096b99d9968c0
Reviewed-on: https://code.wireshark.org/review/15536
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefc.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Replace some function calls with their non-deprecated equivalents so
that we can remove _CRT_NONSTDC_NO_DEPRECATE from CMakeLists.txt and
config.nmake.
Leave _CRT_SECURE_NO_DEPRECATE in place. Removing it failed with 145
warnings and 72 errors.
Note that we could probably improve startup performance by using wmem
in diam_dict.*.
Change-Id: I6e130003de838aebedbdd1aa78c50de8a339ddcb
Reviewed-on: https://code.wireshark.org/review/14883
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Alas, QByteArray's constructor takes an int, not a size_t, as a size.
Explicitly cast the size down to an int.
Change-Id: Idc24b5920e8e417dd8555628d685f94224fe47e1
Reviewed-on: https://code.wireshark.org/review/14836
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make FollowStreamText a subclass of QPlainTextEdit instead of QTextEdit.
For large amounts of text, the former should be less unbearably slow
than the latter. Increase the maximum stream size to 500MB. This isn't
perfect but it's much more usable than 2MB and much easier than the next
step, which is to write our own text display widget.
Process UI events while we fill in the stream data. This gives us
behavior similar to the GTK+ UI and is similar to what we do in other
dialogs.
Switch from g_memdup+g_free to a QByteArray in the Qt UI and GByteArray
in the GTK+ UI.
Don't call readStream twice.
Make sure we free all of our stream data in the Qt UI. This fixes a
serious memory leak.
Ping-Bug: 11777
Change-Id: Ibad9bde86692ae07a80660566d1e661ab8b64601
Reviewed-on: https://code.wireshark.org/review/14271
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add GeometryStateDialog class to handle load and save dialog geometry.
The QDialog class name will be used as window name. For shared
classes the UAT name or the statistics title or abbr will be used.
Change-Id: I5a019598307fb3861518f41e733de834788184d8
Reviewed-on: https://code.wireshark.org/review/14139
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add settings to the QLineEdit context menu to use textual or regular
expression search. Use this in Follow Stream and Show Packet Bytes.
Change-Id: I3a9f5a923f616629aa40a334921871f98b518f30
Reviewed-on: https://code.wireshark.org/review/13942
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Put some extra spaces between hex and text output in follow stream
hex dump to align with the layout used in ByteViewText.
Change-Id: Ie2743ccf46a8941595580878955e96b9ada56de9
Reviewed-on: https://code.wireshark.org/review/13867
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change required because functionality is now the same between two windowing systems (Hide vs. Filter)
Change-Id: Iec321c93cfe8eefe15bb287ea3267956146255c7
Reviewed-on: https://code.wireshark.org/review/13321
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fixed code layout to use common style in the file.
Mostly whitespace changes.
Change-Id: Id37b57717a9e26248fad07322dff09b1d1f45ac2
Reviewed-on: https://code.wireshark.org/review/13504
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
No need for the GTK dependency on dissectors/packet-ipv6.h.
Add the stream_addr typedef in follow.h to make some code simpler.
Change-Id: I1cf906f58734a90263141362f2da33a140f93533
Reviewed-on: https://code.wireshark.org/review/13063
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
[KISS - Keep It Simple, Stupid]
Convert the Follow TCP functionality to use a tap from the TCP dissector that passes the tvb of the payload. This makes things A LOT simpler, but relies on the TCP dissector to make all decisions.
The "tap" logic passes tvb data
1. Before calls to process_tcp_payload
2. Before hf_tcp_segment_data fields (that aren't retransmissions or otherwise handled)
Follow up patches will be necessary to clean up all of the supporting "follow" functionality that is now useless.
Bug: 6925
Bug: 9780
Change-Id: I4e7f5d453519be839de39a109bafa899b9987139
Reviewed-on: https://code.wireshark.org/review/13038
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I23806012fc4f7f3a791e380de0c364b5825f8951
Reviewed-on: https://code.wireshark.org/review/13037
Reviewed-by: David Morsberger <dave@morsberger.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Populate packet number on follow HTTP handler.
2. Remove stream navigation (until its a little less buggy). This follows the convention of SSL which runs on top of a stream protocol (TCP), it's not a stream itself, which seems to be why its buggy.
Change-Id: Idf21be2a00a8fde0fbf16f40ca8c36a2a44b8993
Reviewed-on: https://code.wireshark.org/review/13027
Reviewed-by: David Morsberger <dave@morsberger.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3817d12e473b67e26159e1562a08169e91f51d46
Reviewed-on: https://code.wireshark.org/review/13019
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This automatically detects and decompresses HTTP along a TCP stream through the use of taps.
Bug: 3528
Change-Id: I8ab832d509700d0da8eabf3c3e514d8511c598d3
Reviewed-on: https://code.wireshark.org/review/13009
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Guy Harris