The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
If display filter compilation fails and the expression has a syntax
error and associated location, it will be displayed in the filter
tooltip, using a textual underline.
As far as I can tell using a graphical squiggly underline seems extremely
difficult for an object inheriting from QLineEdit, so the tooltip
textual method was used instead.
Move all the declarations of routines that are internal and
not for use by dissectors from column-utils.h column-info.h
Move the column max length defines into column-utils.h because
dissectors might need that
Since packet.h already includes column-utils.h, dissectors don't
need to include column-utils.h anymore.
Remove or downgrade a few other column header includes that are
unnecessary.
Send SIGTERM on UNIX systems to all extcap processes when user requests
capture stop. Wait up to 30 seconds for extcaps to finish. If extcaps do
not finish in time, send SIGKILL to remaining extcaps.
Do not call TerminateProcess() on Windows in the same place where UNIX
SIGTERM is sent. Instead schedule extcap termination timeout to happen
as soon as control returns back to the event loop.
There is no universally agreed replacement for SIGTERM on Windows, so
just keep things simple (forcefully terminate like always) until we
have agreed on something.
Any time an expert info is added to the Expert Info tap, the
Expert Info GUI tap listener needs to set TAP_PACKET_REDRAW.
draw_tap_listeners(FALSE) is called from MainApplication::updateTaps()
on a timer (controlled by a preference, defaulting to 3 seconds),
and that clears the Expert Info tap's need_redraw flag. The larger
a capture and the more expert infos, the more likely that the timer
can trigger while epan_dissect_run_with_taps() is still generating
more EI entries, but has already generated EIs of all severities
that are present in the capture. This prevents the expertInfoTreeView
from being redrawn at the end when the captureEvent is finished
retapping the packets.
Fix#18232. Fix#16591.
Allow conversation/endpoint tabs that include IP address and
port number to resolve either or both. Currently IP address
(network) resolution is required to resolve tcp/udp ports.
The signal attached "currentIndexChanged" takes only int as argument,
the correct signal is "currentTextChanged". This also fixes a crash
whenever you changed the visible/nonvisible setting for an interface
_WIN32 is defined by the compiler, and is arguably a more reliable
test that WIN32. Switch to checking for _WIN32 in a couple of places in
the code.
Remove a WIN32 definition from config.h. It was added for the WinPcap
developer pack but we no longer use that.
Check in both editcap and Wireshark to make sure that comments have
fewer than 65536 bytes before accepting them.
This shoudl fix#18235, although there should also be checks in
libwiretap to catch cases where the user interface code doesn't do the
check (it should be done in the UI so that the user gets notified
appropriately).
The TCP and UDP follow conversation filter functions should
only retrieve a conversation and conversation data, not
create new conversations or new stream numbers. (That should
only happen during actual packet processing.) So they should
match on the endpoint type and not look up endpoints (since
TCP and UDP don't use the endpoint API.)
They still don't work with tunneling, or any other situation where
the addresses and ports have been changed (see #18231), but this
at least works when some other protocol _has_ used the endpoint
API, and also avoids creating nonsensical streams.
Making them work properly with tunneling either requires adding
packet info to each packet with the stream information, or using
the endpoint API (after finishing it to allow more than one endpoint
on the packet, and a way of searching for endpoints other than
the most recent.)
Uncapitalize Open Source Software. Prefer the well established umbrella
term "free and open source software". Add specifics about the license
version.
Most references use an hyphen with "open-source". Do that as well.
To maintain familiarity and keep to expectations do an exact copy.
The last sentence to check the man page is an exception because it
is an addenda and recognizing that this clipboard information will
be used mostly in bug reports, it might get annoying.
Move Acknowledgements to a separate file to enable some code
simplification and improve maintenance and discoverability
for acknowlegements.
Convert the Acknowledgements file to Github flavored markdown
and display it in rich text using QTextBrowser.
Add Acknowledgements.md to NSIS installer
ISO C Std § 6.7.2, 5: "for bit-fields, it is implementation-defined
whether the specifier int designates the same type as signed int or the
same type as unsigned int." (See also the note in § 6.7.2.1 and ISO C
Std Appendix J.3.9.)
A gboolean is a typedef'd gint. Therefore, many implementations,
including gcc and clang, treat a gboolean bitfield of width 1 as
signed, meaning that it has two possible values: 0 and -1, any time
the integer promotions occur (which is all the time.) Constructs like this:
dgram_info->from_server = TRUE;
if (dgram_info->from_server == TRUE) ws_warning("True");
will not work as expected, though gcc (but not clang) will give an
error:
/home/johnthacker/wireshark/epan/dissectors/packet-quic.c:3457:37: error: comparison is always false due to limited range of data type [-Werror=type-limits]
3457 | if (dgram_info->from_server == TRUE)
|
proto_tree_add_debug_text(quic_tree, "Connection: %d %p from_server:%d", pinfo->num, dgram_info->conn, dgram_info->from_server);
Connection: 1 0x7fc4b47f2be0 from_server:0
Connection: 2 0x7fc4b47f2be0 from_server:-1
Connection: 3 0x7fc4b47f2be0 from_server:0
Connection: 4 0x7fc4b47f2be0 from_server:-1
At worst this can cause buffer overruns.
If a bitfield is desired, to guarantee expected behavior the standard
_Bool/bool should be used instead.
GLib watches and timeouts require GLib mainloop iterations. If the GLib
mainloop is not running, then GLib watches and timeouts won't trigger.
Back in the GTK+ days, then GLib mainloop was running on all systems.
Since the Qt transition, GLib mainloop only runs on Linux when Qt does
support it and environment variable QT_NO_GLIB=1 is not set.
Start polling GLib mainloop in separate thread if Qt is not running GLib
mainloop. Note that only the polling is handled in separate thread, the
dispatch and thus all user callbacks execute in the main thread.
Running GLib mainloop when needed enables full GLib functionality on all
platforms and thus allows us to simplify our code by using GLib platform
specific code.
Changes:
- audio rates are fixed, I selected common ones
- fixed signal names - they didn't matched expected autogenerated ones
- first play notification delay on Qt6 compensated
Add the text of the GPLv2 in HTML, taken from the FSF website,
and use rich text to display the license in the GUI.
Move the introductory note about the GPL from the COPYING
license text file to the README.
Remove various other license callouts at the end of the COPYING file
as unnecessary and unhelpful. This information is present in
each source file, where it belongs.
If the packetlist is navigated via the up/down keys, the viewport
may jump, if the cell that is being navigated to, has content that
is greated than what is currently displayed
Fixes#16363
In order to phase out older versions, we recommed 5.12 as a
minimum Qt version going forward. Although build support for
5.10 and 5.11 is not being removed at this point, it might
be for 4.x at a later time.
Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix#18168.
Use QtConcurrent to create and sort widget items. The dialog window is
immediately visible and usable. Search becomes available once all items
are added to the tree.
When compiled with Qt5, all items are added in bulk. Qt6 features new
QPromise interface that makes it possible to add tree items one by one.
Pass comparator function so the list gets sorted alphabetically. Without
the comparator function, the pointer values were sorted. Insert already
sorted data into tree widget and thus remove the redundant sort call.
Use std::stable_sort() instead of std::sort() as stable sort is actually
faster here. The std::stable_sort() tends to do fewer comparisons and
more moves than std::sort(). When sorting QTreeWidgetItem pointers, the
move is very low cost (only the pointer itself is moved) and string
comparison is quite heavy (especially because the strings share common
prefix).
Guy Harris