Reverse the payload chunks list to achieve a running time of O(n) rather
than O(n²) for insertion of all chunks. Executing a RelWithDebInfo+ASAN
build with `tshark -r chargen-session.pcapng.gz -qz follow,tcp,hex,0`
previously took 11m5s to complete, but now finishes in 16 seconds.
Tested using a capture file with 152k TCP packets (from bug 11777).
Backport note: must update ui/gtk/follow_stream.c too.
Change-Id: Icf70d45f33d4399e53209fb6199d3809608c8d99
Reviewed-on: https://code.wireshark.org/review/28595
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Changes:
- rtpstream_info_calc_t created
- rtpstream_info_calculate and rtpstream_info_calc_free functions created
- RTP code updated to use such functions
Change-Id: I1053a46cbd0cdef9d70382135da46e732b5af8b8
Reviewed-on: https://code.wireshark.org/review/28361
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Changes:
- rtpstream_id_t is introduced and its related functions. It encapsulates comparsion of two rtpstreams.
- dest_* renamed to dst_*
- src_port and dst_port are 16bits only.
- sharkd_session.c use common id functions
- IAX2 part related to RTP updated to common *id* function
Change-Id: Id38728a4e5d80363480c7ce42ff9c6eaad069686
Reviewed-on: https://code.wireshark.org/review/28340
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Changes:
- rtpstream_packet renamed to rtpstream_packet_cb to follow *_cb pattern
- variables/types used in iax2_analysis_dialog were created as copy of *rtp* ones, but names were left as *rtp* -> *iax2*
- struct _rtp_stream_info replaced with rtp_stream_info_t
- there was tap-rtp-analysis.h, but no tap-rtp-analysis.c - related content was moved from tap-rtp-common.c
- *rtp_stream* functions renamed to *rtpstream*
- renamed rtp_stream_info_t to rtpstream_info_t to follow *rtpstream* pattern.
- renamed ui/rtp_stream.c rtpstream_draw -> rtpstream_draw_cb
Change-Id: Ib11ff5367cc464ea1b0c73432bc50b0eb9cd203e
Reviewed-on: https://code.wireshark.org/review/28299
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Call maxmind_db_lookup_process() [via host_name_lookup_process()] before processing request.
It's still buggy, webshark needs a refresh to show endpoint or conversation ipmap,
but it's better than nothing.
It seems to need refresh, cause maxmind_db_lookup_ipv[46] works only for cached entries.
Also cause mmdbresolve is pipe-based, every sharkd need to have it own mmdbresolve process.
Change-Id: I3d588d1fa9e9ba645cc3d0bff3d276b202159d21
Reviewed-on: https://code.wireshark.org/review/27335
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
This puts more distance between the caller and the underlying
library. At the moment we're using libjsmn, but other libraries
(like json-glib) could be used.
Change-Id: I1431424a998fc8188ad47b71d6d95afdc92a3f9e
Reviewed-on: https://code.wireshark.org/review/27055
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert the IPv4 and IPv6 GeoIP lookups to their MaxMindDB equivalents.
Change-Id: I7f6bd697e7d4b09fdd1f4bfa17011fc6ea1aec26
Reviewed-on: https://code.wireshark.org/review/26446
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Thanks and a tip of the Hatlo hat to Visual Studio Code Analysis for
finding this one.
Change-Id: If2312ba98d1c3060e525dd8b2afe3e0ff07fb5bd
Reviewed-on: https://code.wireshark.org/review/26194
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There are no "old" versions of them that we're keeping around.
Change-Id: I3c76a14d0ec1a06df39c547da37f4dea9987df4d
Reviewed-on: https://code.wireshark.org/review/25892
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of using g_memdup(), make it more C-like.
Change-Id: Ifde75801a261f9e269391fabf323f34a4e3508ac
Reviewed-on: https://code.wireshark.org/review/25395
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
That eliminates the need for qualifier-removing casts.
Change-Id: I90728858ec43ddabf663f30258df6e9c41aa191a
Reviewed-on: https://code.wireshark.org/review/25378
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Needed on x86 windows as size_t < gint64
Change-Id: I2d5ca99c71a9f3a0138da786d10b111867337904
Reviewed-on: https://code.wireshark.org/review/25093
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Change-Id: Iced96044a8fc414d4cb1c62bcc67f61cf44c4515
Reviewed-on: https://code.wireshark.org/review/25033
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Have the routines that create them take a pointer to a struct
packet_provider_data, store that in the tvbuff data, and use it to get
the wtap from which packets are being read.
While we're at it, don't include globals.h in any header files, and
include it in source files iff the source file actually uses cfile. Add
whatever includes that requires.
Change-Id: I9f1ee391f951dc427ff62c80f67aa4877a37c229
Reviewed-on: https://code.wireshark.org/review/24733
Reviewed-by: Guy Harris <guy@alum.mit.edu>
libwireshark now expects an epan_t to be created with a pointer to a
"packet provider" structure; that structure is opaque within
libwireshark, and a pointer to it is passed to the callbacks that
provide interface names, interface, descriptions, user comments, and
packet time stamps, and that set user comments. The code that calls
epan_new() is expected to provide those callbacks, and to define the
structure, which can be used by the providers. If none of the callbacks
need that extra information, the "packet provider" structure can be
null.
Have a "file" packet provider for all the programs that provide packets
from a file.
Change-Id: I4b5709a3dd7b098ebd7d2a7d95bcdd7b5903c1a0
Reviewed-on: https://code.wireshark.org/review/24731
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add sharkd_get_frame() wrapper to limit number of cfile usage.
Don't get frame_data when not needed.
Change-Id: I24b96b5b184196e9dbf632c0891b2954c8281eed
Reviewed-on: https://code.wireshark.org/review/24728
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Embed one of those structures in a capture_file, and have a struct
epan_session point to that structure rather than to a capture_file.
Pass that structure to the routines that fetch data that libwireshark
uses when dissecting.
That separates the stuff that libwireshark expects from the stuff that
it doesn't look at.
Change-Id: Ia3cd28efb9622476437a2ce32204597fae720877
Reviewed-on: https://code.wireshark.org/review/24692
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A while back Graham pointed out the SPDX project (spdx.org), which is
working on standardizing license specifications:
https://www.wireshark.org/lists/wireshark-dev/201509/msg00119.html
Appendix V of the specification describes a short identifier
(SPDX-License-Identifier) that you can use in place of boilerplate in
your source files:
https://spdx.org/spdx-specification-21-web-version#h.twlc0ztnng3b
Start the conversion process with our top-level C and C++ files.
Change-Id: Iba1d835776714deb6285e2181e8ca17f95221878
Reviewed-on: https://code.wireshark.org/review/24302
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Follow up to having conversions use endpoint_type instead of
port_type.
Change-Id: Ifd59a33bd8b9a013c242bce5fcceb09533f02c17
Reviewed-on: https://code.wireshark.org/review/24172
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This extra parameter allows to use wireshark functionality like: prepare as filter,
and also apply quick filter in protocol tree (for instance show only TCP protocol fields: tcp.),
Change-Id: I1f380b79e3802e6aaf646fdd4770c903ee9f3781
Reviewed-on: https://code.wireshark.org/review/23837
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add extra check for token type, previously it was possible to pass for example:
{"columns":["one","two","three"]}. Such format is not supported.
Change-Id: I6ac2e3ca9eba868cd72ed886ad40745ebbc43d73
Reviewed-on: https://code.wireshark.org/review/23834
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If51cd6a7f4989fee16563809a997dc2f46f67c22
Reviewed-on: https://code.wireshark.org/review/23759
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Sequence analysis has its own "filtering" system that required its
tap functions to look for some "filter flags". register_tap_listener()
already comes with a filter argument, so use that to simplify logic
of tap functions in dissectors.
Also have Qt GUI for Flow Graph look like other dialogs that have a
"Limit to display filter" checkbox.
Change-Id: I91d9d9599309786892f5b50c98692e52651e7174
Reviewed-on: https://code.wireshark.org/review/23659
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie1b82d016b632162a91e2ed54a964662bc25e9d5
Reviewed-on: https://code.wireshark.org/review/23620
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Remove protocol member from seq_analysis_item_t.
It's not used by any GUI, so don't burden dissectors with populating it.
2. Allow any dissector to change colors display by flow graph
3. Provide helper functions that may be common if other dissectors
want to create sequence analysis.
Change-Id: I04fa3c9f3cf6879ab9a8d7d6f4896b4979d010d7
Reviewed-on: https://code.wireshark.org/review/23613
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie85295dbcfab3efe7ba05c5c9c7ae22d0c6eedec
Reviewed-on: https://code.wireshark.org/review/23572
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I17c13c274ebd31da7d7a7ebe02821cf09f77f66c
Reviewed-on: https://code.wireshark.org/review/23268
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add the cause for a syntax error while parsing UATs. Example output:
$ tshark -ouat:ssl_keys:,
tshark: Invalid -o flag "uat:ssl_keys:,": ssl_keys:1: No IP address given.
$ tshark -ouat:unknown:,
tshark: Invalid -o flag "uat:unknown:,": Unknown preference
Change-Id: I549406c4e31a81d29f487ef47bdb3c22da084947
Reviewed-on: https://code.wireshark.org/review/21748
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Michael Mann <mmann78@netscape.net>