just the framework and some simple translations
Change-Id: I7653a9c6ab26b391bfe2942d088d233996030576
Reviewed-on: https://code.wireshark.org/review/3134
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Add single-shot timers to ramp up the tap update interval and update
taps when we finish reading the capture file.
Change-Id: Ia1694b47ffd2705b6a06aa50c21e675a64aefeac
Reviewed-on: https://code.wireshark.org/review/3099
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This was started by Chris Maynard before Qt was announced and I just polished it off for inclusion in GTK version of Wireshark.
This also can be used as input into the Qt version of the Expert Info "dialog" since it hasn't been written yet. Personally I like the "template" the Qt statistics dialog has with the display filter built it. I think that would work well for the Expert Info dialog as well.
bug:1860
Change-Id: Icaada6e7900f22b0a3d97c2a5656edfd8d8c8b7f
Reviewed-on: https://code.wireshark.org/review/3035
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, capitalize "File" in the GTK+ version (it's already capitalized in
the Qt version).
Change-Id: I27eb27022930b1c0e0321cd1a1446c3b9dc1bd17
Reviewed-on: https://code.wireshark.org/review/3072
Reviewed-by: Guy Harris <guy@alum.mit.edu>
exp_pdu_file_open() isn't used outside ui/tap_export_pdu.c; make it
static.
do_export_pdu() isn't a tap routine, it's called *from* tap routines, so
its last argument doesn't need to be a generic pointer; its last
argument must be a pointer to an exp_pdu_t, so declare it as such.
Clean up comments while we're at it.
Change-Id: Iab51b54a0c272052d7876110a095f2fff66fa2c1
Reviewed-on: https://code.wireshark.org/review/3060
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, if we're reading a Windows-format file on UN*X, we handle it
the same way we'd handle a UN*X-format file.
This handles bug 10272 for the cfilter and dfilter file; there are other
configuration files that may need code changes as well.
While we're at it, don't hand non-ASCII characters to isspace().
Change-Id: I4f5efeaa938bcb2d85737ab136c3ca19ea1ddb5b
Reviewed-on: https://code.wireshark.org/review/3045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
when we delete an interface from all_ifaces, delete it from ifaces as well
remove its selected status if it was selected
at the moment, an interface that was used for capturing before will
never be removed from the list of interfaces even if it becomes
unavailable as it remains in ifaces and will be re-added to all_ifaces
in scan_local_interfaces()
new helper function capture_opts_del_iface() to delete an entry from ifaces and
free all its components
Change-Id: Ie3271a7ed086367e511d3a971f3b68cfc014115d
Reviewed-on: https://code.wireshark.org/review/2965
Reviewed-by: Evan Huus <eapache@gmail.com>
Trigger dialog creation by passing a method name to
QMetaObject::invokeMethod. I'm not entirely sure this is sane but it
seems to work OK. Move getopt processing further down in the main initialization sequence
to more closely match GTK+ and allow for stat command registration.
Change-Id: I5cd5375fa71dbadac69d528b2ba3bb13598dc3f6
Reviewed-on: https://code.wireshark.org/review/2964
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move the GTK files necessary for managing the recnet remote host from capture_dlg.c to recent.c in order to use them in QT, too.
Change-Id: I3f3fd31ce928162de08c6db7309ef2a9b1e97760
Reviewed-on: https://code.wireshark.org/review/2955
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit c5a50df51f.
Most of the change to remove "lib" seems to work, but the list of libraries to sign appears not to be in the source repository, so I can't make that step work.
Change-Id: I6ead152fc308480d02266b0f3f0caaa873caf6d2
Reviewed-on: https://code.wireshark.org/review/2973
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"libXXX" is a UN*X convention; see whether we can do without it on
Windows.
Change-Id: I03a377ed5121a8dff7a53203b34e441abffcbb85
Reviewed-on: https://code.wireshark.org/review/2968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use a QMutableListIterator instead of a foreach loop so that we can
safely remove items from a list.
While we're here, make sure that RecentFileStatus threads use a
Qt::QueuedConnection when emitting signals across threads and try to
isolate the filename string.
Change-Id: I3fbb65a1727133f4557026decab5084a3faec2d4
Reviewed-on: https://code.wireshark.org/review/2966
Reviewed-by: Gerald Combs <gerald@wireshark.org>
(named pipes added with -i <pipe name> don't have such a description)
Change-Id: I5986c607f5103b800c4353fd3cf01f24149e2e5c
Reviewed-on: https://code.wireshark.org/review/2940
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
For each displayed packet list row, save a copy of or a pointer to
column strings similar to ui/gtk/packet_list_store.c. This lets us call
epan_dissect_run only once per row.
Bug: 9511
Change-Id: I17e8ebeb5ed70518c9047413c3b2a46f01e904ef
Reviewed-on: https://code.wireshark.org/review/2752
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With autotools, CMake, and nmake, if we have a function, #define
HAVE_{function_name_in_all_caps}, otherwise don't #define it.
If we provide our own version of a function in libwsutil, make sure we
have a header that declares it, and *ONLY* include that header if
HAVE_{function_name_in_all_caps} is *NOT* defined, so that we don't have
the system declaration and our declaration colliding.
Check for inet_aton, strncasecmp, and strptime with CMake, just as we do
with autotools.
Simplify the addition of {function_name_in_all_caps}_LO to libwsutil in
autotools.
Change-Id: Id5be5c73f79f81919a3a865324e400eca7b88889
Reviewed-on: https://code.wireshark.org/review/2903
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some of those routines are used only in dumpcap; others are used in
TShark and Wireshark as well.
Change-Id: I9d92483f2fcff57a7d8b6bf6bdf2870505d19fb7
Reviewed-on: https://code.wireshark.org/review/2841
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The groups are, technically, independent of the notion of a menu, and,
if we have mechanisms by which taps that are not only GUI
toolkit-independent but independent of the *existence* of a GUI can be
registered, they might want to register themselves in a group just in
case they're running in a program that has a GUI.
Also, this might fix the Debian package build.
Change-Id: I29435681e79748fd4f2e0c5ac872cd11f831d172
Reviewed-on: https://code.wireshark.org/review/2830
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's no longer used in version_info.c, but is used in the main source
files of TShark and Wireshark (it's already included in dumpcap).
Change-Id: I2169a2bbed678baf26fc8711d7c13d95cce3ee2a
Reviewed-on: https://code.wireshark.org/review/2819
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The routines to get libpcap version information just say "no pcap here"
if we don't have it, so they're called regardless of whether we were
compiled with it.
Change-Id: I4e58cce83f7c0e36aa6ef9b40ec7075732402f3b
Reviewed-on: https://code.wireshark.org/review/2800
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have --version print the version number, the copyright information, the
"compiled with" information, the "running on/with" information, and the
compiler information.
Have --help print the version number, a one-line summary of what the
program does, a reference to http://www.wireshark.org for more
information, a Usage: line, and a list of command-line options.
This means programs doing that don't need to include version.h; that's
left up to get_ws_vcs_version_info() to do.
Change-Id: Idac641bc10e4dfd04c9914d379b3a3e0cc5ca8cb
Reviewed-on: https://code.wireshark.org/review/2794
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only print to the standard output, and only give the version
information, if a "print help" command-line option is specified.
Otherwise, leave out the version information, and print to the standard
error.
Leave out the copyright information; it's extra cruft, and
http://www.gnu.org/prep/standards/html_node/_002d_002dhelp.html
doesn't say anything about it (and bash, at least, doesn't print it).
Change-Id: Ic5029ccf96e096453f3bd38383cc2dd355542e8a
Reviewed-on: https://code.wireshark.org/review/2789
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For Wireshark, say "Wireshark", not "wireshark".
For other programs, put "(Wireshark)" after the program name, as per
http://www.gnu.org/prep/standards/html_node/_002d_002dversion.html
("If the program is a subsidiary part of a larger package, mention the
package name in parentheses, like this").
Change-Id: I68558f64cfa6ee4423e42f3d6b120633ef1b2716
Reviewed-on: https://code.wireshark.org/review/2788
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need to do the right __attribute__ magic ourselves; GLib does
it for us.
Change-Id: Id31943a8413f0272237be4f868659b5bd5e70626
Reviewed-on: https://code.wireshark.org/review/2758
Reviewed-by: Guy Harris <guy@alum.mit.edu>
to copy the rquired Qt files into the runtime directory
Qt 5.2 is broken as windeployqt doesn't take the required --release flag
Also fix the passing of GCC_DLL and GPGERROR_DLL into config.pri so
that the Qt build copies the required files instead of the entire
gnutls bin dir twice (the variables expanded to nothing).
Add support for autodetection of Qt 5.3.0 with msvc2013
Change-Id: I1e9c70a5ff5d1fdfdce88ba15d324f1899c8129c
Reviewed-on: https://code.wireshark.org/review/2734
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make some arguments and structure members gsize, as that's what stored
into them or passed to them. (And move a newly-widened-on-LP64 item, to
avoid extra structure padding.)
Add a cast, which also appears necessary to squelch a warning.
Clean up indentation while we're at it.
Change-Id: I0cc92e7d2904c5af1f3f3d93f51b6ecb3aed464d
Reviewed-on: https://code.wireshark.org/review/2741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Get credential information and drop privileges *very* early on. Get the
pathname of the executable right after that, then initialize the 802.11
decryption, then, on Windows, load WinPcap and, if available, AirPcap.
*Then* we can get the version information and set the crash information.
We should drop privileges as early as possible.
We have to load WinPcap and AirPcap before getting the run-time
information, as the run-time information includes the *pcap versions.
Change-Id: Ib40e5a848cc7f42fcb424faa15a91868eaa0b9a4
Reviewed-on: https://code.wireshark.org/review/2733
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no reason to do it only on Windows - and, in fact, the only
platform where we currently do anything with the information is OS X.
Every other program in the Wireshark suite that does it at all does it
on all platforms.
Change-Id: I8ab29fd86656dd44322991d0d7263c6bb4fcd425
Reviewed-on: https://code.wireshark.org/review/2730
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move the routines to parse numerical command-line arguments there.
Make cmdarg_err() and cmdarg_err_cont() routines in wsutil that just
call routines specified by a call to cmdarg_err_init(), and have
programs supply the appropriate routines to it.
Change-Id: Ic24fc758c0e647f4ff49eb91673529bcb9587b01
Reviewed-on: https://code.wireshark.org/review/2704
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes reversing the list back and forth to keep adding data
at O(n) complexity obsolete.
Bug: 9696
Change-Id: Ice77328b8f6c5bf72bbfcfd82e08d09d4f986d3f
Reviewed-on: https://code.wireshark.org/review/2571
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Tested-by: Balint Reczey <balint@balintreczey.hu>
Add SIP Flows menu option beside VoIP Calls.
Flow for all SIP message types (which have a call-id) is shown in SIP Flow.
Add useful info(original flow method, response code, cseq) to comment field in conversation and flow dialogs.
Change-Id: I4801a633ed9b6594b2d89629c9d6fec6352da150
Reviewed-on: https://code.wireshark.org/review/2479
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: James Coleman <gaoithe@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 9460
Change-Id: I80d991053eb47b8650561e8af4cc8dec512e2c9c
Reviewed-on: https://code.wireshark.org/review/2619
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This pulls some stuff out of the top-level directory, and means we don't
have to build them once for every program using them.
Change-Id: I37b31fed20f2d5c3563ecd2bae9fd86af70afff5
Reviewed-on: https://code.wireshark.org/review/2591
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, the code that constructs the runtime version string doesn't
itself have to call libpcap and libz, and could be usable in programs
that don't call them.
While we're at it, add "with" to the run-time version information for
GnuTLS and libgcrypt, to match the compile-time version information, and
add the version information from libwireshark to TShark.
Change-Id: I3726a027d032270b032292da9314c1cec535dcd2
Reviewed-on: https://code.wireshark.org/review/2587
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a routine get_ws_vcs_version_info() that, for builds from a tree
checked out from Wireshark's version control system, returns a string
that includes both the Wireshark version number and an indication of
what particular VCS version was checked out, and just returns
Wireshark's version number for other builds.
Use that routine rather than manually gluing VERSION and the Git version
number together.
("vcs", not "git", just in case we do something bizarre or mercurial
some day. :-))
Change-Id: Ie5c6dc83b9d3f56655eaef30fec3ec9916b6320d
Reviewed-on: https://code.wireshark.org/review/2529
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's Windows-specific, so name it appropriately.
Change-Id: Ic518cbfabebf95757f6b308a4d547a6cabed6a5e
Reviewed-on: https://code.wireshark.org/review/2528
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This mean we also have to move CFString_to_C_string() there for OS X.
Change-Id: Ic91ad872e9d5290cf34f842503ededd5452e4337
Reviewed-on: https://code.wireshark.org/review/2511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The files that use LONGOPT_CAPTURE_COMMON and OPTSTRING_CAPTURE_COMMON
include capture_opts.h unconditionally, so there's no need to define
them if we don't have pcap. In addition, we want the capture options
"available" even if we don't have pcap, so we can tell the user "you're
using a version of *shark without pcap, but you gave a capture option".
Change-Id: I0bd3893b73d3d903610d0bc6cacb60bfb37096f4
Reviewed-on: https://code.wireshark.org/review/2503
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, simplify the #ifdefs and #defines in capture_opts.h -
don't do the same tests twice.
Change-Id: I2079167f31789470ef77120054d769d5914745e3
Reviewed-on: https://code.wireshark.org/review/2496
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No capturing, no capture options.
Change-Id: I0023184b9c358d5876f19a098590f34d641c8649
Reviewed-on: https://code.wireshark.org/review/2493
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The names match tcpdump trunk's names for the corresponding options.
Also have capture_opts.h provide a #define for the part of the short
option string that corresponds to the capture short options that all our
programs that take capture short options take (those are largely the
ones we have in common with tcpdump).
Change-Id: Ia209425959c801725850b56a7d63441ee99b5001
Reviewed-on: https://code.wireshark.org/review/2492
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also, make the convention for long-only options be that their
case-statement values start at 128, so they avoid colliding with any
ASCII code points, including control characters.
Make the tables of long options "static const" while we're at it, and
get rid of unnecessary casts.
Change-Id: I55702a85e9bc078b1cd0f2803ebb68a710405bab
Reviewed-on: https://code.wireshark.org/review/2491
Reviewed-by: Guy Harris <guy@alum.mit.edu>
64-bit, and was being fetched that way - but not stored that way - leading to some very strange
(and large) values.
Change-Id: I2235ae7f1bab7f48f99afac70109a7d8f9b38e2b
Reviewed-on: https://code.wireshark.org/review/2468
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Set initialize position to center on parent
bug: 3817
Change-Id: Iad48aa762d892908d50f742606160c8305084f48
Reviewed-on: https://code.wireshark.org/review/2459
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Tested-by: Balint Reczey <balint@balintreczey.hu>
Change-Id: Ibd2fa6c791253e4dbac9a21532e894db3327ce57
Reviewed-on: https://code.wireshark.org/review/2465
Reviewed-by: Michael Mann <mmann78@netscape.net>
ws_gtk_grid_attach_extended() to do the heavy lifting.
Change-Id: I1c9d12556857196f53fadbce70f206a3cc41f7a5
Reviewed-on: https://code.wireshark.org/review/2433
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
bug: 10204
Change-Id: Ie21cc07b0ac9a56648ec72062ce58a1ac800318e
Reviewed-on: https://code.wireshark.org/review/2420
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove some dependencies on having an open capture file.
Change-Id: Iad5d03e0a45ed31c83781861ef1ed7fdeb92e4a5
Reviewed-on: https://code.wireshark.org/review/2352
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Several header file references in .ui files needed to be changed to not
be global, and the path to stats_tree_dialog.ui needed a "../qt" path
prepended to be found from the build...-Release directory.
Change-Id: I51c0bb15eed706f483085020ce2b3cea3c1cdc95
Reviewed-on: https://code.wireshark.org/review/2281
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Move visibility to its own method and call it when we show ourselves and
when we thaw.
Change-Id: I936cd33e5ccabddb32061ea347a465ac12f1be87
Reviewed-on: https://code.wireshark.org/review/2289
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also remove that function as it is now unused.
Fix what appeared to be a memory leak in the manual address resolution dialog
while in the neighbourhood.
Change-Id: I75128ab0f95e5a7673f92bfeea45191f00581c25
Reviewed-on: https://code.wireshark.org/review/2244
Reviewed-by: Michael Mann <mmann78@netscape.net>
Show the addresses as a tooltip in capture interfaces.
Change-Id: I911784e09ed9479229a7d6f8a7f1476e2e1e6224
Reviewed-on: https://code.wireshark.org/review/2155
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
I'm guessing that GCC is complaining because "device" isn't guaranteed
to be set (if there are no interfaces, the body of the loop will never
be executed), so do with the list of link-layer header types what's done
for the buffer size and snapshot length.
But should the column-setting code be executed if the interface isn't
found?
Change-Id: I8c365a482b8af44cdd1c1a7f41ca611141387c86
Reviewed-on: https://code.wireshark.org/review/2180
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- allow to change the interface options in the table
- save the options to preferences when the dialog is left
- add a field for setting a capture filter for all selected interfaces
- add a "Compile BPF" button and a window to show the compiled filter output
- try to address Alexis' and Evan's comments
Change-Id: Ic1272e29183ec80e2d2f4b3e494c79dabe2c3b6f
Reviewed-on: https://code.wireshark.org/review/1946
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Fix indent (remove tabs)
* Add title to the window
Change-Id: I454046e47fa17969c710fa8dec4fac8cb7dbf22f
Reviewed-on: https://code.wireshark.org/review/1917
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I07207177e97e22bb8810226818b2280db5f5055e
Reviewed-on: https://code.wireshark.org/review/1836
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a dissector table indexed by the file type, and, for the
file-type-specific records, have the frame dissector skip the usual
pseudo-header processing, as the pseudo-header has a file-type-specific
record subtype in it, and call the dissector for that file type's
records.
Change-Id: Ibe97cf6340ffb0dabc08f355891bc346391b91f9
Reviewed-on: https://code.wireshark.org/review/1782
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific
data.
Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.
Rename some routines to indicate that they handle more than just
packets.
We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug
8590.
Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-on: https://code.wireshark.org/review/1773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit c0c480d08c.
A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress.
Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-on: https://code.wireshark.org/review/1741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.
Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-on: https://code.wireshark.org/review/1736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
emem was exposed because of its memory limits trying to output PDML for a very large byte field in a capture file.
When converting from proto_construct_match_selected_string to fvalue_to_string_repr remember proto_construct_match_selected_string includes fieldname + value, not just value
bug:10081
Change-Id: I4fc6ea7fd1f63cff410207c8b30562771af40ada
Reviewed-on: https://code.wireshark.org/review/1578
Reviewed-by: Evan Huus <eapache@gmail.com>
While investigating an ASAN issue (fixed in
commit dcdd076ab0), I got greatly confused
by three different types having the same "interface_data" field name:
* pcapng_t *pn stores an array of interface_data_t objects.
* wtap *wth stores an array of wtapng_if_descr_t objects.
* pcapng_dump_t should store an array of interface_data_t objects.
pcapng_dump_t and friends are unused since
commit c7f1a431d2, so drop it.
To fix the confusion, rename the interface_data_t type to
interface_info_t type and use the local variable "iface_info"
everywhere. Rename interface_data of pcapng_t to "interfaces" and
add a comment what this exactly means (interfaces listed in the capture
file).
Drop the number_of_interfaces field for interfaces as the array
length is already available from GArray. Now interface_data is always
initialized for wth (which also gets copied to idb).
s/int/guint/g and replace cast at some places.
There are no regressions for the in-tree test suite.
Change-Id: I2d5985c9f1e43f8230dbb4a73bd1e243c4858170
Reviewed-on: https://code.wireshark.org/review/1656
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That variable is only defined if we HAVE_LIBPCAP. Should fix OSX10.5 buildbot.
Change-Id: I0bafc48955ef4af3c0b8d9d7a35b1e8b27577d31
Reviewed-on: https://code.wireshark.org/review/1669
Reviewed-by: Evan Huus <eapache@gmail.com>
Don't need launch "Qt" for some console only parameters (-h -v ...)
Based on GTK+ code
Change-Id: I1a810e394088959aefbbb39fb88836591a8b2367
Reviewed-on: https://code.wireshark.org/review/1311
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to the GTK+ docs, gtk_init calls "signal(SIGPIPE, SIG_IGN)" at
startup. Replicate that behavior here, otherwise we tend to terminate
unexpectedly.
Change-Id: Ia017402755d647e6050af40deacef6765eea8694
Reviewed-on: https://code.wireshark.org/review/1614
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
With tshark stats are being configured before the file gets loaded and the number of TCP streams are computed
Bug: 9541
Change-Id: I42c2891124f1781b05967d5f071ad40df2d6d9f5
Reviewed-on: https://code.wireshark.org/review/1598
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This allows to properly identify hosts that use the same port number
Change-Id: I93bf5b53e4df1d339fb06b372b90f88fce6785a0
Reviewed-on: https://code.wireshark.org/review/1588
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It was broken since 48285bb16b
While we are at it, display the streams in the same order as Qt version
Change-Id: I12df1c033dd51b7a162adca3fd36b31af5c074a1
Reviewed-on: https://code.wireshark.org/review/1587
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
- get the right IPv6 client address
- display the right client to server string for UDP/SSL in Qt port
Change-Id: I399cc38b8a32321198deccdd8e2ecd05b54e14db
Reviewed-on: https://code.wireshark.org/review/1586
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
It's causing a few different test failures - I've tracked down at least one of them, but the others are weirder and will require more digging.
This reverts commit 9edba650d1.
Change-Id: I897f8cf1cfbb2a189b2054e5002f59757befa47f
Reviewed-on: https://code.wireshark.org/review/1575
Reviewed-by: Evan Huus <eapache@gmail.com>
This reverts commit 1abeb277f5.
This isn't building, and looks as if it requires significant work to fix.
Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
emem was exposed because of its memory limits trying to output PDML for a very large byte field in a capture file.
bug:10081
Change-Id: I6346dfdfb5f6381e16761a99291c4be7851185d9
Reviewed-on: https://code.wireshark.org/review/1566
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.
The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.
bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
bug:9718
Change-Id: I05330d8a2475ad0d238723d444f3d98bdbd7be39
Reviewed-on: https://code.wireshark.org/review/1041
Reviewed-by: Michael Mann <mmann78@netscape.net>
Unreachable code due to conflicting defines: checking for GTKOSXAPPLICATION inside _WIN32
Found by Edwin
Closed-bug: 10065
Change-Id: I074fa14069e859b3fc4b7f50c443a67e7f0e954b
Reviewed-on: https://code.wireshark.org/review/1456
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found spelling error "a another". All those dynamic allocations and
magic numbers are horrible and unnecessary. Simplify the gtk code
rewording the message and merging strings.
Simplify the version code by using fscanf to take care of matching
the first line of a preference file.
Change-Id: I1e75803aacaa494ba5005791bcbd023e0807aaaa
Reviewed-on: https://code.wireshark.org/review/1424
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dialogs with only "Save" and "Don't save" buttons do not have a default
cancel action. Check for the existence of an OK button before
registering one.
This fixes three warnings when trying to trying to overwrite preferences
with unknown keys.
Change-Id: Ie583c40d3db8405d94b8d77710a7fb6556eac89d
Reviewed-on: https://code.wireshark.org/review/1423
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This moves a bunch of character set knowledge into epan/charsets.c.
Change-Id: Ieb79dcaac9753c77703af756b666ad2ca9385d9e
Reviewed-on: https://code.wireshark.org/review/1339
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Always call $(top_srcdir)/tools/checkAPIs.pl with -sourcedir=$(srcdir)
from Makefile.am to allow out-of-source 'make checkapi'.
Change-Id: I60d7e0079984a8ededdacf4517a0738486fa7973
Reviewed-on: https://code.wireshark.org/review/1294
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- If a user adds a pipe via "Capture Options"->"Manage Interfaces"
->"Pipes" the device.if_type.type is either not filled out (in
the case if no other interfaces exist), or will be set to the
last set if_type of the device queried by the iteration in line
3537.
- One could argue, that this is just a fixup, as still the issue
remains, that the device structure will not be resetted, after
the search for an already existing pipe element. Maybe a separate
variable should be used for searching as it is used for adding
the pipe
Change-Id: Ia727bf3ce270a62d065e8c524a13768af389c346
Reviewed-on: https://code.wireshark.org/review/1296
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
ei_array is supposed to be an array of expert_entry items. However, it
was initialized of an array of expert_info_t items which is much larger.
This caused an ASAN error when running `tshark -z expert` because
expert_stat_packet wants to read past the stack.
Fix this by correcting the type. While at it, reduce the size of
expert_entry for 64-bit systems (reduces initial memory usage by 8
kilobytes) and avoid a redundant g_array_index call.
Change-Id: I2e08676a5e242743ed502dd2836806604ea75cc0
Reviewed-on: https://code.wireshark.org/review/1275
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is substantially more memory-efficient, shaving another ~1.5MB off our base
usage. It also lets us remove the annoying extra "last_field" pointer and
simplify proto_register_field_common(). It also accidentally fixed what may
have been a memory leak in proto_unregister_field().
It unfortunately complicates proto_get_next_protocol_field() to require
refetching the protocol each time, but that is itself just an array-lookup under
the covers (and isn't much used), so I don't expect the performance hit to be
noticable.
Change-Id: I8e1006b2326d6563fc3b710b827cc99b54440df1
Reviewed-on: https://code.wireshark.org/review/1225
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Add ep_ to routines that may return ephemeral strings.
Change "get_XXX" to "XXX_to_display" if the routine returns a formatted
string if it can't get a name.
Change-Id: Ia0e82784349752cf4285bf82788316c9588fdd88
Reviewed-on: https://code.wireshark.org/review/1217
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"get_addr_name()" -> "ep_address_to_display()", to 1) indicate that it
returns a string with ephemeral scope and 2) indicate that it maps an
address to a "displayable" form - a name if possible, an address string
if not.
"se_get_addr_name()" -> "get_addr_name()", to indicate that its strings
have the same scope as "get_ether_name()", "get_hostname()", and
"get_hostname6()".
Change-Id: If2ab776395c7a4a163fef031d92b7757b5d23838
Reviewed-on: https://code.wireshark.org/review/1216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The third parameter to g_strsplit is the maximum number of elements, you
cannot just assume that a vector with exactly that number of elements
is available. This will crash for example: `SSH_CONNECTION= wireshark`.
This patch takes care of that and also fixes a memleak due to missing
g_strfreev. To reduce code bloat, return the filter at last so that
g_strfreev does not have to be repeated before returning.
Note that it still possible for the filter to contain absolute junk
since the port and host number is not validated...
Change-Id: I4414d2a748f83ded59775fb1e733ce1250cfc553
Reviewed-on: https://code.wireshark.org/review/1100
Reviewed-by: Michael Mann <mmann78@netscape.net>
Return values from g_strsplit must be always be freed. Also remove a
useless return statement and set a saner maximum split.
Change-Id: I680e20d40fe86103b0dcba210ef41aa5769f4f86
Reviewed-on: https://code.wireshark.org/review/1155
Reviewed-by: Michael Mann <mmann78@netscape.net>
ui/decode_as_utils.h:42: Warning: The following parameters of decode_build_reset_list(const gchar *table_name, ftenum_t selector_type, gpointer key, gpointer value, gpointer user_data) are not documented:
parameter 'selector_type'
Change-Id: I8353dae120e87c9651c6611924c1fc652436146d
Reviewed-on: https://code.wireshark.org/review/1138
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ui/gtk/gui_utils.h:277: Warning: argument 'parent' of command @param is not found in the argument list of pixbuf_to_widget(const guint8 *pb_data)
ui/gtk/gui_utils.h:277: Warning: argument 'xpm' of command @param is not found in the argument list of pixbuf_to_widget(const guint8 *pb_data)
Change-Id: I9182a6f8c85b69bd8b0bab7e03af441dee31fc1d
Reviewed-on: https://code.wireshark.org/review/1136
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ui/packet_list_utils.h:32: warning: argument 'IN' of command @param is not found in the argument list of right_justify_column(gint col, capture_file *cf)
ui/packet_list_utils.h:32: warning: argument 'IN' of command @param is not found in the argument list of right_justify_column(gint col, capture_file *cf)
ui/packet_list_utils.h:32: warning: The following parameters of right_justify_column(gint col, capture_file *cf) are not documented:
parameter 'col'
parameter 'cf'
ui/packet_list_utils.h:42: warning: argument 'IN' of command @param is not found in the argument list of resolve_column(gint col, capture_file *cf)
ui/packet_list_utils.h:42: warning: argument 'IN' of command @param is not found in the argument list of resolve_column(gint col, capture_file *cf)
ui/packet_list_utils.h:42: warning: The following parameters of resolve_column(gint col, capture_file *cf) are not documented:
parameter 'col'
parameter 'cf'
Change-Id: I15c7046a36cc72d9904002946eab4dec81ab6861
Reviewed-on: https://code.wireshark.org/review/1132
Reviewed-by: Anders Broman <a.broman58@gmail.com>
fix a compile error when they're both unused
Change-Id: I23b341bc02624e3e56320818056ac3cc8cd65b99
Reviewed-on: https://code.wireshark.org/review/1107
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This lets the user select and copy the folder and plugin data as text.
Add clickable local filesystem URLs while we're at it.
(I suspect that you shouldn't use QTableWidgets unless you're creating a
spreadsheet.)
Change-Id: I45650bd4f4b6215824a4ed70ec80698d0805baba
Reviewed-on: https://code.wireshark.org/review/1064
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add an FT_STRINGZPAD type, for null-padded strings (typically
fixed-length fields, where the string can be up to the length of the
field, and is null-padded if it's shorter than that), and use it. Use
IS_FT_STRING() in more cases, so that less code needs to know what types
are string types.
Add a tvb_get_stringzpad() routine, which gets null-padded strings.
Currently, it does the same thing that tvb_get_string_enc() does, but
that might change if we don't store string values as null-terminated
strings.
Change-Id: I46f56e130de8f419a19b56ded914e24cc7518a66
Reviewed-on: https://code.wireshark.org/review/1082
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I7d142ed60af8bb776ea732bf9ef94ad92bc23d70
Reviewed-on: https://code.wireshark.org/review/1061
Reviewed-by: Michael Mann <mmann78@netscape.net>
For each graph you can set:
- Its visibility
- A name
- A display filter
- Color, from a fixed list
- Plot style: Line, Impulse, Bar, Stacked Bar, Dot, Square, Diamond
- Basic Y Axes (packets/s, bytes/s, bits/s)
- Computed Y Axes (SUM, MIN, AVG, MAX)
- Smoothing
You can pan and zoom using the mouse and keyboard. Clicking on a graph
selects the last packet for that interval. If all graphs have the same Y
axis a single label is shown, otherwise a legend is shown.
The time scale (X axis) can be toggled between relative seconds and the
time of day.
Graphs can be saved as PDF, PNG, BMP, and JPEG. Settings are "sticky"
via the io_graphs UAT.
To do:
- Minimize graph drawing delays.
- Figure out why smoothing differs from GTK+
- Everything else at the top of io_graph_dialog.cpp
- Fix empty resets.
A fair amount of code was copied from TCPStreamDialog. We might want to
subclass QCustomPlot and place the shared code there.
Move common syntax checking to SyntaxLineEdit.
Move some common code from ui/gtk/io_stat.c to ui/io_graph_item.[ch] and
use it in both GTK+ and Qt.
Make the io_graph_item_t array allocation in io_stat.c static. The
behavior should be identical and this gives us additional compile-time
checks.
Change-Id: I9a3d544469b7048f0761fdbf7bcf20f44ae76577
Reviewed-on: https://code.wireshark.org/review/435
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
For details see comments in Bug 9920.
The executive summary:
Bug 9920 is a crash caused by a couple of issues:
1) The memory ownership model for the rtp_dyn_payload hashtable is split: SDP
creates the rtp_dyn_payload hashtable, but RTP can free it. Since there isn't
*one* pointer to the hashtable, RTP freeing it means SDP has a dangling
pointer.
2) Either the SDP dissector shouldn't be creating two separate, unique
hashtables for multiple media channels of the same addr:port, or RTP shouldn't
be free'ing the previous one.
Change-Id: I436e67de6882f84aa82dcbdfe60bf313fe4fd99c
Reviewed-on: https://code.wireshark.org/review/918
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \$Id\$/,+1 d') (No star only 2 spaces before)
Change-Id: Id7b254031769a9dca2941304e4d3a0f4bdbc3f54
Reviewed-on: https://code.wireshark.org/review/883
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\$Id\$/,+1 d') (No space or star before $Id$)
Change-Id: I0801bd7cf234d32487008a8b6dcee64875b07688
Reviewed-on: https://code.wireshark.org/review/876
Reviewed-by: Evan Huus <eapache@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d') (Double space between star and $Id$)
Change-Id: If9b8f345e3b6493de0b573600e60005c8b0b33c3
Reviewed-on: https://code.wireshark.org/review/877
Reviewed-by: Evan Huus <eapache@gmail.com>
This fixes part-1 of bug9931: the uninitialized use of a wtap_pkthdr
struct. The second part of the bug deals with dissectors calling
the Ethernet dissector for ecnapsulated Ethernet packets but using
the wrong dissector handle to do so. That's unrelated to the issue this
commit addresses, so I'm splitting them up.
Change-Id: I87be7b736f82dd74d8c261062f88143372b5344c
Reviewed-on: https://code.wireshark.org/review/848
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This prevents regressions observable on GTK+ 3.10 which caused
icons to disappear in some cases.
Change-Id: Ic971258807510dc038e30c6c64fb547f0529a3c2
Reviewed-on: https://code.wireshark.org/review/792
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reapply remove trailing whitespace and some spelling fixes
MSCV warning are already fixed
Fix also a not ASCII caracter in qcustomplot.h
Change-Id: Ied6b0a4ad7397caea6b75fa56f4f2d6ea91d0472
Reviewed-on: https://code.wireshark.org/review/787
Reviewed-by: Anders Broman <a.broman58@gmail.com>
for Pipes and Local Interfaces
(Capture / Options / Manage Interfaces)
if you start with an empty dialogue, select a pipe using Browse and
press Save, wireshark crashes because of a strcmp() against the
uninitialized pipe_name
initialize pipe_name to NULL and make sure its value is reset when the
dialogue is closed
don't add a pipe unless there's an active selection in the pipe list
(which may be "New Pipe")
Change-Id: Id460c8d0d43cd7fc4cb8f4e9b4357898bbef20f7
Reviewed-on: https://code.wireshark.org/review/776
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris