We don't do much work to do that - we don't print anything before the
first selected page, and once we're finished generating that page, we
terminate the printing process - so it shouldn't need a progress bar.
(If it needs a progress bar, We Have A Problem, as that slows down the
drawing of the dialog box.)
This should prevent the problem seen in bug 12040.
Bug: 12040
Change-Id: I129191e06fff3e1eb59a9631c7395b9e7f650809
Reviewed-on: https://code.wireshark.org/review/14255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Highlight the matching tree item and matching packet bytes when
doing a Find Packet. Added cf->search_len to correctly highlight
the matching bytes when doing a regex search.
Bug: 12157
Change-Id: I84fbdb9b43be4355e24aff3cf5f8850f1119e2bf
Reviewed-on: https://code.wireshark.org/review/14086
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support for using regular expressions in the Search Frame
when searching in packet list, packet details and packet bytes.
This search is in many cases faster than plain string search.
Change-Id: I2d8a709046f90d7b278fb39547fc4e2e420623bc
Reviewed-on: https://code.wireshark.org/review/13981
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The time column widths should not be adjusted in cf_open() because
we don’t have any packets yet and Qt resizeColumnToContents() will
not adjust any widths but emits a sectionResized() with invalid or
default values (new_width seems to always be 32). This will in some
cases (when start capturing packets) give wrong width values which
is later stored in the recent file, and the time columns may end up
narrow the next time the recent file is read.
This fix is related to the column with issues previously compensated
for in PacketList::sectionResized() (g4980d505).
Change-Id: Id3b49069fe5d2b55d608cc7a6d32fe7851369bf9
Reviewed-on: https://code.wireshark.org/review/13712
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The proto tree is needed in several cases when using Lua field extractors,
because they fetch values from the tree. Without a valid field extractor
a Lua plugin may misbehave and display wrong column info.
This fixes column issues when:
- Calling resetColumns() in Qt. This involves adding a display filter,
change time display format, change name resolution and other changes
in UI which requires column updates.
- Print summary lines.
- Export as CSV and PSML.
Change-Id: Ieed6f8578cdf2759f1f836cd8413a4529b7bbd80
Reviewed-on: https://code.wireshark.org/review/13708
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Introduce a frame_data flag "need_colorize" to indicate that coloring
rules need to be evaluated and set it for the GUI (not tshark). This
restores the original performance characteristics.
It additionally fixes a regression where the color filter name and
filter is not shown anymore in the tree (I guess it is related to the
edt->tree being NULL when re-selected, resulting in empty color_filter).
Remaining problems:
- Display filter cannot contain frame.coloring_rule.* fields. Code is
present to enable this, but then a method is needed to avoid an
expensive second calculation (which is why it is disabled).
- The columns are still not updated after coloring rule change.
- The two frame.coloring_rule fields in the tree are not updated when
the coloring rule is changed (e.g. Ctrl-1).
The last two issues were supposed to be fixed by the previous patch, but
there is probably some missing code... Tested with GTK and Qt.
Bug: 11980
Change-Id: I3ef7713b28db242e178d20f6a5f333374718b52e
Reviewed-on: https://code.wireshark.org/review/13170
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is a fix for bug 11989. This patch fixes the problem for the
GTK variant of Wireshark and matches the Qt bug reported by
bug 11810 and fixed by change 12306.
Bug: 11989
Change-Id: Ib9af8ba745394ebd31825003361ec637c45d75d6
Reviewed-on: https://code.wireshark.org/review/13152
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This also moved color.h into color_filters.h
Change-Id: Ic19e27aa1b3ec67e764aa7ee8bbef7b1187bb12e
Reviewed-on: https://code.wireshark.org/review/12831
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Update the packet bar each time we update the progress bar:
1) in the Qt UI
2) (and) in the Gtk UI if auto_scroll_live wasn't set
3) (and) even if we don't HAVE_LIBPCAP
This allows the user to watch the number of packets increasing.
(Extracted from I02c46b086f34a026b7980458f2a93d0d70cac23b.)
Change-Id: I47a7a2b0dc6da50035098ab0b0eb0d55f7484960
Reviewed-on: https://code.wireshark.org/review/12459
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A call to plugin_if_goto_frame when there is no capture file
loaded causes a protection exception in cf_goto_file. This
fix avoids that problem.
Bug: 11810
Change-Id: I7e6f31690a4b0d8d4252b41d8d438979cb253050
Reviewed-on: https://code.wireshark.org/review/12306
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When redissecting packets we call epan_free() which deallocates
wmem_file_scope memory. Such memory may be used in proto_data for
the currently selected packet (cf->edt) and leaves pointers to
deallocated memory (cf->edt->pi.fd->pfd). Free them after
epan_free() to avoid unintended usage in packet_list_clear().
Bug: 11740
Change-Id: Ia3bc54f3f34e644a98b8a7eb1addd19b8aeeaab9
Reviewed-on: https://code.wireshark.org/review/11996
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's an ancient obsolete option with a confusing name.
Change-Id: Ib10330cf859cdea18fed2077c6539e56350ef380
Reviewed-on: https://code.wireshark.org/review/11967
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of freeing cf->edt before clearing the packet list, add an extra
check to MainWindow::setMenusForSelectedTreeRow. Semi-blind attempt at
fixing bug 11719.
This reverts commit 8c211d51ef.
This reverts commit da71ccbf77.
Bug: 11719
Change-Id: Ifd07be414ffd03a40bdfa7110395c9542bd86fc4
Reviewed-on: https://code.wireshark.org/review/11943
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Added a check for a valid cf->edt before calling epan_dissect_free(),
as this will give an unintended assert.
This is related to da71ccbf77.
Change-Id: I7f7ceb1b25cfa2400063947f674df10ed6a93e9d
Reviewed-on: https://code.wireshark.org/review/11934
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This because cf->edt->pi is pointing to data allocated in
wmem_file_scope and epan_free() will free all data in wmem_file_scope.
In Qt packet_list_clear() we check and use cf->edt, which will give a
heap-use-after-free error.
Change-Id: I97d532ba976b7bc5fe2995a224ca168edf3da38b
Reviewed-on: https://code.wireshark.org/review/11803
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise we will end up calling cf_cb_file_rescan_started and cf_cb_file_rescan_finished callbacks while no capture file is available
Bug: 11552
Change-Id: Ib6fd7b13ce1b083d5f5b4e05d80152112c1451f6
Reviewed-on: https://code.wireshark.org/review/10692
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
We call cf_cb_file_rescan_{started,finished} in rescan_file. Do the same
in rescan_packets. In the Qt UI this ensures that flushVisibleRows gets
called so that packet_list_select_row_from_data works as expected.
Change-Id: I425b7beb0f97a7d5b84c979fca65b877673b4722
Reviewed-on: https://code.wireshark.org/review/10569
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add cf_cb_file_retap_started and cf_cb_file_retap_finished to file.[ch].
Add their associated signals to CaptureFile.
Add registerTapListener and removeTapListeners to WiresharkDialog, which
collect and automatically remove tap listeners. Add beginRetapPackets
and endRetapPackets, which can be used to wrap critical sections so that
we don't delete ourselves while tapping. Don't cancel tapping on close
in WiresharkDialog.
Use beginRetapPackets and endRetapPackets in WiresharkDialog and
FollowStreamDialog. We will likely need to add them elsewhere.
Update comments.
Change-Id: I1788a6ade0817c31aa3419216df96be5e36b2178
Reviewed-on: https://code.wireshark.org/review/10261
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Refactor the file merging code by removing the duplicate logic from mergecap.c
and file.c's cf_merge_files(), into a new merge_files() function in merge.c.
Also the following user-visible changes:
* Removed the '-T' encap type option from mergecap, as it's illogical for
mergecap and would complicate common merge code.
* Input files with IDBs of different name, speed, tsprecision, etc., will produce
an output PCAPNG file with separate IDBs, even if their encap types are the same.
* Added a '-I' IDB merge mode option for mergecap, to control how IDBs are merged.
* Changed Wireshark's drag-and-drop merging to use PCAPNG instead of PCAP.
Bug: 8795
Bug: 7381
Change-Id: Icc30d217e093d6f40114422204afd2e332834f71
Reviewed-on: https://code.wireshark.org/review/10058
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make pcapng decode options in an NRB during read, and store the comment
option, and write it back out as well. Also make it handle plugin handlers
for unknown options in received NRB(s).
Change-Id: I81863ef8d85cb1c8b5ba6673ba0e562efe77714f
Reviewed-on: https://code.wireshark.org/review/9723
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's a printf-like routine, so give it the right declaration. Fix
errors that this finds.
Change-Id: I7e8c100ff9e16ba89743ce744cbf548aae705b77
Reviewed-on: https://code.wireshark.org/review/9487
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ib982662db6cf68730a7d121eac60d9bc5ae67429
Reviewed-on: https://code.wireshark.org/review/9195
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
if we haven't captured any packets yet, don't display a warning about
unsaved changes
make sure that we're not running into a scenario where
MainWindow::testCaptureFileClose() tries to close the capture file at
the same time as the pipe handler who sees an eof on the pipe
cf_has_unsaved_data() should return false if we have a temporary file
that contains no packets
Change-Id: I18d75bd658b85d45dd3313d49e2cd654c6300de5
Reviewed-on: https://code.wireshark.org/review/9109
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch from a plain QProgressBar to a QFrame with a QProgressBar and a
stop button.
Add a stop_flag boolean to the capture_file struct.
To do:
- Start adding the progress bar to dialogs.
- Don't complain so loudly when the user stops a capture.
Change-Id: Iedd1d7d79f2044f1a53e4fb22186d25930a3ef03
Reviewed-on: https://code.wireshark.org/review/9029
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Plumb in more capture file callbacks. Add common functions for setting
the status bar file information. Add and update code to match the GTK+
status bar behavior.
Make sure we update the capture file length when rescanning.
Bug: 10943
Change-Id: Ie84c7a57ee421d57ba3477f8dde3847aaafa1cd1
Reviewed-on: https://code.wireshark.org/review/8594
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Bug: 6217
Change-Id: Ie4a90ff8a738d6c970d51598bf14b4b51ea069ce
Reviewed-on: https://code.wireshark.org/review/7918
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have the count in a cfile_t structure always reflect the actual number
of packets that have been read from the file, rather than, when doing a
non-update-list-of-packets-in-real-time capture, falsely increasing the
count in the cfile_t to reflect the number of packets captured but not
yet read.
Have the status bar base its captured-packet count on the count in the
capture_session structure, and base the "sorry, no packets were
captured" message on the count in the capture_session structure, as
we're no longer using the count in the cfile_t structure to count
anything in the process of a non-update-list-of-packets-in-real-time
capture.
That way, we preserve the invariant that the "frames" member of a
cfile_t will be non-null if the "count" member is non-zero, fixing bug
6217.
It also means we can get rid of cf_set_packet_count(), as we only set
the count in the capture-file-reading code.
Bug: 6217
Change-Id: I72c0e2c07c30782bad777995370b7c19e1460cc2
Reviewed-on: https://code.wireshark.org/review/7950
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I4ec48067e9ca2cbe88e1cf2e6c9dc1e382379221
Reviewed-on: https://code.wireshark.org/review/7767
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add an "Auto Scroll in Live Capture" action to the Go menu. It's in the
View menu in the GTK+ UI but it seems to make more sense as a navigation
item.
Use a timeout interval for automatic scrolling. I haven't run any tests
to see if this makes a difference but it would seem that the less
drawing we do during a high speed capture the better, particularly for
remote displays.
Update the x-stay-last icons.
Note that we might want to make prefs.capture_auto_scroll a "recent"
setting.
Mark auto_scroll_live and packet_list_check_end GTK+ only.
Bug: 10601
Co-authored-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I645d27c0814f0e4a0d5b01ae68be366847e2522d
Reviewed-on: https://code.wireshark.org/review/7292
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Have dfilter_compile() take an additional gchar ** argument, pointing to
a gchar * item that, on error, gets set to point to a g_malloc()ed error
string. That removes one bit of global state from the display filter
parser, and doesn't impose a fixed limit on the error message strings.
Have fvalue_from_string() and fvalue_from_unparsed() take a gchar **
argument, pointer to a gchar * item, rather than an error-reporting
function, and set the gchar * item to point to a g_malloc()ed error
string on an error.
Allow either gchar ** argument to be null; if the argument is null, no
error message is allocated or provided.
Change-Id: Ibd36b8aaa9bf4234aa6efa1e7fb95f7037493b4c
Reviewed-on: https://code.wireshark.org/review/6608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Wrap the capture_file struct in a QObject which translates cf_cb_* and
capture_cb_* events into signals. Move the global cfile to
capture_file.cpp.
Don't use a void pointer for the capture file struct.
Change-Id: Ic5d5efb4bb1db64aa0247245890e5669b1da723a
Reviewed-on: https://code.wireshark.org/review/5885
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Guy Harris